https://github.com/miladjoodi/next-fullstack-auth

A Next.js 15 project implementing secure user authentication with JWT, refresh tokens, and protected routes. Includes full client-side forms for registration and login, server-side token verification, and dashboard access control.
https://github.com/miladjoodi/next-fullstack-auth

access-token argon2 fullstack jose mongodb nextjs prisma prisma-orm react react-hook-form reactjs refresh-token tailwind tailwindcss zod

Last synced: 23 days ago
JSON representation

A Next.js 15 project implementing secure user authentication with JWT, refresh tokens, and protected routes. Includes full client-side forms for registration and login, server-side token verification, and dashboard access control.

• Host: GitHub
• URL: https://github.com/miladjoodi/next-fullstack-auth
• Owner: MiladJoodi
• Created: 2025-08-27T18:54:13.000Z (about 1 month ago)
• Default Branch: main
• Last Pushed: 2025-09-09T11:52:07.000Z (29 days ago)
• Last Synced: 2025-09-09T14:38:12.221Z (29 days ago)
• Topics: access-token, argon2, fullstack, jose, mongodb, nextjs, prisma, prisma-orm, react, react-hook-form, reactjs, refresh-token, tailwind, tailwindcss, zod
• Language: TypeScript
• Homepage: https://next-fullstack-auth.netlify.app
• Size: 242 KB
• Stars: 8
• Watchers: 0
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# Next Fullstack Auth

This is a simple authentication system built with **Next.js 15 App Router**, **TypeScript**, **Prisma**, and **JWT**. It demonstrates a modern approach to secure login, registration, and protected routes using server-side logic and refresh tokens.

---

## Libraries & Tools Used

- **Frontend:** Next.js 15, React, TypeScript, react-hook-form, Zod, axios

- **Backend:** Next.js API routes, Prisma / MongoDB

- **Security:** argon2 for password hashing, jose for JWT handling, HttpOnly cookies

- **UI:** Tailwind CSS

---

## Features Implemented So Far

- **User Registration**

  - Users can register with `name`, `email`, and `password`.

  - Passwords are securely hashed using `argon2`.

  - Email is normalized to lowercase to avoid case-sensitivity issues.

  - Validations are enforced with **Zod**.

  - On success, the user is redirected to the **Login** page.

- **User Login**

  - Users can log in using email and password.

  - Passwords are verified using `argon2`.

  - Upon successful login:

    - An **access token** (15 min) and a **refresh token** (7 days) are generated using `jose`.

    - Refresh token is saved in the database.

    - Refresh token is stored as an **HttpOnly cookie**.

    - Old refresh tokens for the user are automatically deleted.

  - Login form validation using **react-hook-form + Zod**.

  - After login, the user is redirected to the **Dashboard**.

- **Logout**

  - Removes refresh token from the database.

  - Clears the refresh token cookie.

- **Protected Routes**

  - `/dashboard` and other sensitive pages require login.

  - Middleware verifies the refresh token before accessing protected routes.

  - Users who are already logged in cannot access `/login` or `/register`.

  - Unauthenticated users are redirected to `/login`.

- **Server-Side Dashboard**

  - Server-side rendering fetches user data from the database using the refresh token.

  - Displays real user information such as name and email.

  - Logout button is integrated in the dashboard.