A ready-to-use authentication service build with express.js, that provides secure and reliable authentication using JSON Web Tokens (JWT) and refresh token rotation
A pre-built authentication server that uses JSON Web Tokens (JWT) for authentication. It is built using Express.js, TypeScript and MySQL
This pre-built authentication server is designed to simplify the process of adding secure user authentication to your web or mobile application. It provides a ready-made solution that uses JSON Web Tokens (JWT) to ensure reliable and secure user sessions, saving you time and resources that would otherwise be required to develop an authentication system from scratch. Built using Express.js and TypeScript, this server is also highly customizable and can be extended to meet the specific needs of your application. By integrating our authentication server into your application, you can rest assured that your users' data and sessions are well protected, leaving you free to focus on other important aspects of your application.
POST /v1/auth/signup - Signup
POST /v1/auth/login - Login
POST /v1/auth/refresh - Refresh access token
POST /v1/forgot-password - Send reset password email
POST /v1/reset-password/:token - Reset password
POST /v1/send-verification-email - Send verification email
POST /v1/verify-email/:token - Verify email
./src
├── config/ # Config files
├── controller/ # Route controllers
├── middleware/ # Custom middlewares
├── routes/ # Routes
├── types/ # Types
├── utils/ # Utility classes and functions
├── validations/ # Validation schemas
├── app.ts # Express App
└── index.ts # App Entrypoint
Our server relies on MySQL as its primary database management system to store and manage all relevant data. MySQL is a popular and widely used open-source relational database system that provides efficient, secure, and scalable storage and retrieval of data.
To simplify and streamline the process of managing the data stored in the MySQL database, we utilize Prisma, which is a modern, type-safe ORM that supports various databases, including MySQL.
Prisma helps us to write database queries in a more readable and intuitive way, making it easier to manage the data stored in our MySQL database. By using Prisma as our ORM of choice, we can also ensure that our application remains scalable, efficient, and maintainable.
If you're interested in the structure of our database, you can take a look at the data model presented below, which provides an overview of the tables, columns, and relationships within the database.
model Account {
id String @id @default(cuid())
userId String
type String
provider String
providerAccountId String
refresh_token String? @db.Text
access_token String? @db.Text
expiresAt DateTime
token_type String?
scope String?
id_token String? @db.Text
session_state String?
user User @relation(fields: [userId], references: [id], onDelete: Cascade)
@@unique([provider, providerAccountId])
}
model User {
id String @id @default(cuid())
name String
email String? @unique
password String
emailVerified DateTime?
createdAt DateTime @default(now())
accounts Account[]
refreshTokens RefreshToken[]
resetToken ResetToken[]
emailVerificationToken EmailVerificationToken[]
}
model RefreshToken {
id String @id @default(cuid())
token String @unique
user User @relation(fields: [userId], references: [id])
userId String
createdAt DateTime @default(now())
}
model ResetToken {
id String @id @default(cuid())
token String @unique
expiresAt DateTime
user User @relation(fields: [userId], references: [id])
userId String
createdAt DateTime @default(now())
}
model EmailVerificationToken {
id String @id @default(cuid())
token String @unique
expiresAt DateTime
user User @relation(fields: [userId], references: [id])
userId String
createdAt DateTime @default(now())
}
Social auth is not yet implemented so that the entity can be different in the future
The Account entity represents a linked social media account for a user. It has the following fields:
The User entity represents a user of the application. It has the following fields:
The RefreshToken entity represents a refresh token used to obtain a new access token. It has the following fields:
The ResetToken entity represents a reset token used to reset a user's password. It has the following fields:
The EmailVerificationToken entity represents a token used to verify a user's email address. It has the following fields:
Refresh token rotation is a security practice used to mitigate the risk of unauthorized access to a user's account or resources. When a user logs in to an application, the application issues an access token and a refresh token. The access token is used to access the user's resources, while the refresh token is used to obtain a new access token when the current one expires.
In refresh token rotation, the application periodically rotates the refresh token, meaning it invalidates the old refresh token and issues a new one. This practice can limit the amount of time an attacker can use a stolen refresh token to gain access to the user's account or resources. By rotating the refresh token, the application reduces the risk of a long-lived refresh token being used to access the user's account or resources without their permission.
To run this project, you will need to add the following environment variables to your .env file
# App's running environment
NODE_ENV=
# App's running port
PORT=
# Server url
SERVER_URL=
# Cors origin url
CORS_ORIGIN=
# Run node -e "console.log(require('crypto').randomBytes(256).toString('base64'));" in your console to generate a secret
ACCESS_TOKEN_SECRET=
REFRESH_TOKEN_SECRET=
ACCESS_TOKEN_EXPIRE=
REFRESH_TOKEN_EXPIRE=
# name of the refresh token cookie
REFRESH_TOKEN_COOKIE_NAME=
MYSQL_DATABASE=
MYSQL_ROOT_PASSWORD=
# Example: mysql://USER:PASSWORD@HOST:PORT/DATABASE
DATABASE_URL=
# Configuration for the emial service
SMTP_HOST=
SMTP_PORT=
SMTP_USERNAME=
SMTP_PASSWORD=
EMAIL_FROM=
See .env.example for further details
This project uses Yarn as package manager
npm install --global yarn
git clone https://github.com/Louis3797/express-ts-auth-service.git
Go to the project directory
cd express-ts-auth-service
yarn install
# run ESLint
yarn lint
# fix ESLint errors
yarn lint:fix
# run prettier
yarn prettier:check
# fix prettier errors
yarn prettier:format
# fix prettier errors in specific file
yarn prettier:format:file <file-name>
To run tests, run the following command
yarn test
Run tests with watch flag
yarn test:watch
See test coverage
yarn coverage
Start the server in development mode
Note: Dont forget to define the .env variables
yarn dev
Start the server in production mode
yarn start
Run docker compose
cd express-ts-auth-service
docker-compose up
AccessTokenNotFoundError
Contributions are always welcome!
See CONTRIBUTING.md
for ways to get started.
Please read the Code of Conduct
Distributed under the MIT License. See LICENSE for more information.
Louis-Kaan Ay - [email protected]
Project Link: https://github.com/Louis3797/express-ts-auth-service