---

Authentication, Authorization and Verification Server

Table of Contents

1. Overview
2. File Structure
3. Technologies Used
4. Features
5. Setup Instructions
6. Usage
7. Testing
8. Contributing
9. License

---

Overview

The Authentication Verification Server is a Node.js application designed to handle user authentication, email verification, password reset, and token management using JSON Web Tokens (JWT). It provides robust security features such as token revocation, multi-factor authentication (MFA), and user profile management. This server is suitable for applications requiring secure user authentication and verification processes.

---

File Structure

auth-verification-server/
│
├── src/
│   ├── config/
│   │   ├── db.js
│   │   ├── metrics.js
│   │   ├── passport.js
│   │   └── redis.js
│   ├── controllers/
│   │   ├── authController.js
│   │   └── userController.js
│   ├── middleware/
│   │   ├── authMiddleware.js
│   │   └── roleMiddleware.js
│   ├── models/
│   │   ├── Token.js
│   │   └── User.js
│   ├── routes/
│   │   ├── authRoutes.js
│   │   └── userRoutes.js
│   ├── utils/
│   │   ├── logger.js
│   │   └── sendEmail.js
│   ├── validators/
│   │   └── authValidator.js
│   ├── app.js
│   └── config.js
│
├── tests/
│   ├── auth.test.js
│   └── user.test.js
│
├── .babelrc
├── .env
├── .gitignore
├── docker-compose.yaml
├── Dockerfile
├── package.json
├── package.lock.json
├── prometheus.yaml
└── README.md

Description

• src/: Contains the main source code of the application.

  • controllers/: Implements controller logic for handling requests.
  • middleware/: Middleware functions for request processing.
  • models/: Defines Mongoose models for MongoDB interaction.
  • routes/: Defines API routes using Express.js.
  • services/: Contains business logic services like email sending.
  • utils/: Utility functions such as logging and Redis client.
  • app.js: Entry point of the application.
  • config.js: Configuration file for environment variables.

• tests/: Includes unit and integration tests for the application.

• .gitignore: Specifies files and directories to be ignored by Git.

• package.json: Manages dependencies and scripts for the project.

• README.md: Documentation file for the project.

---

Technologies Used

• Node.js: JavaScript runtime environment.
• Express.js: Web framework for Node.js.
• MongoDB: NoSQL database for storing user data.
• Mongoose: Object Data Modeling (ODM) library for MongoDB.
• JSON Web Tokens (JWT): For secure token-based authentication.
• Redis: In-memory data structure store for caching and token storage.
• Jest: JavaScript testing framework for unit and integration tests.
• dotenv: Module for loading environment variables from .env file.
• speakeasy: Library for implementing two-factor authentication (2FA).

---

Features

• User Authentication:

  • Registration with email verification.
  • Login with OTP (one-time password).
  • Token-based authentication using JWT.

• Password Management:

  • Forgot password and reset password functionalities.
  • Secure password hashing using bcrypt.

• Token Management:

  • Generation of access tokens and refresh tokens.
  • Token revocation and expiration management.

• Security:

  • Rate limiting and IP blocking for preventing abuse.
  • Middleware for request validation and error handling.
  • Integration of two-factor authentication (2FA).

• User Management:

  • User profile management with profile update and retrieval.
  • Account deletion and verification status tracking.

---

Setup Instructions

To set up the Authentication Verification Server locally, follow these steps:

Prerequisites

• Node.js (version >= 16.0.0)
• MongoDB server (local or remote)
• Redis server (local or remote)

Installation

1. Clone the repository:

   git clone https://github.com/SandunJay/auth-verification-boilerplate.git
   cd auth-verification-server
   

2. Install dependencies:

   npm install
   

3. Set up environment variables:

   Create a .env file in the root directory with the following variables:

   
   PORT=5555
   JWT_SECRET=E6&GvDTui51S@Nw$8aO3Wh%tau!
   JWT_REFRESH_SECRET=T8h$j36K8@gRT0*25fgU37%
   JWT_EXPIRES_IN= '2h'
   JWT_REFRESH_EXPIRES_IN='1d'
   EMAIL_USER=<YOUR_EMAIL>
   EMAIL_PASS=<YOUR_EMAIL_PASSWORD>
   MONGO_URI=mongodb://localhost:27017/authDB
   REDIS_URL=redis://localhost:6379
   GOOGLE_CLIENT_ID=<GOOGLE_CLIENT_ID>
   GOOGLE_CLIENT_SECRET=<GOOGLE_CLIENT_SECRET>
   LOG_PATH='auth_log.log'
   

   Adjust the values as per your environment configuration.

4. Start the server:

   npm start
   

   The server should now be running on http://localhost:5555.

---

Usage

API Endpoints

The following are the main API endpoints provided by the server:

• Registration: /api/auth/register
• Email Verification: /api/auth/verify/:token
• Login: /api/auth/login
• OTP verification: /api/auth/otp
• Refresh token: /api/auth/otp
• Password Reset: /api/auth/reset-password/:token
• Profile: /api/user/profile

Refer to the API documentation or code comments for detailed usage instructions for each endpoint.

---

Testing

The Authentication Verification Server includes unit and integration tests to ensure its functionality. To run the tests, use the following command:

npm test

This will execute all test suites and display the results in the terminal.

---

Contributing

Contributions to the Authentication Verification Server are welcome! To contribute, follow these steps:

1. Fork the repository on GitHub.
2. Create a new branch with a descriptive name (git checkout -b feature/my-new-feature).
3. Make your changes and commit them (git commit -am 'Add new feature').
4. Push your changes to the branch (git push origin feature/my-new-feature).
5. Submit a pull request explaining your changes.

Please ensure your code follows the existing style and conventions. Also, consider adding tests for new features or changes.

---

License

This project is licensed under the MIT License - see the LICENSE file for details.

---