A robust, production-ready authentication microservice system built with the MERN stack, featuring secure user registration, login, email verification, and password reset functionality with complete Swagger API Documentation.
🚀 Interactive API Documentation: http://localhost:4000/api-docs
Complete Swagger UI documentation with:
- Interactive API testing interface
- Request/response schemas and examples
- Authentication flow documentation
- Error response details
- Real-time API exploration
- Secure Authentication: JWT-based authentication with HTTP-only cookies
- Email Verification: OTP-based email verification system
- Password Reset: Secure password reset with email OTP
- API Documentation: Complete Swagger UI documentation
- Input Validation: Comprehensive data validation and sanitization
- Security Best Practices: bcrypt password hashing, CORS protection, secure headers
- Production Ready: Environment-based configurations and error handling
- RESTful API: Clean, well-structured API endpoints
- Node.js - Runtime environment
- Express.js - Web application framework
- MongoDB - NoSQL database with Mongoose ODM
- JWT - Secure token-based authentication
- bcryptjs - Password hashing and validation
- Nodemailer - Email service integration
- Swagger UI - Interactive API documentation
- swagger-jsdoc - JSDoc to Swagger conversion
- swagger-ui-express - Swagger UI middleware
- CORS - Cross-origin resource sharing
- Cookie Parser - Secure cookie handling
- Input Sanitization - Email normalization and validation
- Environment Variables - Secure configuration management
POST /api/auth/register # User registration
POST /api/auth/login # User login
POST /api/auth/logout # User logout
POST /api/auth/send-verify-otp # Send email verification OTP
POST /api/auth/verify-account # Verify user email
POST /api/auth/send-reset-otp # Send password reset OTP
POST /api/auth/verify-password-otp # Verify password reset OTP
POST /api/auth/reset-password # Reset user password
GET /api/auth/get-user-details # Get authenticated user details
- Password Hashing: bcrypt with salt rounds for secure password storage
- JWT Authentication: Secure token-based authentication with expiration
- HTTP-Only Cookies: Prevents XSS attacks by making tokens inaccessible to JavaScript
- CORS Protection: Configured for specific origins with credentials support
- Input Sanitization: Email normalization and comprehensive validation
- Environment-based Security: Production-ready security configurations
server/
├── config/
│ ├── mongodb.js # Database configuration
│ ├── nodemailer.js # Email service setup
│ └── swagger.js # Swagger documentation config
├── controllers/
│ └── authController.js # Authentication logic
├── middleware/
│ └── userAuth.js # JWT verification middleware
├── models/
│ └── userModel.js # User schema and model
├── routes/
│ └── authRoute.js # API route definitions with Swagger docs
└── server.js # Application entry point
-
Clone the repository
git clone https://github.com/karanhimadri/MERN-Authentication.git cd MERN-Authentication/server -
Install dependencies
npm install
-
Environment setup
# Create .env file with: PORT=4000 MONGO_URI=mongodb+srv://<username>:<password>@cluster.mongodb.net/mearn-auth JWT_SECRET=your_jwt_secret_key NODE_ENV=development SENDER_EMAIL=your_email@example.com SMTP_USER=your_smtp_user@smtp-provider.com SMTP_PASS=your_smtp_password
-
Start the server
npm start
-
Access API Documentation
Open your browser and visit: http://localhost:4000/api-docs
- Scalable Architecture: Modular design following MVC pattern
- Production Deployment: Docker containerization and environment configurations
- Code Quality: Clean, maintainable code with proper error handling
- Security First: Implementation of industry-standard security practices
- API Design: RESTful endpoints with consistent response formatting
Karan Himadri
Full Stack Developer
📧 karanhimadri@email.com
🔗 LinkedIn
🐱 GitHub
This project demonstrates proficiency in modern web development practices, secure authentication implementation, and full-stack development capabilities.