A secure and production-ready authentication backend built using Node.js, Express, MongoDB, and JWT, featuring Email OTP verification and Password Reset via Email Link.
This system follows real-world authentication practices used in modern SaaS applications.
-
User can create account using:
- Name
- Password
-
Password is securely hashed using bcrypt
-
OTP verification code is sent to user's email
- 5-digit OTP sent via Nodemailer
- OTP has expiry time
- Account activated only after successful verification
- Welcome email sent after verification
- Login using email and password
- Password verified using bcrypt
- JWT token generated and stored in HTTP-Only Cookie
- Protected routes accessible only to authenticated users
- User can request password reset
- Secure reset link sent to registered email
- Link contains unique token with expiry
- User can reset password using email link
- Token verified before allowing reset
- Password securely re-hashed
- Confirmation email sent after successful reset
- Middleware verifies JWT token
- Unauthorized users cannot access protected APIs
- Password hashing using bcrypt
- JWT authentication
- HTTP-Only cookies
- Token expiry
- Email verification
- Secure password reset tokens
Backend
- Node.js
- Express.js
- MongoDB
- Mongoose
Authentication
- JWT
- bcrypt
Email Service
- Nodemailer
- Gmail SMTP
Backend/
│
├── controllers/
├── models/
├── routes/
├── middleware/
├── services/
├── utils/
└── server.js
Create .env
PORT=4000
MONGO_URI=your_mongodb_uri
JWT_SECRET=your_secret
EMAIL_USER=your_email@gmail.com
EMAIL_PASS=your_app_password
CLIENT_URL=http://localhost:5173
npm install
npm run dev
- Signup
- Email Verification
- Login
- Logout
- Forgot Password
- Reset Password
- Check Auth
This project demonstrates real-world authentication flow used in:
- SaaS applications
- Startup products
- Production backend systems
Sourodip Dey
Full Stack MERN Developer