A Node.js app that implements APIs to emulate basic User authentication.
| Host | Domain |
|---|---|
| Heroku | https://nodejs-authapp.herokuapp.com/ |
Go to Postman > Import > Link (Tab) > Paste the link and Continue
https://www.getpostman.com/collections/c319720e2fc33dd89af7
- Express.js - For routing
- Firebase (Free tier) - For file storage
- JsonWebToken - To hide password
- MongoDB (Shared cluster) - For database
- Nodemailer - To send emails
- Twilio SMS API (Free tier) - To send sms
src is the root of the project tree.
- middlewares holds files that are essential for APIs where user authentication is a must.
- models holds all schemas that will be used to model mongoose documents.
- routes holds all the files that implement certain APIs to the app. Each file is organized based on the APIs it holds.
- scripts holds files that act like scripts, i.e, they initiate services. These scripts are executed only once (inside the index.js).
- utils provides utilities that provide functionality to certain areas of the app. For example, twilio.sms.js provides a class with method
sendSmsto send an SMS.
All the middlewares focus on validating the user's authenticity by obtaining required fields from the request.
Method - POST
Query params -
- id
Headers -
- Authorization
The key difference between login_token.auth and login_token.unverified.auth is that this middleware ignores the state of user's email or phone's verification.
Method - POST
Query params -
- id
Headers -
- Authorization
3. 2fa.auth
This middleware validates user's authenticity by validating user's two-factor authentication security questions. This is the only authentication that does not rely on the login token.
Method - POST
Query params -
- id
Body - application/json
Body params -
- first_question_answer
- second_question_answer
- third_question_answer
The routing can be simplified by splitting the routes into three parts.
Use this api to sign in as a User
Method - POST
Body - application/json
Body params -
- email (Not required if phone is provided)
- phone (Not required if email is provided)
- password
Use this api to sign up as a User
Method - POST
Body - application/json
Body params -
- data {
- full_name
- phone
- password
}
Use this api to reset password (while signed in)
Method - POST
Body - application/json
Body params -
- password (New password)
Use this api to fetch user's details
Method - POST
Middlewares - login_token.auth
Use this api to update user fields
Method - POST
Middlewares - login_token.auth
Body params -
- data {
- full_name?
- email?
- phone?
}
Use this api to set a new avatar
Method - POST
Middlewares - login_token.auth
Body params -
- avatar (File)
Use this api to delete an avatar
Method - DELETE
Middlewares - login_token.auth
Not meant to be used. This api will be used to confirm verification (either for emails, phones, or password resets)
Method - GET
Query params -
- token
Use this api to request an email confirmation (timeout. 120s)
Method - POST
Middlewares - login_token.unverified.auth
Body params -
- email? (Provide email to update old unverified email with new one)
Use this api to request a phone confirmation (timeout. 120s)
Method - POST
Middlewares - login_token.unverified.auth
Body params -
- phone? (Provide phone to update old unverified phone with new one)
Use this api to fetch user's 2fa details
Method - POST
Middlewares - login_token.auth
Use this api to enable and/or update user's 2fa details
Method - POST
Middlewares - login_token.auth
Body params -
- data {
- first_question? {
- question
- answer
}
- second_question? {
- question
- answer
}
- third_question? {
- question
- answer
}
- first_question? {
Use this api to disable user's 2fa
Method - PATCH
Middlewares - login_token.auth
Use this api to disable and clear user's 2fa details
Method - DELETE
Middlewares - login_token.auth
Use this api to reset password (while signed out)
Method - POST
Middlewares - 2fa.auth
Body params -
- password (New password)