Skip to content

Geovanni-dev/JWTNode

Repository files navigation

🔐 JWTNode

A RESTful API with a complete authentication system, including registration with email verification, JWT login, and protected routes with different permission levels (ADMIN/CLIENT). Built to practice and demonstrate knowledge of JWT, Bcrypt, and Nodemailer. Code quality is enforced with ESLint, Prettier, and EditorConfig.


⚡ Features

Feature Description
📝 Registration Account creation with data validation via Zod
📧 Email Verification 6-digit code sent via Nodemailer
🔐 JWT Login Token with 1-day expiration
🛡️ Protected Routes Token-based authentication middleware
👑 Access Levels Separate permissions for ADMIN and CLIENT
👥 User CRUD Full user management for ADMIN only
🔑 Password Hashing Bcrypt with salt 10
🌱 Auto Seed Automatic ADMIN user creation
🚦 Rate Limiting Spam and brute-force protection on auth routes

🚀 Installation & Setup

Option 1 — Docker

# Configure environment variables
cp .env.example .env

# Start containers in the background
docker compose up -d

# Run the seed to create the ADMIN user inside the container
docker exec -it JWTNode npx prisma db seed

Option 2 — Local

# Clone the repository
git clone https://github.com/Geovanni-dev/JWTNode.git
cd JWTNode

# Install dependencies
npm install

# Configure environment variables
cp .env.example .env

# Run database migrations
npx prisma migrate dev

# Run the seed to create the ADMIN user
npx prisma db seed

# Start the server
npm run dev

⚙️ Environment Variables

PORT=3000
JWT_SECRET=your_jwt_secret_here
MAIL_HOST=smtp.gmail.com
MAIL_PORT=465
MAIL_USER=youremail@gmail.com
MAIL_PASS=yourapppassword

📡 Endpoints

🔓 Public Routes — /users

Route Method Payload Description
/register POST {"name","email","password"} Create a new account
/verify-code POST {"email","code"} Verify email code
/login POST {"email","password"} Returns a JWT token

👑 Protected Routes — ADMIN /users

Route Method Auth Description
/ GET 👑 List all users
/?role=ADMIN GET 👑 Filter by role
/?name=John GET 👑 Filter by name
/?email=john@email.com GET 👑 Filter by email
/:id GET 👑 Get user by ID
/:id DELETE 👑 Delete user

⚠️ Protected routes require the header: Authorization: Bearer <jwt_token>


🗂️ Project Structure

JWTNode/
├── prisma/
│   ├── migrations/               # Prisma migration history
│   ├── dev.db                    # SQLite database file
│   ├── schema.prisma             # Database schema definition
│   └── seed.js                   # ADMIN user seeding script
├── src/
│   ├── lib/
│   │   └── prisma.js             # Prisma client singleton
│   ├── middlewares/
│   │   ├── authController.js     # JWT verification middleware
│   │   └── rateLimit.js          # Rate limiting rules
│   ├── services/
│   │   └── emailService.js       # Nodemailer email dispatch logic
│   └── users/
│       ├── controller/
│       │   └── userController.js # Auth and user management logic
│       └── routes/
│           └── userRoutes.js     # User route definitions
├── .dockerignore
├── .editorconfig                 # Editor formatting rules (indent, charset, EOL)
├── .env.example                  # Environment variable reference template
├── .eslintrc.json                # ESLint rules and parser config
├── .gitignore
├── .prettierrc                   # Prettier formatting preferences
├── docker-compose.yml            # Multi-container orchestration config
├── Dockerfile                    # Production image build instructions
├── package.json
└── server.js                     # Application entry point

🛠 Tech Stack

  • Node.js & Express — Runtime and web framework
  • Prisma & SQLite — ORM and database (replaceable with PostgreSQL)
  • JSON Web Token (JWT) — Token-based authentication
  • Bcrypt — Password hashing with salt 10
  • Nodemailer — Email sending for account verification
  • Zod — Schema validation and data integrity
  • Express Rate Limit — Spam and brute-force protection
  • Docker — Containerization and environment orchestration
  • ESLint + Prettier + EditorConfig — Consistent code formatting across the codebase

📄 License

MIT © Geovani Rodrigues

About

API RESTful de autenticação completa desenvolvida com Node.js, Express e Prisma. Possui sistema de registro com verificação de email, login com geração de token JWT, níveis de acesso (ADMIN/CLIENT) e CRUD completo de usuários. Projeto pessoal com fins de estudo, focado em aprimorar habilidades em autenticação e segurança de usuários.

Topics

Resources

License

Stars

Watchers

Forks

Packages

 
 
 

Contributors