Backend server for the Learnonauts project with full user authentication system.
- Full user registration and authentication system
- Email verification workflow
- Password reset functionality
- JWT-based session management (persists until explicit logout)
- Gemini API proxy with secure key management
- Comprehensive user profile management
POST /api/register- Create a new user accountPOST /api/verify-email- Verify user's email addressPOST /api/login- Authenticate user and return JWT tokenPOST /api/forgot-password- Initiate password reset processPOST /api/reset-password- Complete password reset with new password
POST /api/update-email- Request to update user's email addressPOST /api/verify-new-email- Verify new email addressGET /api/me- Get current user's profile informationPUT /api/me- Update user's profile informationPOST /api/logout- Handle user logout (token invalidation)
POST /api/gemini- Proxy for Gemini API (requires authentication)
-
Install dependencies:
npm install
-
Set up environment variables:
# Create .env file cp .env.example .env # Add your Gemini API key GEMINI_API_KEY=your_api_key_here # Set JWT secret (for production, use a strong secret) JWT_SECRET=your_jwt_secret_here
-
Initialize the database:
npm run db:migrate
-
Start the server:
npm run dev # Development with auto-restart # or npm start # Production
The database schema is defined in the db/ folder. See db/README.md for details.
For the companion Expo app setup instructions, see EXPONENT-SETUP.md.
GEMINI_API_KEY- Your Gemini API keyJWT_SECRET- Secret for signing JWT tokens (default: 'fallback_jwt_secret_for_dev')PORT- Server port (default: 8787)
The authentication system uses JWT tokens that are valid for 30 days. Sessions persist across app restarts until the user explicitly logs out. The token should be stored securely on the client and included in the Authorization header as a Bearer token for protected endpoints.