Skip to content

taherx7/Auth_backend

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

2 Commits
backend
backend
Β 
Β 
LISENCE.md
LISENCE.md
Β 
Β 
README.md
README.md
Β 
Β 

Repository files navigation

πŸ” Auth System β€” Cookie-Based Authentication Backend (Node.js + Prisma)

This project is a secure, modular, and production-ready authentication system built with:

  • Node.js
  • Express
  • Prisma ORM
  • PostgreSQL
  • HTTP-only secure cookies for session-based authentication

It provides a clean and scalable foundation for any web app that needs:

βœ”οΈ User registration
βœ”οΈ Login with session cookies
βœ”οΈ Protected routes
βœ”οΈ Token rotation
βœ”οΈ Password hashing
βœ”οΈ Environment-based configuration
βœ”οΈ Safe DB access via Prisma

βš™οΈ What This Backend Includes

πŸ”‘ Cookie-Based Authentication

  • Uses HTTP-only, Secure, and SameSite cookies
  • Prevents XSS access to tokens
  • Sessions work automatically with the browser
  • No localStorage / JWT exposure

πŸ‘€ User System

  • Register new users
  • Login with email/password
  • Access protected routes using session cookies
  • Logout by clearing cookies

πŸ›‘οΈ Security Layer

  • Bcrypt password hashing
  • CSRF-safe cookie setup
  • Prisma schema validation
  • Optional Zod input validation

πŸ—‚οΈ Tech Stack

Layer Technology
Backend Node.js + Express
ORM Prisma
Database PostgreSQL
Auth Session cookies
Environment dotenv
Hashing bcryptjs
Deployment Ready

πŸš€ Purpose of This Project

This repository serves as a starter template for building full web applications that require authentication without exposing JWT tokens.

It is:

  • Beginner-friendly
  • Clean and modular
  • Structured for real-world usage
  • Great for boosting your GitHub portfolio
  • A strong backend base for any SaaS or dashboard

Common Use Cases:

  • Admin dashboards
  • SaaS platforms
  • Internal company tools
  • Full-stack projects (React, Vue, Next.js)
  • Mobile apps with API authentication

πŸ§ͺ API Testing Guide

Below are all the main authentication routes, ready to test with Postman, Thunder Client, or cURL.

πŸ‘‰ 1. Register a User

POST http://localhost:3000/auth/register
Content-Type: application/json
Example JSON body:

{
  "email": "test@test.com",
  "password": "mypassword"
}

πŸ‘‰ 2. Login (sets secure cookie)
POST http://localhost:3000/auth/login
Content-Type: application/json


Example JSON body:

{
  "email": "test@test.com",
  "password": "mypassword"
}


If login is successful:

A secure HTTP-only cookie will be automatically stored in your client

No need to manually copy tokens

Cookie is sent automatically with subsequent requests

πŸ‘‰ 3. Access Protected Route
GET http://localhost:3000/auth/me


Requirements:

Must send the cookie from login

Works automatically in browsers

In Postman: enable β€œSend Cookies” or use Cookie Jar

Example Response:

{
  "id": 1,
  "email": "test@test.com",
  "createdAt": "2025-01-15T15:21:51.124Z"
}

πŸ‘‰ 4. Logout
POST http://localhost:3000/auth/logout


Behavior:

Clears the HTTP-only session cookie

After logout, /auth/me will return 401 Unauthorized

About

Cookie-based authentication backend (Node.js + Prisma + PostgreSQL)

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages