Authentication Server

A production-ready authentication API built with Express.js, TypeScript, and Prisma ORM featuring JWT token management, refresh token rotation, and comprehensive security monitoring.

Features

• Secure Authentication: JWT-based authentication with refresh token rotation
• User Management: Registration, login, password changes, and profile management
• Security Monitoring: Login attempt tracking, audit logging, and brute force protection
• Database Integration: PostgreSQL with Prisma ORM
• API Documentation: Interactive Swagger/OpenAPI documentation
• Production Ready: Comprehensive logging, error handling, and health checks

Quick Start

Prerequisites

• Node.js 20+
• PostgreSQL database
• pnpm (recommended) or npm

Installation

# Clone and install dependencies
pnpm install

# Set up environment variables
cp .env.example .env
# Edit .env with your database URL and JWT secrets

# Generate Prisma client and run migrations
pnpm db:generate
pnpm db:migrate
pnpm db:seed

# Start development server
pnpm dev

Environment Variables

NODE_ENV=development
PORT=3000
DATABASE_URL=postgresql://user:password@localhost:5432/auth_db
JWT_SECRET=your-super-secure-jwt-secret-min-32-chars
JWT_EXPIRES_IN=24h
JWT_REFRESH_SECRET=your-super-secure-refresh-secret-min-32-chars
JWT_REFRESH_EXPIRES_IN=7d
ALLOWED_ORIGINS=http://localhost:3000,http://localhost:5173

API Endpoints

Authentication

• POST /api/auth/register - Create new account
• POST /api/auth/login - Authenticate user
• POST /api/auth/refresh - Refresh access token
• POST /api/auth/logout - Logout user

User Management

• GET /api/auth/me - Get current user profile
• POST /api/auth/change-password - Change password
• GET /api/auth/devices - List active sessions

System

• GET /health - Health check
• GET /api/docs - API documentation

Database Schema

The system uses PostgreSQL with the following main tables:

• users - User accounts and profiles
• refresh_tokens - JWT refresh tokens with rotation
• login_attempts - Security monitoring
• audit_logs - Comprehensive activity tracking
• password_resets - Password reset tokens
• email_verifications - Email verification tokens

Security Features

• Password Security: bcrypt hashing with 12 salt rounds
• Token Management: JWT with automatic refresh token rotation
• Rate Limiting: Configurable limits on authentication endpoints
• Audit Logging: Complete activity tracking for compliance
• Input Validation: Zod schema validation on all inputs
• CORS Protection: Configurable origin restrictions

Scripts

# Development
pnpm dev              # Start with hot reload
pnpm dev:debug        # Start with debugger

# Database
pnpm db:generate      # Generate Prisma client
pnpm db:push          # Push schema changes
pnpm db:migrate       # Run migrations
pnpm db:studio        # Open Prisma Studio
pnpm db:seed          # Seed test data

# Production
pnpm build            # Build for production
pnpm start            # Start production server

# Quality
pnpm type-check       # TypeScript validation
pnpm lint             # ESLint check

Test Credentials

After running pnpm db:seed:

Email: admin@example.com
Email: user@example.com
Password: TestPassword123!

API Documentation

Interactive API documentation is available at /api/docs when the server is running.

Architecture

• Express.js: Web framework with TypeScript
• Prisma ORM: Type-safe database access
• JWT: Stateless authentication with refresh tokens
• Pino: Structured logging
• Zod: Runtime type validation
• Swagger: API documentation

Production Deployment

1. Set NODE_ENV=production
2. Configure secure JWT secrets (32+ characters)
3. Set up PostgreSQL database
4. Configure CORS origins
5. Enable helmet security headers
6. Set up proper logging aggregation

License

MIT