https://github.com/barcodehub/login-advanced-google-node
Secure Login API offering robust authentication features like Two-Factor Authentication (2FA), Google OAuth, CSRF protection, and advanced security measures to safeguard modern applications.
https://github.com/barcodehub/login-advanced-google-node
2fa 2fa-security auth bcrypt connect-mongo csrf-protection csurf express-session helmet jwt-authentication mongo-sanitize oauth20 passport-google rate-limiting speakeasy xss-clean
Last synced: 8 months ago
JSON representation
Secure Login API offering robust authentication features like Two-Factor Authentication (2FA), Google OAuth, CSRF protection, and advanced security measures to safeguard modern applications.
- Host: GitHub
- URL: https://github.com/barcodehub/login-advanced-google-node
- Owner: Barcodehub
- Created: 2024-07-31T15:21:50.000Z (almost 2 years ago)
- Default Branch: main
- Last Pushed: 2024-08-06T20:01:08.000Z (almost 2 years ago)
- Last Synced: 2025-02-11T15:53:30.417Z (over 1 year ago)
- Topics: 2fa, 2fa-security, auth, bcrypt, connect-mongo, csrf-protection, csurf, express-session, helmet, jwt-authentication, mongo-sanitize, oauth20, passport-google, rate-limiting, speakeasy, xss-clean
- Language: JavaScript
- Homepage:
- Size: 4.51 MB
- Stars: 2
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Secure Login API
## Description
Secure Login API is a robust and secure backend application developed with Node.js and Express. It provides a comprehensive authentication system with advanced security features, including Two-Factor Authentication (2FA) and Google OAuth integration.
## Key Features
- User registration
- Secure login
- Two-Factor Authentication (2FA)
- Google OAuth integration
- CSRF protection
- Rate limiting
- Input sanitization
- NoSQL injection prevention
- Secure HTTP headers with Helmet
## Technologies Used
- Node.js
- Express
- MongoDB
- Mongoose
- JSON Web Tokens (JWT)
- Passport.js
- Speakeasy (for 2FA)
- Helmet
- Express Rate Limit
## Installation
Install dependencies:
npm install
## Configuration
Create a `.env` file in the root directory with the following variables:
```
PORT=3000
MONGODB_URI=mongodb://localhost:27017/secureLoginApp
JWT_SECRET=tu_secreto_jwt_super_seguro
SESSION_SECRET=tu_secreto_de_sesion_super_seguro
GOOGLE_CLIENT_ID=tu_google_client_id
GOOGLE_CLIENT_SECRET=tu_google_client_secret
NODE_ENV=development
```
Make sure to replace the values with your own credentials and configurations.
## Usage
To start the server:
```
npm start
```
# API Endpoints
## `GET /api/auth/csrf-token`:
Generate X-CSRF-Token
## `POST /api/auth/signup`: User registration
### Body (raw JSON):
{
"email": "user@example.com",
"password": "password123"
}
### Headers:
`X-CSRF-Token`: [CSRF Token obtained in step 1]
`Content-Type`: application/json
## `POST /api/auth/login`: User login
### Body (raw JSON):
{
"email": "",
"password": ""
}
### Headers:
`X-CSRF-Token`: [Token CSRF obtenido en el paso 1]
`Content-Type`: application/json
## `POST /api/auth/logout`: User logout
### Headers:
`X-CSRF-Token`: [Token CSRF obtenido en el paso 1]
`Authorization`: [Token JWT obtenido del login]
`Content-Type`: application/json
## `POST /api/auth/generateTwoFactor`: Generate 2FA code
`X-CSRF-Token`: [Token CSRF obtenido en el paso 1]
`Authorization`: [Token JWT obtenido del login]
Base64 representation of QR code (scan with auth app).
## `POST /api/auth/verifyTwoFactor`: Verify 2FA code
`X-CSRF-Token`: [Token CSRF obtenido en el paso 1]
`Authorization`: [Token JWT obtenido del login]
`Content-Type`: application/json
Body (raw JSON):
{
"token": "123456" // El código de 6 dígitos de tu app de autenticación
}
- `GET /api/auth/google`: Initiate Google authentication
- `GET /api/auth/google/callback`: Google authentication callback