Skip to content
/ type_orm_assignment Public

A full-stack authentication system built with NestJS (backend) and Next.js (frontend) featuring JWT authentication, session management, and multi-device support.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

abhishekprajapati1/type_orm_assignment

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
backend
backend
 
 
frontend
frontend
 
 
README.md
README.md
 
 
TASK_README.md
TASK_README.md
 
 

Repository files navigation

Authentication System For Mutual Funds Loan Application

A full-stack authentication system built with NestJS (backend) and Next.js (frontend) featuring JWT authentication, session management, and multi-device support.

🚀 Tech Stack

Backend:

  • NestJS 11
  • PostgreSQL
  • TypeORM
  • JWT Authentication
  • bcryptjs
  • Swagger API Documentation

Frontend:

  • Next.js 15
  • React 19
  • TanStack Query
  • Shadcn UI
  • Tailwind CSS
  • Zod Validation

✨ Features

  • ✅ User Registration & Login
  • ✅ JWT Access & Refresh Tokens
  • ✅ HttpOnly Cookie-based Authentication
  • ✅ Multi-device Session Management (Max 3 devices)
  • ✅ Token Blacklisting
  • ✅ Account Lockout (5 failed attempts, 15 min duration)
  • ✅ Device Tracking (IP, User-Agent, Platform)
  • ✅ Session Revocation (single & all devices)
  • ✅ Automatic Session Cleanup (Cron Jobs)
  • ✅ Environment Validation
  • ✅ Full TypeScript Support
  • ✅ Swagger API Documentation

📋 Prerequisites

  • Node.js 20+
  • PostgreSQL 14+
  • pnpm (recommended) or npm

🛠️ Backend Setup

1. Navigate to backend directory

cd backend

2. Install dependencies

pnpm install

3. Configure environment variables

Create a .env file:

DB_HOST=localhost
DB_PORT=5432
DB_USERNAME=postgres
DB_PASSWORD=your_password
DB_NAME=mutual_funds_loan
JWT_SECRET=your-super-secret-jwt-key-at-least-32-characters-long
JWT_EXPIRATION=1h
JWT_REFRESH_EXPIRATION=7d
MAX_LOGIN_ATTEMPTS=5
LOGIN_BLOCK_DURATION=900
PORT=8000
NODE_ENV=development

4. Create PostgreSQL database

psql -U postgres
CREATE DATABASE mutual_funds_loan;
\q

5. Run migrations

pnpm run migration:run

6. Start the backend server

# Development mode
pnpm run start:dev

# Production mode
pnpm run build
pnpm run start:prod

Backend will be running at: http://localhost:8000

Swagger Documentation: http://localhost:8000/api/docs

🎨 Frontend Setup

1. Navigate to frontend directory

cd frontend

2. Install dependencies

pnpm install

3. Start the development server

pnpm run dev

Frontend will be running at: http://localhost:3000

📚 API Endpoints

Authentication

  • POST /auth/register - Register new user
  • POST /auth/login - Login user
  • POST /auth/logout - Logout current session
  • POST /auth/logout-all - Logout from all devices
  • POST /auth/refresh - Refresh access token
  • GET /auth/profile - Get user profile (protected)

Session Management

  • GET /auth/sessions - Get active sessions (protected)
  • DELETE /auth/sessions/:id - Revoke specific session (protected)
  • POST /auth/cleanup/manual - Manual cleanup (protected)

🗄️ Database Schema

Users Table

  • id, email, password, firstName, lastName, phone, panNumber
  • isActive, loginAttempts, lockedUntil, lastLoginAt
  • createdAt, updatedAt

User Sessions Table

  • id, userId, sessionToken, refreshToken
  • deviceInfo (JSON), ipAddress, userAgent
  • isActive, expiresAt, lastAccessedAt, createdAt

Blacklisted Tokens Table

  • id, token, tokenType, reason, expiresAt, createdAt

🔐 Security Features

  • Password Hashing: bcrypt with 12 salt rounds
  • JWT Tokens: Secure access & refresh tokens
  • HttpOnly Cookies: Prevents XSS attacks
  • Token Blacklisting: Invalidates revoked tokens
  • Account Lockout: 5 failed attempts = 15 min lockout
  • Session Limits: Max 3 concurrent sessions per user
  • Automatic Cleanup: Cron jobs remove expired tokens/sessions
  • Environment Validation: Ensures required config exists

🧹 Cron Jobs

  • Every Hour: Cleanup expired blacklisted tokens
  • Every 6 Hours: Cleanup expired sessions
  • Daily (Midnight): Full cleanup of both tokens and sessions

🧪 Testing with Swagger

  1. Start the backend server
  2. Navigate to http://localhost:8000/api/docs
  3. Register a new user via /auth/register
  4. Login via /auth/login to get tokens
  5. Click "Authorize" and enter the access token
  6. Test protected endpoints

📦 Additional Scripts

Backend

pnpm run build              # Build for production
pnpm run format             # Format code with Prettier
pnpm run lint               # Lint code with ESLint
pnpm run migration:generate # Generate new migration
pnpm run migration:revert   # Revert last migration

Frontend

pnpm run build              # Build for production
pnpm run start              # Start production server
pnpm run lint               # Check code with Biome
pnpm run format             # Format code with Biome

About

A full-stack authentication system built with NestJS (backend) and Next.js (frontend) featuring JWT authentication, session management, and multi-device support.

Topics

authentication migrations nextjs typeorm interview-assignment nestjs-backend multi-device-login

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages