2

GitHub - pieroguerrero/auth-backend: Typescript RESTful backend application for...

 1 year ago
source link: https://github.com/pieroguerrero/auth-backend
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

Auth Backend

Typescript RESTful backend application for User Authentication and Authorization.

Table of Contents

General Information

  • This project was created to fullfil the need several Software Engineers have when trying to create a Fullstack Web project from scratch.
  • It provides the source code backend template to authenticate and authorize users by exposing RESTful APIs to do so.

Features

  • Username and password signup heavy_check_mark
  • User and password login heavy_check_mark
  • Account verification via email heavy_check_mark
  • Public/open route example heavy_check_mark
  • Route protection with expirable security tokens:
    • Via Autorization header as Bearer token heavy_check_mark
    • Via cookies heavy_check_mark
    • Via custom header keys soon
  • Forgot password soon
  • Change password soon
  • User password expiration soon
  • Account verification via SMS soon
  • Authentication with Google soon

Technologies and Techniques used

  • This project was implenmented 100% with Typescript, Nodejs and Express.
  • Authentication is implemented with the bcryptjs library for password encryption and the Local stategy from the Passport library.
  • Authorization is done with JWT strategy from the Passport library.
  • Tokenization is done with jsonwebtoken.
  • MongoDB and the mongoose ORM were used for the databse.
  • Email service is handled with nodemailer and using gmail as Email server for testing purposes.
  • Cors and Helmet were used to avoid well-known web vulnerabilities.
  • Compression is being used for performance.
  • The .env file is handeled with dotenv and managed by a configurator module to facilitate its usage across the other application modules.
  • The project architecture was implemented by enhancing the concepts of MVC to get a more robust architecture with clear separation of concerns:
📦src
 ┣ 📂api  => Main source code container.
 ┃ ┣ 📂controllers  => Orchestrators that use Services and Middlewares to provide a response.
 ┃ ┣ 📂interfaces  => Typescript Interface and Type definitions to be used in the project.
 ┃ ┣ 📂middlewares  => Functions to be executed before the Router's main controllers.
 ┃ ┣ 📂models  => Entity definitions that encapsulate Database and ORM services.
 ┃ ┣ 📂routers  => Routers of the application.
 ┃ ┣ 📂services  => Functions containing the all the Business Logic of the application.
 ┃ ┗ 📂util  => Functions used in across the folders in multiple times.
 ┣ 📂config  => Configuration for the different components of the application.
 ┣ 📂public  => Publicly available resources.
 ┗ 📜index.ts  => Main file that starts the database and the main application.

Setup

  1. Clone this project by doing:
$ git clone https://github.com/pieroguerrero/auth-backend.git
  1. Go to the folder you've just cloned the code and execute:
$ npm install

WARNING: If you are going to use other libraries to achieve other purposes be carefull and remove the caret (^) prefix that the dependency versions have.

  1. Create a .env file in your project's container folder. The file should have the following variables with your own values:
#Node Enviromental variable used for performance purposes
NODE_ENV="development"

#APP/SERVER CONFIGS

#Port number to be used by the current application:
PORT="3000"

#DATABASE CONFIGS

#MongoDB full connection string:
MONGODB_URI="<your-own-value-here>"

#JWT TOKEN CONFIGS

#A value to be used as seed by the JWT jsonwebtoken library in order to sign the payload:
SECRET_TOKEN_KEY="<your-own-value-here>"
#Number of iterations for the encryption algotithm:
TOKE_SALT_LENGTH=10
#JWT token expiration time, expressed in seconds or a string describing a time span zeit/ms. Eg: 60, "2 days", "10h", "7d":
JWT_EXPIRATION_IN_SECONDS="<your-own-value-here>"
#When 'true', it will provide and receive the authorization token via the cookies. Otherwhise will handle it via Authorization header with a bearer token:
TOKEN_FROM_COOKIE="false"
#Useful only when TOKEN_FROM_COOKIE is 'true'. This parameter gives a name to the cookie is going to be used to provide and receive the authorization token:
JWT_TOKEN_COOKIE_NAME="<your-own-value-here>"

#EMAIL CONFIGS

#Gmail Email host, commonly: 'smtp.gmail.com':
EMAIL_GMAIL_HOST="smtp.gmail.com"
#Gmail email address to use used as the email sender:
EMAIL_GMAIL_ADDRESS="<your-own-value-here>"
#Gmail email sender password:
EMAIL_GMAIL_PASS="<your-own-value-here>"

Project Status

Project is: in progress

Room for Improvement

There are always room for improvement, in this project so far the thinkgs that can be improved are:

  • Unit testing coverage.
  • A separate web page for the Docs containing the API catalogs.

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK