https://github.com/a2rp/mern-auth-chakra-backend
Cookie-based JWT auth API for a MERN app - Express + MongoDB + Zod + bcrypt. Uses HttpOnly cookies, role-based access, and admin user management.
https://github.com/a2rp/mern-auth-chakra-backend
admin authentication authorization bcrypt express http-only-cookies jwt mern mongodb nodejs rest-api zod
Last synced: 2 months ago
JSON representation
Cookie-based JWT auth API for a MERN app - Express + MongoDB + Zod + bcrypt. Uses HttpOnly cookies, role-based access, and admin user management.
- Host: GitHub
- URL: https://github.com/a2rp/mern-auth-chakra-backend
- Owner: a2rp
- Created: 2025-09-16T08:28:01.000Z (9 months ago)
- Default Branch: main
- Last Pushed: 2025-09-16T17:54:35.000Z (9 months ago)
- Last Synced: 2025-09-16T20:14:15.675Z (9 months ago)
- Topics: admin, authentication, authorization, bcrypt, express, http-only-cookies, jwt, mern, mongodb, nodejs, rest-api, zod
- Language: JavaScript
- Homepage:
- Size: 25.4 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# mern-auth-chakra-backend
Cookie-based JWT auth API for a MERN app (Express + MongoDB + Chakra UI front-end).
- Uses **HttpOnly** cookies (no localStorage)
- Passwords hashed with **bcrypt**
- Input validation with **zod**
- Role-based access (**user**, **admin**)
---
**Repos**
- Backend → https://github.com/a2rp/mern-auth-chakra-backend _(this repo)_
- Frontend → https://github.com/a2rp/mern-auth-chakra-frontend
---
## Requirements
- Node.js **18+**
- MongoDB **6+** running locally (or a cloud URI)
---
## Quick start
```bash
# 1) Install deps
npm i
# 2) Copy env and edit values
cp .env.example .env # or create .env using the table below
# 3) Start dev server (nodemon)
npm run dev
# API will listen on: http://localhost:1198
```
## Environment variables
Create a .env file in the project root:
```bash
NODE_ENV=development
PORT=1198
# MongoDB
MONGODB_URI=mongodb://localhost:27017/mern_auth_chakra
# JWT signing secret
JWT_SECRET=replace-with-a-long-random-string
# CORS / cookies
FRONTEND_URL=http://localhost:5173
COOKIE_DOMAIN=localhost
# Notes
# In production, set NODE_ENV=production and use a strong JWT_SECRET.
# When you deploy behind HTTPS,
# set the cookie to Secure (the code already does this automatically when NODE_ENV=production).
```
## Scripts
```bash
{
"dev": "nodemon index.js",
"start": "node index.js",
}
```