Role based authentication

Authentication service made for ExpressJS and MongoDB using JWT. We tried to make it as clean and structured as possible. We also provide this documentation on how to install and integrate it with your own application.

The code uses MongoDB, in case you are using another database there are few changes that has to be made to the configuration and the routes.

It is also not final and always open for reviews and enhancements, especially when it comes to security

Installation

$ git clone https://github.com/Allin-beta/role-based-auth.git
$ cd role-based-auth
$ npm install

After installing the required packages

• Browse to .env file and setup your mongo link, Secret and token expiration duration

DB=[mongodb_link]

SECRET=[32_bits_or_more_complex_secret]

TOKEN_EXPIRATION=[token_expiration_time_in_hours]

• Browse to http://localhost:3000/api to check if everything is working fine
• Signup and Login endpoints start from http://localhost:3000/api/auth

User:

http://localhost:3000/api/auth/signup http://localhost:3000/api/auth/login

Other roles: {admin, superadmin}

http://localhost:3000/api/auth/signup-[role] http://localhost:3000/api/auth/login-[role]

Structure

• It is preferred to add new feature folder inside controllers folder
• It is preferred to add role folder that exports all routes of that custom role

─── Controllers
	└─── auth
	│     └─── register
	│     └─── login
	|     └─── validate
	└─── feature 2 [you can add your own controller]
	└─── feature 3
─── Config
	└─── index.js [it takes configuration from .env]
	└─── roles.js [You add more roles here ]
─── Middlewares
	│
─── Models [It has only User Model]
	│
─── Routes
	│   └─── auth [It has all signup and login routes]
	│   └─── admin [All routes for admin]
	|	└─── [custom role 1]
	|	└─── [custom role 2]
	└─────── index.js [import all routes here]

The route takes 2 functions

• userAuth from Passport package
• CheckRole that does the role verification

router.get("/profile", userAuth, checkRole([ROLE.user]), async (req, res) => {
	res.status(200).json({ type: ROLE.user, user: serializeUser(req.user) });
});

Packages

All thanks goes to these packages that made role-based authentication possible.
Mongoose : Object modeling tool for MongoDB
Passport and passport-jwt : Authentication middleware for ExpressJS using strategies plugins like (passport-jwt)
jsonwebtoken : An implementation of JSON Web Tokens
joi: Description language for object schema and data validation
consola: Elegant Console Logger for Node.js
bcryptjs: Password encryption and decription library\

License

Permission is hereby granted to any person to use and edit the code.