Skip to content

ishanbhardwaj17/Authentication-System

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

13 Commits
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

πŸ” Auth System (Node.js β€’ JWT β€’ Redis β€’ Email OTP)

Node.js Express MongoDB Redis JWT License

A production-style authentication system built using Node.js, Express, MongoDB, Redis, and JWT.

This project demonstrates a secure backend authentication architecture including email OTP verification, refresh tokens, Redis session caching, and token blacklisting similar to real-world SaaS applications.


πŸš€ Features

βœ… User Registration βœ… Email OTP Verification βœ… Resend OTP βœ… Secure Login βœ… JWT Access Tokens βœ… Refresh Token Rotation βœ… Redis Session Caching βœ… Access Token Blacklisting (Logout) βœ… HTTP-only Refresh Token Cookies βœ… Session Tracking (IP + User-Agent)


πŸ—οΈ Architecture

Client
   β”‚
   β–Ό
Express API (Node.js)
   β”‚
   β”œβ”€β”€ MongoDB
   β”‚     β”œβ”€β”€ Users
   β”‚     β”œβ”€β”€ OTPs
   β”‚     └── Sessions
   β”‚
   └── Redis
         β”œβ”€β”€ Session Cache
         └── Token Blacklist

Authentication Flow:

Register
   ↓
OTP sent to Email
   ↓
Verify Email
   ↓
Login
   ↓
Access Token (10 minutes)
Refresh Token (7 days)
   ↓
Session stored in MongoDB
Session cached in Redis

🧰 Tech Stack

Backend

  • Node.js
  • Express.js

Database

  • MongoDB
  • Redis

Authentication

  • JSON Web Tokens (JWT)
  • bcrypt

Email Service

  • Nodemailer

Testing

  • Postman

πŸ“ Project Structure

Auth-System
β”‚
β”œβ”€β”€ src
β”‚   β”‚
β”‚   β”œβ”€β”€ controllers
β”‚   β”‚      auth.controller.js
β”‚   β”‚
β”‚   β”œβ”€β”€ models
β”‚   β”‚      user.model.js
β”‚   β”‚      session.model.js
β”‚   β”‚      otp.model.js
β”‚   β”‚
β”‚   β”œβ”€β”€ routes
β”‚   β”‚      auth.routes.js
β”‚   β”‚
β”‚   β”œβ”€β”€ config
β”‚   β”‚      config.js
β”‚   β”‚      cache.js
β”‚   β”‚
β”‚   β”œβ”€β”€ services
β”‚   β”‚      email.service.js
β”‚   β”‚
β”‚   β”œβ”€β”€ utils
β”‚   β”‚      utils.js
β”‚   β”‚
β”‚   └── server.js
β”‚
β”œβ”€β”€ package.json
└── README.md

βš™οΈ Environment Variables

Create a .env file in the root directory.

PORT=3000

MONGO_URI=your_mongodb_connection_string

JWT_SECRET=your_jwt_secret
JWT_EXPIRES_IN=7d

REDIS_URL=redis://127.0.0.1:6379

EMAIL_USER=your_email
EMAIL_PASS=your_email_password

πŸ“¦ Installation

Clone the repository

git clone https://github.com/ishanbhardwaj17/Authentication-System

Navigate to the project directory

cd auth-system

Install dependencies

npm install

Start the development server

npm run dev

Server runs on

http://localhost:3000

πŸ§ͺ API Endpoints

Register User

POST /api/auth/register

Body

{
  "username": "john",
  "email": "john@example.com",
  "password": "password123"
}

Verify Email OTP

POST /api/auth/verify-email

Body

{
  "email": "john@example.com",
  "otp": "123456"
}

Resend OTP

POST /api/auth/resend-otp

Body

{
  "email": "john@example.com"
}

Login

POST /api/auth/login

Body

{
  "email": "john@example.com",
  "password": "password123"
}

Response

{
  "accessToken": "JWT_TOKEN"
}

Refresh token is stored in HTTP-only cookie.


Get Current User

GET /api/auth/me

Headers

Authorization: Bearer ACCESS_TOKEN

Refresh Access Token

POST /api/auth/refresh-token

Uses refresh token stored in cookie.


Logout

POST /api/auth/logout

Headers

Authorization: Bearer ACCESS_TOKEN

Actions performed:

  • Blacklists access token in Redis
  • Deletes session from MongoDB
  • Clears refresh token cookie

πŸ” Security Features

βœ” Password hashing with bcrypt βœ” HTTP-only refresh token cookies βœ” Access token expiration βœ” Refresh token rotation βœ” Redis token blacklist βœ” Email OTP verification βœ” Session tracking (IP + User-Agent)


πŸ—„οΈ Database Collections

Users

users

Stores user credentials and verification status.

OTP

otps

Stores hashed OTPs used for email verification.

Sessions

sessions

Stores refresh token hashes and session metadata.


πŸ§ͺ Testing

πŸ“¬ Postman Collection

You can import the Postman collection to test the API.

Location:

postman/auth-system-postman.json

Recommended flow:

1 Register
2 Verify Email
3 Login
4 Access Protected Route
5 Refresh Token
6 Logout

πŸ“Œ Future Improvements

  • Forgot Password / Reset Password
  • Google OAuth Login
  • OTP Rate Limiting
  • Device-based session management
  • Swagger API Documentation

πŸ‘¨β€πŸ’» Author

Built as a backend authentication system project demonstrating modern authentication architecture using Node.js.


⭐ Support

If you like this project, consider starring the repository.

About

Backend authentication system implementing JWT-based access and refresh tokens, Redis session caching, email OTP verification, and secure logout using token blacklisting.

Resources

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors