https://github.com/hackur45/secure-backend
๐ A secure Node.js + Express backend with JWT authentication, email verification, password reset, and protected routes. Built with MongoDB, tested with Postman, and ready for frontend integration.
https://github.com/hackur45/secure-backend
backend express-middleware express-session jwt-authentication mongo nodejs nodemailer
Last synced: about 2 months ago
JSON representation
๐ A secure Node.js + Express backend with JWT authentication, email verification, password reset, and protected routes. Built with MongoDB, tested with Postman, and ready for frontend integration.
- Host: GitHub
- URL: https://github.com/hackur45/secure-backend
- Owner: Hackur45
- License: mit
- Created: 2025-05-22T16:18:10.000Z (about 1 year ago)
- Default Branch: main
- Last Pushed: 2025-06-19T08:07:46.000Z (about 1 year ago)
- Last Synced: 2025-06-19T08:42:38.754Z (about 1 year ago)
- Topics: backend, express-middleware, express-session, jwt-authentication, mongo, nodejs, nodemailer
- Language: JavaScript
- Homepage: https://secure-backend-nnfh.onrender.com
- Size: 630 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: readme.md
- License: LICENSE
Awesome Lists containing this project
README
# ๐ Secure Auth Backend
A secure, scalable, and testable backend application built with **Express.js** and **MongoDB Atlas**. Includes authentication with email-based verification, password reset, rate limiting, and unit testing.
---
## ๐ Features
- โ
User Registration with Email Verification (Nodemailer)
- ๐ Secure Login with JWT
- โป๏ธ Email-based Password Reset Flow
- โ๏ธ Rate Limiting with `express-rate-limit`
- ๐งช Unit Testing with Jest + Supertest
- โ Prevents Simultaneous Logins
- ๐ก๏ธ Environment Variables via `.env`
- ๐ MongoDB Atlas Integration
---
## ๐ฆ Tech Stack
- Node.js
- Express.js
- MongoDB (Atlas)
- Mongoose
- Nodemailer (Gmail App Password)
- dotenv
- express-rate-limit
- Jest + Supertest
---
## ๐ Backend Architecture
The backend architecture includes:
- Express.js server handling API requests.
- MongoDB Atlas for data persistence.
- JWT-based authentication for secure access.
- Email services for verification and password reset.
- Middleware for authentication and rate limiting.
---
## ๐ Setup Instructions
### 1. Clone the Repo
```bash
git clone https://github.com/Hackur45/secure-backend.git
cd secure-backend
```
### 2. Install Dependencies
```bash
npm install
```
### 3. Create `.env` File
```env
PORT=5500
MONGO_URI=your_mongo_connection_string
JWT_SECRET=your_jwt_secret
EMAIL_USER=your_email@gmail.com
EMAIL_PASS=your_app_password
```
### 4. Start Server
```bash
npm start
```
Server runs on `http://localhost:5500`
---
## ๐ฎ API Endpoints and Utilities
### ๐น POST /api/register
Registers a new user by accepting an email address. Sends a verification email with a token to confirm the user's email address.
*See Postman Screenshot:*![alt text]()
### ๐น POST /api/verify-registration
Verifies the user's email using the token sent via email and sets the user's password. Marks the account as verified.
*See Postman Screenshot:*![alt text]()
![alt text]()
### ๐น POST /api/login
Authenticates a user with email and password. Returns a JWT token upon successful login for session management.
*See Postman Screenshot:*![alt text]()
### ๐น POST /api/request-password-reset
Initiates a password reset by generating a reset token and sending a reset email to the user.
*See Postman Screenshot:*![alt text]()
### ๐น POST /api/reset-password
Resets the user's password using the valid reset token and new password provided.
*See Postman Screenshot:*![alt text]()
### ๐ GET /api/dashboard
A protected route that requires a valid Bearer token (JWT). Returns a welcome message and the authenticated user's ID.
*See Postman Screenshot:*![alt text]()
---
## ๐งช Running Tests
```bash
npm test
```
Runs unit tests using Jest + Supertest.
---
## โ ๏ธ Notes
* Use Gmail App Passwords (not your main password) for Nodemailer.
* Reset token and verification token are time-limited and secure.
* Rate limiting protects against abuse on login and registration routes.
Please refer the `Postman teting Routes.txt` file for more clarification about the routes.
## ๐ Contribute
As always, I'm a bit lazy when it comes to the frontend โ so if you're up for it, **feel free to contribute**! I'd love to see a minimal UI built for these authentication routes.
This repository is **MIT licensed** and open to all.
Pull requests are welcome!
Happy Coding! ๐