Intermediate level implementation of JSON Web Token for authorization in Node JS application.
Features:
- Access token and refresh token stored in cookies from backend with httpOnly.
- Refresh token rotation as it also gets reissued while reissuing expired access token.
- Refresh token validation by storing the unique uuid of newly generated refresh token in the datababse.
- Password hashing with bcrypt.
- Incoming data validation with zod.
- Rate limiting.
To install:
- clone it
- cd JWT-authorization
- cd backend
- pnpm install
- create MongoDB database with 'users' collection
- pnpm run dev
Routes:
- Register: [POST] http://localhost:5000/api/auth/register (provide email and password)
- Login: [POST] http://localhost:5000/api/auth/login (provide email and password)
- Profile: [GET] http://localhost:5000/api/me/profile
- Logout: [GET] http://localhost:5000/api/auth/logout