A RESTful API microservice for user management, authentication, and permissions. Built with Node.js, Express, and MongoDB.
- User registration with OTP email verification
- Secure login and JWT-based authentication (access & refresh tokens)
- Permission management for admin/superuser
- Rate limiting and error handling
- Modular code structure for easy extension
- Node.js
- Express
- MongoDB (Mongoose)
- JWT (jsonwebtoken)
- Winston (logging)
- Zod (validation)
- Node.js >= 18
- MongoDB instance
- npm
-
Clone the repository:
git clone https://github.com/yourusername/usersvc.git cd usersvc -
Install dependencies:
npm install
-
Configure environment variables (see below).
Set the following variables in a .env file or your environment:
HTTP_PORT- Port for HTTP server (default: 3000)HTTP_HOST- Host for HTTP server (default: localhost)LOG_PATH- Path for log files (default: /var/log)MONGO_URL- MongoDB connection stringRUNTIME- "dev" or "prod"SECRET- Secret key for JWT signingREDIS_URL- Redis server URL for caching
Example .env:
HTTP_PORT=3000
HTTP_HOST=localhost
LOG_PATH=/var/log
MONGO_URL=mongodb://localhost:27017/usersvc
RUNTIME=dev
SECRET=your_jwt_secret
npm run start:devor
npm run start:prodThe server will run at http://HTTP_HOST:HTTP_PORT.
GET /ping
Returns "PONG"
Standard HTTP status codes and error messages are returned for all endpoints.
Custom errors:
- 400 Bad Request
- 401 Unauthorized
- 404 Not Found
- 409 Conflict
- 500 Internal Server Error
src/
application/services/ # Business logic
infrastructure/ # Config, logger, database
interfaces/http/ # Controllers, DTOs, routes, middlewares
shared/ # Common utilities and error classes
- Logging is verbose in
devmode. - Rate limiting is enabled (50 requests/minute).
- OTP codes expire after 2 minutes.
MIT
For issues or questions, open an issue or contact dev.dehghanpour@gmail.com.