Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/deliaz/sails-api-jwt

JWT-based API for user registration and authorization
https://github.com/deliaz/sails-api-jwt

api backend jwt jwt-api jwt-authentication sails sailsjs

Last synced: 13 days ago
JSON representation

JWT-based API for user registration and authorization

Host: GitHub
URL: https://github.com/deliaz/sails-api-jwt
Owner: Deliaz
License: mit
Created: 2017-08-12T18:21:12.000Z (over 7 years ago)
Default Branch: master
Last Pushed: 2022-08-30T21:56:59.000Z (about 2 years ago)
Last Synced: 2024-10-24T21:59:36.866Z (22 days ago)
Topics: api, backend, jwt, jwt-api, jwt-authentication, sails, sailsjs
Language: JavaScript
Homepage:
Size: 87.9 KB
Stars: 23
Watchers: 3
Forks: 3
Open Issues: 6
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# JSON Web Token authorization API
## Based on [Sails.js](http://sailsjs.com/) (v0.12)

[![Coverage Status](https://coveralls.io/repos/github/Deliaz/sails-api-jwt/badge.svg?branch=master)](https://coveralls.io/github/Deliaz/sails-api-jwt?branch=master)
[![Build status](https://travis-ci.org/Deliaz/sails-api-jwt.svg?branch=master)](https://travis-ci.org/Deliaz/sails-api-jwt)
[![Greenkeeper badge](https://badges.greenkeeper.io/Deliaz/sails-api-jwt.svg)](https://greenkeeper.io/)

__An example implementation of JWT-based API for user registration and authorization.__

It supports:
1. User register;
2. User login;
3. Getting account info;
4. Token generation and validation;
5. Password reset (with a reset token);
6. Password change (with JWT credentials);
7. Account locking.

Things to do:
1. Optional email notifications (based on environment);
2. Keep reset token encrypted and with a validity date;
3. Unlock after some freeze period;
4. Registration confirmation (with a confirm token).

* * * * *

## Start
```
npm run start
```
or, if you have Sails globally:
```
sails lift
```
For security reasons, please change __JWT_SECRET__ in `api/config/env/development.js`.

## Pass JWT

Token-free endpoints:
```
/user/create
/user/login
/user/forgot
/user/reset_password
```

Token-required endpoints:
```
/user
/user/change_password
```

To pass a JWT use `Authorization` header:
```
Authorization: Bearer
```

## API methods description
For some reasons I do not use REST. Shortcuts also disabled by default
(see `api/config/blueprints.js`).

#### `POST /user/create`
Creates a new user. Requirements for the password: length is 6-24, use letters and digits.

__request__
```json
{
"email": "[email protected]",
"password": "abc123",
"password_confirm": "abc123"
}
```

__response__
```json
{
"token": ""
}
```

#### `POST /user/login`
__request__
```json
{
"email": "[email protected]",
"password": "abc123"
}
```

__response__
```json
{
"token": ""
}
```
N.B. Account will be blocked after `5` fails in `2 mins` (configurable in `api/services/UserManager.js`).

#### `GET /user`
Returns basic info about current account. Requires authorization.
__request__
Params not required.

__response__
```json
{
"id": 1,
"email": "[email protected]"
}
```

#### `POST /user/change_password`
Changes user password. User should be authorized.

__request__
```json
{
"email": "[email protected]",
"password": "abc123",
"new_password": "xyz321",
"new_password_confirm": "xyz321"
}
```

__response__
```json
{
"token": ""
}
```
N.B. All old tokens will be invalid after changing password.

#### `POST /user/forgot`
Initiates procedure of password recovery.

__request__
```json
{
"email": "[email protected]"
}
```

__response__
```json
{
"message": "Check your email"
}
```

#### `POST /user/reset_password`
Reset password to a new one with a reset token. Reset token sends to a user after
`/user/forgot`.

__request__
```json
{
"email": "[email protected]",
"reset_token": "",
"new_password": "xyz321",
"new_password_confirm": "xyz321"
}
```

__response__
```json
{
"message": "Done"
}
```

### HTTP codes
All endpoints uses HTTP status codes to notify about execution results
* `200` ok, reqeust executed successfully;
* `201` created, new user created successfully;
* `400` bad request, usually means wrong params;
* `403` forbidden, for locked accounts;
* `500` server error, something went wrong.

### Tests
The project uses Travis-CI and Coveralls integration and has some tests.
Run it via:
```
npm run test
```

#### Inspired by
This project is based on this repo:
[https://github.com/swelham/sails-jwt-example](https://github.com/swelham/sails-jwt-example) *(unlicensed)*.
I refactored and improved it for myself.

#### License
It is MIT.