The Two-Factor Authentication (2FA) API is designed to provide a secure authentication mechanism for users. It utilizes a combination of username/password authentication along with OTP (One-Time Password) generated by authenticator apps like Google Authenticator. The API allows users to register, login, enable 2FA, verify 2FA, and refresh authentication tokens.
-
User Registration:
- Allows new users to register by providing a username, name, and password.
- Passwords are securely hashed using bcrypt before storing in the database.
- Validates input fields to ensure completeness.
-
User Login:
- Enables existing users to log in by providing their username and password.
- Checks the provided credentials against the stored hashed password in the database.
- Sends authentication tokens upon successful login for subsequent requests.
-
Enable Two-Factor Authentication:
- Allows users to enable 2FA for their accounts.
- Generates a unique secret key and a corresponding TOTP URI for each user.
- Generates a QR code containing the TOTP URI for scanning with authenticator apps.
-
Verify Two-Factor Authentication:
- Verifies the OTP (One-Time Password) provided by the user against the secret key stored for 2FA.
- If the OTP is valid, marks the user's account as 2FA enabled and verified.
-
Validate OTP:
- Validates the OTP provided by the user during the login process.
- Ensures the OTP matches the one generated by the authenticator app for the user's account.
-
Refresh Token:
- Allows users to refresh their authentication tokens using a refresh token.
- Generates a new access token if the refresh token provided is valid.
-
Middleware:
- Includes middleware for protecting routes that require authentication.
- Verifies the access token provided in the request header and sets
req.userwith the user's information if valid.
@prisma/client: ORM for database interaction.bcrypt: Library for password hashing.express: Web framework for building the API.otpauth: Library for generating and validating OTPs.qrcode: Library for generating QR codes.jsonwebtoken: Library for token generation and verification.cors: Middleware for enabling Cross-Origin Resource Sharing.
- The API can be run locally by installing dependencies and starting the server.
- Endpoints can be accessed using HTTP requests with appropriate parameters.
- Detailed endpoint descriptions and usage instructions are provided in the API documentation.
This descriptive report outlines the functionality, features, dependencies, usage instructions, and contribution guidelines for the Two-Factor Authentication API. It serves as a comprehensive guide for understanding and contributing to the project.