https://github.com/marcel-msc/auth-server
Nodejs sever to learn how to use jsonwebtoken, authentication a user and to create, delete and update user information
https://github.com/marcel-msc/auth-server
bcryptjs cors dotenv express jsonwebtoken lowdb
Last synced: 28 days ago
JSON representation
Nodejs sever to learn how to use jsonwebtoken, authentication a user and to create, delete and update user information
- Host: GitHub
- URL: https://github.com/marcel-msc/auth-server
- Owner: Marcel-MSC
- Created: 2024-01-25T15:55:13.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2026-04-06T21:59:12.000Z (2 months ago)
- Last Synced: 2026-04-06T23:25:31.454Z (2 months ago)
- Topics: bcryptjs, cors, dotenv, express, jsonwebtoken, lowdb
- Language: JavaScript
- Homepage:
- Size: 1 MB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
auth-server
[]()
[](/LICENSE)
---
A simple auth server for learning JWT, server-side authentication, user creation, token verification, and account (email) checks.
## 📝 Table of Contents
- [About](#about)
- [Getting Started](#getting_started)
- [Environment](#environment)
- [API](#api)
- [Usage](#usage)
- [Authors](#authors)
- [Implementation log](#implementation_log)
This project uses **Express**, **jsonwebtoken**, **bcryptjs**, **cors**, and **lowdb** to provide a minimal auth API that can:
- Create users (email + password, hashed with bcrypt)
- Authenticate users and issue JWTs (7-day expiry)
- Verify JWT tokens via standard `Authorization: Bearer ` header
- Check if an account (email) exists
- Remove users
Tokens expire after 7 days. The server validates `JWT_SECRET_KEY` at startup and will not start without it.
### Prerequisites
- Node.js (ES modules)
- npm
### Installing
```bash
git clone
cd auth-server
npm i
```
### Running
1. Copy the environment template and set your JWT secret:
```bash
cp .env.example .env
```
Edit `.env` and set `JWT_SECRET_KEY` to a long, random string.
2. Start the server:
```bash
npm run dev
```
By default the server listens on port **3080**. You can override with the `PORT` environment variable (e.g. `PORT=3000 npm run dev`).
| Variable | Required | Description |
|------------------|----------|--------------------------------------------------|
| `JWT_SECRET_KEY` | Yes | Secret used to sign and verify JWT tokens. |
| `PORT` | No | Port to listen on. Default: `3080`. |
Use `.env.example` as a template; never commit `.env` or real secrets.
Base URL: `http://localhost:3080` (or your `PORT`).
| Method | Endpoint | Description |
|--------|--------------------|--------------------------------------|
| GET | `/` | API documentation (HTML). |
| POST | `/create-user` | Create user (body: `email`, `password`). |
| POST | `/auth` | Login (body: `email`, `password`). Returns `token`. |
| POST | `/verify` | Verify JWT. Header: `Authorization: Bearer `. |
| GET | `/check-account` | Check if email exists. Query: `?email=...`. |
| DELETE | `/remove-user` | Remove user. Body: `{ "email": "..." }`. |
- **Verify** requires the standard header: `Authorization: Bearer `.
- **check-account** uses a query parameter: `GET /check-account?email=user@example.com`.
Full endpoint details are also shown on `GET /` in the browser.
Use this auth server for user authentication in your apps. You can call it as an API from any client (e.g. Insomnia, Postman, or your frontend). Create users with `/create-user`, log in with `/auth` to get a JWT, then send that token in the `Authorization: Bearer ` header when calling `/verify` or other protected flows.
- [@Marcel-MSC](https://github.com/Marcel-MSC) - Idea & Initial work
For a detailed log of recent improvements (JWT expiry, env validation, Bearer token, query params, `.env.example`, etc.), see [docs/IMPLEMENTATION.md](docs/IMPLEMENTATION.md).