A lightweight, self-hosted authentication and authorization micro-service built with Node.js and Express.
- 🔐 User Authentication (Signup/Login)
- 🎫 JWT Token Management
- 🔄 Token Refresh Mechanism
- 👥 Role-Based Access Control (RBAC)
- 📧 Email Verification
- 🔑 Password Reset
- 📝 Audit Logging
- 🛡️ Rate Limiting
- Runtime: Node.js
- Framework: Express.js
- Database: MongoDB
- Authentication: JWT (jsonwebtoken)
- Password Hashing: bcrypt
- Email Service: Nodemailer
- Rate Limiting: Express-rate-limit
- Node.js (v14 or higher)
- MongoDB
- npm or yarn
- Clone the repository
git clone [repository-url]- Install dependencies
npm install- Create a .env file in the root directory and add your environment variables
# Server Configuration
PORT=3000
NODE_ENV=development
# MongoDB Configuration
MONGODB_URI=mongodb://localhost:27017/gatepass
# JWT Configuration
JWT_SECRET=your-super-secret-jwt-key-change-in-production
JWT_REFRESH_SECRET=your-super-secret-refresh-key-change-in-production
JWT_ACCESS_EXPIRATION=15m
JWT_REFRESH_EXPIRATION=7d
# Email Configuration
SMTP_HOST=smtp.gmail.com
SMTP_PORT=587
SMTP_USER=your-email@gmail.com
SMTP_PASS=your-app-specific-password
# Rate Limiting
RATE_LIMIT_WINDOW_MS=900000
RATE_LIMIT_MAX_REQUESTS=100
# Logging
LOG_LEVEL=debug- Start the server
npm start- POST /api/auth/signup - Register a new user
- POST /api/auth/login - User login
- POST /api/auth/refresh - Refresh access token
- POST /api/auth/forgot-password - Request password reset
- POST /api/auth/reset-password - Reset password
- GET /api/auth/verify-email/:token - Verify email
- GET /api/users/profile - Get user profile
- PUT /api/users/profile - Update user profile
- GET /api/users - Get all users (Admin only)
- PUT /api/users/:id/role - Update user role (Admin only)
- Password hashing using bcrypt
- JWT-based authentication
- Rate limiting
- CORS protection
- Helmet security headers
- Input validation
- XSS protection