{"id":18354757,"url":"https://github.com/siddhantprateek/nauth","last_synced_at":"2026-04-18T06:33:24.142Z","repository":{"id":200259167,"uuid":"704944660","full_name":"siddhantprateek/Nauth","owner":"siddhantprateek","description":"🚀 Authentication Service in Typescript using  PostgreSQL as database.","archived":false,"fork":false,"pushed_at":"2023-11-13T16:13:19.000Z","size":428,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-02-15T16:50:10.194Z","etag":null,"topics":["authentication","error-handling","expressjs","postgres","typescript","validator"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/siddhantprateek.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-10-14T15:27:23.000Z","updated_at":"2023-11-13T16:10:49.000Z","dependencies_parsed_at":null,"dependency_job_id":"ba0ba5a8-53eb-4ccb-8a94-2e14531053c7","html_url":"https://github.com/siddhantprateek/Nauth","commit_stats":null,"previous_names":["siddhantprateek/nauth"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/siddhantprateek%2FNauth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/siddhantprateek%2FNauth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/siddhantprateek%2FNauth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/siddhantprateek%2FNauth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/siddhantprateek","download_url":"https://codeload.github.com/siddhantprateek/Nauth/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248139346,"owners_count":21054075,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","error-handling","expressjs","postgres","typescript","validator"],"created_at":"2024-11-05T22:05:01.796Z","updated_at":"2026-04-18T06:33:19.094Z","avatar_url":"https://github.com/siddhantprateek.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Nauth\n\nAuthentication service in Typescript, This Application Serves a Secure User Authentication and Authorization System with Express.js and uses PostgreSQL for user store.\n\n## Running application using `docker-compose`\n\n```shell\ndocker-compose up -d\n```\n\nor\n\n```\nnpm install\nnpm run prisma:generate\nnpx prisma migrate dev\nnpm run deploy\n\n\u003c!-- to start the server --\u003e\nnpm run dev     # Serve on http://localhost:8090\n```\n\n## API Documentation\n\n[Link](https://documenter.getpostman.com/view/16181974/2s9YR6ZYtw)\n\n### Features\n\n- [x] Create an Express.js Application\n- [x] User Registration and Authentication:\n  - [x] Implement user registration with email and password.\n  - [x] Store user information securely, including password hashing (using libraries like `bcrypt`).\n  - [x] Implement user login with token-based authentication (JWT).\n  - [x] Return a JWT token upon successful login.\n- [x] Secure Routes\n  - [x] Create a set of routes that are protected and require a valid JWT token for access.\n  - [x] Implement middleware for JWT validation to secure these routes.\n- [x] User Roles and Authorization:\n  - [x] Implement a basic role-based access control system with roles like \"user\" and \"admin.\"\n  - [x] Restrict access to certain routes based on the user's role.\n  - [x] Admins should have additional permissions.\n- [x] Password Reset:\n  - [x] Implement a \"Forgot Password\" feature that allows users to reset their passwords through a secure email-based process.\n- [x] Security Measures:\n  - [x] Implement security headers to prevent common web security vulnerabilities (e.g., XSS, CSRF).\n  - [x] Use appropriate libraries to secure against other common attacks.\n- [x] Logging:\n  - [x] Implement a basic logging system to record user activities and security-related events.\n- [x] Testing:\n  - [x] Write test cases to ensure that the authentication, authorization, and security features are working as expected.\n\n## For Secure Routes\n\n* To authorize middleware function that ensures secure access to routes by checking the presence and validity of an authorization token.\n\n`/middleware/authorize.middleware.ts`\n```js\nconst authorize = async (req, res, next) =\u003e {\n  try {\n    let email;\n\n    // Check if the request contains an authorization token in the headers.\n    if (\n      req.headers \u0026\u0026\n      req.headers.authorization \u0026\u0026\n      req.headers.authorization.split(\" \")[0] === \"jwt\"\n    ) {\n      // Extract the token from the \"Authorization\" header.\n      const token = req.headers.authorization.split(\" \")[1];\n\n      // Verify and decode the token using the JWT library.\n      let decode = jwt.verify(token, process.env.JWT_SECRET || \"default\") as IDecode;\n\n      .\n      .\n      .\n    // Return a 401 Unauthorized response with an error message.\n    return res.status(401).json({\n      message: \"Unauthorized access to the API.\",\n    });\n  }\n};\n\n```\n\n- Secured routes `/routes/user.routes.ts`\n```js\n.\n.\n.\nrouter.get('/users/:id', authorize, GetUser);\n\n// Update User\nrouter.put('/users/:id', authorize, UpdateUser);\n\n// Delete User\nrouter.delete('/users/:id', authorize, DeleteUser);\n\n// Get All Users (accessible only to admins)\nrouter.get('/users', isAdmin, GetAllUser);\n\n```\n\n## To achieve RBAC\n\nCreated a middleware for RBAC role-based access control, introducing roles such as `user` and `admin`.\n\nInside the `/middleware/adminAuth.middleware.ts`, I created a function called `isAdmin` which checks if the logged in user is admin or not.\n\n```js\n      .\n      .\n      .\n      const token = req.headers.authorization!.split(\" \")[1];\n      let decode = jwt.verify(token, \n        process.env.JWT_SECRET || \"default\") as IDecode;\n      email = decode.userEmail\n\n      .\n      .\n      .\n\n      let userRole = user?.role\n      if (userRole === \"admin\") {\n        next();\n      } else {\n        // User does not have admin role,\n        // deny access with a 403 Forbidden response\n        res.status(403).json({\n          message: \"Access denied: You must be an \\ \n          admin privilages to access this resource\",\n        });\n      }\n    }\n```\n\n## Test Coverage\n\n![](./assets/test.png)\n\n![](./assets/test-2.png)\n\n## Email `Password Reset`\n\n- If a user forgets their `password`, they should initiate the password reset process by providing their email address.\n- Once the email is provided, a link containing two crucial pieces of information, namely \"`accessToken`\" and \"`id`,\" is sent to the user if their account exists.\n- Using this link, the user can reset their password. To do so, they are required to provide four pieces of information: \"`id`,\" \"`accessToken`,\" \"`password`,\" and \"`confirmPassword`.\"\n\nFor sending email it uses `nodemailer` library.\n\n```js\nconst transporter = nodemailer.createTransport({\n  host: process.env.HOST,\n  requireTLS: true,\n  port: 587,\n  secure: false,\n  auth: {\n    user: testAccount.user,\n    pass: testAccount.pass,\n  },\n});\n```\n\n- `requireTLS: true` : Ensures that the email server is encrypted during transmission.\n- Port `587` is used for sending emails securely via SMTP.\n\n![](./assets/reset-email.png)\n\n## Logging\n\n- There are various option available for logging like `Pino`, `Morgan` `Loglevel` etc.\n\n```js\napp.use(morgan('dev'))\n```\n\n- Chose Morgan, cause its simpler, flexible and easy to use.\n\n## Author\n\n- [Siddhant Prateek Mahanayak](https://github.com/siddhantprateek)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsiddhantprateek%2Fnauth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsiddhantprateek%2Fnauth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsiddhantprateek%2Fnauth/lists"}