This project implements a secure backend authentication system using Node.js, Express.js, MySQL, and JWT. It includes user authentication, profile management, and token-based authorization.
The system follows a RESTful API architecture and ensures security through bcrypt password hashing and JWT authentication.
The backend provides secure APIs for user signup and login.
- Secure user registration
- Secure login authentication
- Password hashing using bcrypt
- Input validation for required fields
- Prevention of duplicate users
POST /users/register
Request Body
{
"name": "dummy",
"email": "dummy@gmail.com",
"password": "dummy123"
}
Features
- Validates required fields
- Hashes password using bcrypt
- Stores user in MySQL database
POST /users/login
Request Body
{
"email": "dummy@gmail.com",
"password": "dummy123"
}
Features
- Verifies password using bcrypt
- Generates JWT access and refresh tokens
- Stores refresh token in database
- Returns authenticated user details
The application integrates with a MySQL database and performs CRUD operations for user profiles.
MySQL is used to store user information.
CREATE TABLE users (
id INT AUTO_INCREMENT PRIMARY KEY,
name VARCHAR(100),
email VARCHAR(100) UNIQUE,
password VARCHAR(255),
bio TEXT,
contact VARCHAR(20),
refreshToken VARCHAR(255),
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);
GET /users/profile
Returns authenticated user information.
Response
{
"id": 1,
"name": "dummy",
"email": "dummy@gmail.com",
"bio": "Developer",
"contact": "1234567890"
}
PATCH /users/update-profile
Allows updating user profile fields.
Example Request
{
"name": "Dummy Updated",
"bio": "Full Stack Developer"
}
Features
- Updates only provided fields
- Dynamic SQL query building
- Returns updated profile
DELETE /users/profile
Deletes the user account and clears authentication cookies.
The system uses JSON Web Tokens (JWT) for secure authentication.
Two tokens are used:
- Short lived
- Used for accessing protected routes
- Long lived
- Stored in database
- Used to generate new access tokens
During login:
-
User credentials are verified.
-
Server generates:
- Access Token
- Refresh Token
-
Refresh token is saved in the database.
-
Tokens are sent via HTTP-only cookies.
POST /users/refresh-token
This endpoint verifies the refresh token and generates a new access token.
Response
{
"accessToken": "...",
"refreshToken": "..."
}
A middleware verifies the JWT token for protected routes.
The middleware:
- Reads the access token from cookies.
- Verifies the token using JWT secret.
- Extracts user information.
- Attaches the user to
req.user.
Protected routes can access authenticated user details.
Example
req.user.id
req.user.email
Used in endpoints like:
GET /users/profile
Backend
- Node.js
- Express.js
Database
- MySQL
Authentication
- JWT (jsonwebtoken)
- bcrypt
Utilities
- Custom error handling
- Async middleware wrapper
src
│
├── controllers
│ ├── auth.controller.js
│ └── users.controllers.js
│
├── db
│ └── index.js
│
├── middlewares
│ └── auth.middleware.js
│
├── routes
│ └── user.routes.js
│
├── utils
│ ├── ApiError.js
│ ├── ApiResponse.js
│ ├── asyncHandler.js
│ └── token.js
│
├── app.js
└── index.js
- Password hashing using bcrypt
- JWT based authentication
- HTTP-only cookies
- Refresh token stored in database
- Protected routes with authentication middleware
npm install
Create .env
PORT=5000
DB_HOST=localhost
DB_USER=root
DB_PASSWORD=password
DB_NAME=wdc_backend
ACCESS_TOKEN_SECRET=your_access_secret
ACCESS_TOKEN_EXPIRY=1d
REFRESH_TOKEN_SECRET=your_refresh_secret
REFRESH_TOKEN_EXPIRY=7d
npm run dev
Server will run on:
http://localhost:5000
Ankit Kumar