Skip to content

hitpoint6/auth-backend

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
config
config
 
 
controllers
controllers
 
 
models
models
 
 
routes
routes
 
 
utils
utils
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
server.js
server.js
 
 

Repository files navigation

NodeJS Authentication Backend With Minimum Packages

This repo is for education purpose to explore how authentication works under the hood using Nodejs. Use together with auth-frontend repo in React. There will be a plan to build a production version using open source pacakges later.

Screenshot 2023-10-06 at 10 06 00 PM Screenshot 2023-10-06 at 10 06 18 PM

Packages

- express: web framework
- bodyParser: parse incoming request bodies
- cookie-parser: parse cookie header
- cors: cross-origin resource sharing
- JWT: jsonwebtoken
- bcryptjs: encrypt passwords
- MongoDB: for user data storage

JWT Token vs Server Sessions

- JWT token is more scalable than server session token. It does not require to store sessions in memory and can handle distributed servers better.
- Token Creation:
    1. JWT libraries first JSON-stringify the header and payload (e.g. userId).
    2. They then encode these JSON strings in Base64Url format.
    3. Finally, they create the signature using the specified hashing algorithm and the secret specified in the backend.
- A JWT consists of three parts:
    `encodedHeader.encodedPayload.signature`
    1. Header: Contains the type of token and the algorithm used.
    2. Payload: Contains the claims and additional data.
    3. Signature: A cryptographic signature generated from the header, payload, and a secret key.
- Token Verification:
    1. The library decodes the incoming JWT to retrieve the header and payload.
    2. It then recreates the signature using the same method as during creation.
    3. The recreated signature is compared to the one in the incoming token. If they match, it means the token hasn't been tampered with.
    4. If the JWT also contains an expiration claim (e.g., "exp"), the library checks if the token has expired.

MVC Architecture

    |- /models
    |- /controllers
    |- /routes
    |- server.js
    |- /utils
    |- config
    |- .env

- models: Database models like User
- view: No view as we are using React frontend
- controllers: Api call execution logic
- Routes: Divided api routes
- utils: database connection, encoding...
- server.js: Entry point to the backend service
- config: Application settings hard coded here
- .env: Variables different in local and production environment

Run locally

npm start

Runs the app in the development mode.
Open http://localhost:3001 to view it in your browser.

The page will reload when you make changes.
You may also see any lint errors in the console.

Production Plan

- Return user data on successful login
- Set up HTTPS Flag for cookies for production
- Better error handling
- Better logging
- Email confirmation and Password reset
- Social login

About

NodeJS Authentication Backend With Minimum Packages

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages