AuthOrg is a robust authentication and authorization system designed to manage users and their access to organization-specific data. This project features secure user registration, login, and token-based authentication, ensuring that only authorized users can access specific organizational data.
- Features
- Technologies Used
- Getting Started
- Running Tests
- API Endpoints
- Project Structure
- Database Schema
- Authentication and Authorization
- Error Handling
- Environment Variables
- Contributing
- License
- User Registration: Register users with basic information and assign them to a default organization.
- User Login: Authenticate users and provide them with a secure token for accessing protected routes.
- Token-Based Authentication: Use JWT tokens to authenticate users and verify their access rights.
- Organization Management: Ensure users can only access data from organizations they belong to.
- Error Handling: Comprehensive error handling for different scenarios.
- Node.js: Backend server runtime
- Express.js: Web framework for Node.js
- Sequelize: ORM for managing the database
- PostgreSQL: Relational database
- bcryptjs: Library for hashing passwords
- jsonwebtoken: Library for generating and verifying JWT tokens
- dotenv: Module for loading environment variables
- supertest: Library for testing HTTP APIs
- Node.js and npm installed
- PostgreSQL database installed and running
- Basic understanding of JavaScript and Node.js
-
Clone the repository:
git clone https://github.com/TheSaviourEking/AuthOrg.git cd AuthOrg -
Install dependencies:
npm install
-
Set up environment variables: Create a
.envfile in the root directory and add the following variables:NODE_ENV=development PORT=5000 DATABASE_URL=your_database_url JWT_SECRET=your_jwt_secret
-
Run database migrations:
npx dotenv sequelize-cli db:migrate
-
Start the server:
npm start
To run the tests, use the following command:
npm test- URL:
/auth/register - Method:
POST - Body:
{ "firstName": "John", "lastName": "Doe", "email": "john.doe@example.com", "password": "password123", "phone": "1234567890" } - Response:
{ "status": "success", "message": "Registration successful", "data": { "user": { "id": 1, "firstName": "John", "lastName": "Doe", "email": "john.doe@example.com", "phone": "1234567890" }, "organisation": { "id": 1, "name": "John's Organisation" }, "accessToken": "your_jwt_token" } }
- URL:
/auth/login - Method:
POST - Body:
{ "email": "john.doe@example.com", "password": "password123" } - Response:
{ "status": "success", "message": "Login successful", "data": { "user": { "id": 1, "firstName": "John", "lastName": "Doe", "email": "john.doe@example.com", "phone": "1234567890" }, "accessToken": "your_jwt_token" } }
- URL:
/api/organisations - Method:
GET - Headers:
{ "Authorization": "Bearer your_jwt_token" } - Response:
{ "status": "success", "data": { "organisations": [ { "id": 1, "name": "John's Organisation" } ] } }
- URL:
/api/organisations/:orgId - Method:
GET - Headers:
{ "Authorization": "Bearer your_jwt_token" } - Response:
{ "status": "success", "data": { "organisation": { "id": 1, "name": "John's Organisation" } } }
AuthOrg
├── app.js
├── bin
│ └── www
├── config
│ ├── database.js
│ └── index.js
├── controllers
│ ├── organisation.controller.js
│ ├── session.controller.js
│ └── user.controller.js
├── db
│ ├── migrations
│ │ ├── 20240706171133-create-user.js
│ │ ├── 20240706220154-create-organisation.js
│ │ └── 20240706224136-create-user-organisation.js
│ ├── models
│ │ ├── index.js
│ │ ├── organisation.js
│ │ ├── user.js
│ │ └── userorganisation.js
│ └── seeders
├── middleware
│ └── auth.js
├── package.json
├── package-lock.json
├── README.md
├── routes
│ ├── api
│ │ ├── index.js
│ │ ├── organisation.js
│ │ └── users.js
│ ├── auth
│ │ └── index.js
│ ├── index.js
│ └── ioeiauth.js
├── tests
│ └── auth.spec.js
└── utils
├── jwt.js
└── validation.js
| Column | Type | Description |
|---|---|---|
| id | Integer | Primary key |
| firstName | String | User's first name |
| lastName | String | User's last name |
| String | User's email (unique) | |
| password | String | User's password |
| phone | String | User's phone number |
| Column | Type | Description |
|---|---|---|
| id | Integer | Primary key |
| name | String | Organisation's name |
| userId | Integer | Foreign key to User table |
- JWT Tokens: AuthOrg uses JWT tokens to manage user sessions. The tokens are signed using a secret key and include user information.
- Token Verification: Every request to a protected route is authenticated by verifying the JWT token sent in the request headers.
- Access Control: Users can only access data from organizations they are part of. Unauthorized access is restricted and results in a
403 Forbiddenresponse.
AuthOrg includes comprehensive error handling for various scenarios:
- User Registration Errors: Validation errors, duplicate email, missing fields
- User Login Errors: Invalid credentials, missing fields
- Authorization Errors: Invalid or expired tokens, unauthorized access
AuthOrg uses environment variables to manage configuration settings. The following variables are required:
NODE_ENV=development
PORT=3000
DATABASE_URL=your_database_url
JWT_SECRET=your_jwt_secret- Fork the repository
- Create your feature branch (
git checkout -b feature/new-feature) - Commit your changes (
git commit -m 'Add new feature') - Push to the branch (
git push origin feature/new-feature) - Open a pull request
This project is licensed under the MIT License. See the LICENSE file for details.