Node.js User Authentication

by weihanchen

GitHub Readme.md

Nodejs user authentication sample base on json web token

Build Status Coverage Status Dependency Status devDependencies Status

A nodejs server api for user authentication and use react to design frontend

Demo Site

Heroku Deployment

You can quickly setup a sample heroku application by clicking the button below.

Deploy

Requirement

System Environment Variables

  • PORT
  • SECRET_KEY
  • MONGO_CONNECTION

Install dependence packages

$ cd server
$ npm install
$ cd ../client
$ npm install

client react documentation

Config

  • server/config/database.js database and jwt secret configuration, default using system variables
  1. secret - jwt auth secret
  2. database - database connection

Packages

  1. Mongoose - mongodb object modeling
  2. Simple JWT - token use
  3. Morgan - HTTP request logger middleware for node.js
  4. moment - date parse
  5. bcrypt-nodejs - ecrypt password

Step

General config

  1. edit server/config/database.js or system variable for MONGO_CONNECTIONSECRET_KEY - database connection and jwt secret
  2. edit server/config/initial.js - super admin account and role's permissions
  3. export API_ENDPOINT with system variable, allow client connection with server endpoint.

Start with development

  1. server development: npm run dev:server
  2. client development: npm run dev:client, default port 8080

Production build and run

  1. npm run build:client
  2. npm start

initial users and rols step

  1. post /api/initialize to create roles and super admin account
  2. post api/users - create new account
  3. post api/users/login - login and get jwt token then frontend can store this token to use other api
  4. use request header: {Authorization: (jwt token)} when use other api

Authentication

Check token valid

  • /api/users/logout

Check token valid and expired

  • /api/users/:id
  • /api/users/me

Permissions(roles)

  • admin

    • delete - other users and roles
    • get - all users and roles
    • post - user and role
    • put - all users and other user's role
  • user

    • delete - self
    • get - self
    • post - signup
    • put - self but cannot update role

Documentation

  • request header - Authorization (json web token)

  • api - api root

  • api/initialize

    post - create roles and admin user

  • api/users

    post - create new user

  • api/users/login

    post - login and get jwt token

  • api/users/me

    get - get current user info

  • api/users/:id

    delete - delete user

    get - get user info

    put - update username、displayName only superadmin can update other user's role

API Test

  • npm install --dev
  • npm run test:server

To Do

  • admin dashboard
  • edit role name
  • edit password
  • add more test case for permissions
  • add business logic extension framework document
  • add swagger ui