A robust and secure backend API built with Express.js and MongoDB that provides complete user authentication functionality including registration, email verification, login, profile management, password reset, and logout. The API uses JWT tokens stored in HTTPβonly cookies and integrates with Mailtrap for email testing during development.
-
User registration with password hashing (bcryptjs)
-
Email verification using a unique token sent via Mailtrap (or any SMTP provider)
-
User login with JWT token generation and HTTPβonly cookie storage
-
Protected routes (e.g., user profile) via JWT middleware
-
User logout (cookie clearing)
-
Forgot password / reset password functionality with timeβlimited tokens
-
Roleβbased authorization (user / admin) β prepared for future extensions
-
MongoDB connection with Mongoose ODM
-
CORS enabled for frontend at http://localhost:3000
-
Environment variable configuration with dotenv
-
Error handling and validation on all endpoints
-
Runtime: Bun
-
Framework: Express.js 5.x
-
Database: MongoDB with Mongoose ODM
-
Authentication: JSON Web Tokens (JWT), bcryptjs
-
Email: Nodemailer (Mailtrap for development)
-
Other: cookie-parser, cors, dotenv
-
Node.js (v18 or higher recommended) or Bun
-
MongoDB (local installation or Atlas cloud database)
-
A Mailtrap account (or any SMTP provider) for email testing
-
npm / yarn / bun (package manager)
- clone the repository
git clone https://github.com/Pranto-Paul/authentication-expressJS.git
cd authentication-expressJS- install dependencies
bun install
or
npm install- set up environment variable Create a .env file in the root directory and add the variables listed in the Configuration section.
4.run the development server
bun run dev
or
npm run devThe server will start at http://localhost:3001 (or the port specified in PORT).
All endpoints are prefixed with /api/v1/users.
Register a new user. Sends a verification email.
{
"name": "Pranto Paul",
"email": "prantopaul55555@gmail.com",
"password": "secret123"
}Response: 201 Created with success message.
Verify user email using the token sent via email.
Response: 200 OK with verification success message.
Authenticate user and set JWT cookie.
{
"email": "prantopaul55555@gmail.com",
"password": "secret123"
}Response: 200 OK with user data (excluding password) and token (also sent in cookie).
{
"email":"prantopaul55555@gmail.com"
}Response: 200 OK with message that reset email was sent.
Reset password using token recived via email
Request body:
{
"password": "newpassword123"
}Response: *200 OK on success.
Get the currently authenticated user's profile.
Headers: Cookie with token (automatically sent by browser if cookie is set). Response: 200 OK with user data.
Clear the authentication cookie and log out the user.
Response: 200 OK with logout message.
.
βββ controller
β βββ user.controller.js # All route handlers (register, login, etc.)
βββ middleware
β βββ auth.middleware.js # JWT verification middleware
βββ model
β βββ User.model.js # Mongoose user schema and model
βββ router
β βββ user.router.js # Express routes for /api/v1/users
βββ utils
β βββ db.js # MongoDB connection utility
β βββ sendMail.js # Nodemailer transporter and email sender
βββ .env # Environment variables (not committed)
βββ .gitignore
βββ index.js # Main application entry point
βββ package.json
βββ README.md
Contributions are welcome! To contribute:
-
Fork the repository.
-
Create a new branch for your feature or bugfix: git checkout -b feature/your-feature-name
-
Make your changes, following the existing code style and conventions.
-
Write clear, descriptive commit messages.
-
Ensure the server runs without errors and all tests pass (if any).
-
Push to your fork and open a pull request against the main branch.
Please keep your pull requests focused and avoid unrelated changes. For major changes, open an issue first to discuss what you would like to change.
This project is licensed under the MIT License. See the LICENSE file for details.