[Backend Intern] Auth System Setup - Ruby Rana

[RUBY1232003]

🚀 Project Title
Authentication System for Trading Platform

Role: Backend Intern
Contributor: Ruby Rana

---

🛠️ Technologies Used

Stack	Description
Node.js	JavaScript runtime environment
Express.js	web framework for Node.js
MongoDB	NoSQL database to store user data
Mongoose	ODM for MongoDB
JWT	Authentication via token
dotenv	Manages environment variables
express-validator	Validates incoming request payloads

---

⚙️ Core Features

✅ User Registration

• Users can register by submitting:
  • fullName
  • email (must be unique)
  • password

🔐 User Login

• Validates credentials (email + password)
• If valid, returns a JWT token valid for 1 hour
• The token is used to authenticate future requests

🔑 Token-Based Authentication

• JWT is used to manage sessions
• Token is generated at login and sent in the Authorization header
• Middleware verifies token validity

🔒 Protected Route: /api/user/profile

• Requires a valid JWT
• Returns the authenticated user's profile (excluding password)
• Ensures only logged-in users access their info

🔁 Password Reset Flow

Step 1: POST /api/auth/reset-password

• User submits email
• Backend generates a short-lived reset token
• Token is returned (in real apps, it would be emailed)

Step 2: POST /api/auth/new-password

• User submits reset token and new password
• Backend verifies token, updates password

🚪 Logout Endpoint

• Clears or invalidates token on frontend (for stateless JWT)
• No token is returned on logout

---

🧪 Testing Instructions

• Use Postman, Thunder Client, or cURL
• Set method and URL (e.g., POST http://localhost:3000/api/auth/register)
• Set header: Content-Type: application/json
• Pass body as raw JSON

---

🧪 API Testing with Postman

✅ Register API

✅ Login API

✅ Profile API

✅ Reset Password API

✅ New password API

✅ Logout API