A robust, production-ready authentication template built with Node.js, Express, and Best security practices.
This template comes packed with modern authentication and authorization features to kickstart your next project:
- 🔐 Secure Authentication: Complete Login and Registration flows using HTTP-only cookies and bcrypt password hashing.
- 🛡️ RBAC (Role-Based Access Control): Granular permissions system to manage User and Admin roles effectively.
- 🎫 JWT Session Management: Secure Access and Refresh Token rotation strategy for persistent and safe user sessions.
- 🔑 OAuth Integration: Seamless login with Google.
- 📱 2FA (Two-Factor Authentication): Add an extra layer of security with TOTP-based two-factor authentication (Google Authenticator).
- 📧 Email Verification: Verify user identities upon registration to prevent spam.
- 🔄 Password Management: Secure "Forgot Password" and "Reset Password" flows with email notifications.
- 🛡️ Security First: Implements best practices like Rate Limiting, Helmet, and Data Sanitization.
Built with a focus on performance, type safety, and scalability:
- Runtime: Node.js
- Framework: Express.js
- Language: TypeScript
- Database: MongoDB (Mongoose ODM)
- Validation: Zod
- Authentication: JsonWebToken & Bcrypt.js
- Email: Nodemailer
- 2FA: otplib
Follow these steps to set up the project locally on your machine.
Ensure you have the following installed:
- Node.js (v18+ recommended)
- MongoDB (Local instance or Atlas URI)
-
Clone the repository
git clone https://github.com/SAYOUNCDR/Advance-Auth.git cd Advance-Auth -
Install dependencies
npm install
-
Configure Environment Variables Create a
.envfile in the root directory and populate it with your secrets:NODE_ENV=development PORT=5000 # Database MONGO_URI=mongodb://localhost:27017/advance_auth # JWT Secrets (Generate strong random strings) JWT_ACCESS_SECRET=your_super_secret_access_key JWT_REFRESH_SECRET=your_super_secret_refresh_key # Email Service (SMTP) SMTP_HOST=smtp.example.com SMTP_PORT=587 SMTP_USER=your_email@example.com SMTP_PASS=your_email_password EMAIL_FROM=no-reply@example.com # Google OAuth GOOGLE_CLIENT_ID=your_google_client_id GOOGLE_CLIENT_SECRET=your_google_client_secret GOOGLE_REDIRECT_URI=http://localhost:5000/auth/google/callback # Application URL APP_URL=http://localhost:5000
-
Run the Application
Development Mode:
npm run dev
Production Build:
npm run build npm start
Brief overview of the main authentication routes:
| Method | Endpoint | Description |
|---|---|---|
POST |
/auth/register |
Register a new user |
POST |
/auth/login |
Login and receive tokens |
POST |
/auth/refresh |
Refresh access token using refresh token |
POST |
/auth/logout |
Logout user (clears cookies) |
GET |
/auth/verify-email |
Verify user email address |
POST |
/auth/forgot-password |
Request password reset link |
POST |
/auth/reset-password |
Set a new password |
GET |
/auth/google |
Initiate Google OAuth flow |
GET |
/auth/google/callback |
Google OAuth callback URL |
POST |
/auth/2fa/setup |
Generate 2FA secret and QR code |
POST |
/auth/2fa/verify |
Verify 2FA token and enable 2FA |
- Basic Auth (Register/Login/Logout)
- Email Verification & Password Reset
- OAuth Strategies (Google)
- Two-Factor Authentication (2FA)
- Admin Dashboard for User Management
Contributions are welcome! Please open an issue or submit a pull request for any improvements.
Happy Coding! 🚀