This API, built with Node.js, Express, and MongoDB, facilitates seamless user registration, account activation, and secure login functionalities. Utilizing JSON Web Tokens (JWT) for authentication and authorization, it ensures protected access to endpoints, offering a comprehensive solution for user management.
Make sure you have the following software installed on your machine:
- Node.js (version 14 or higher)
- npm (comes with Node.js)
- MongoDB (Install locally or use MongoDB Atlas for a cloud-based solution.)
- Git (optional but recommended)
-
Clone the repository:
git clone https://github.com/HamidByte/User-Registration-JWT-Auth.git
-
Navigate to the Project Directory:
cd User-Registration-JWT-Auth -
Install Dependencies:
npm install
-
Configure Environment Variables:
Create a .env file in the root of the project and set the variables:
-
Update Configurations:
Modify the configuration files in the
configdirectory according to your needs. -
Update your scripts in
package.jsonfor a cross-platform solution:If you are working in a Windows environment and using the Command Prompt, you should use the
setcommand to set environment variables."scripts": { "start": "nodemon index.js", "dev": "set NODE_ENV=development && nodemon index.js", "prod": "set NODE_ENV=production && nodemon index.js", }
If you are working in a Unix-like environment (Linux or macOS), you should use the
exportcommand to set environment variables."scripts": { "start": "nodemon index.js", "dev": "export NODE_ENV=development && nodemon index.js", "prod": "export NODE_ENV=production && nodemon index.js", }
Make sure to check your environment and use the appropriate command accordingly.
-
Run the Application:
-
For development:
npm start
or
npm run dev
-
For production:
npm run prod
The server will run at http://localhost:3000 by default.
- Endpoint:
/register - Method:
POST - Description: Register a new user with a first name, last name, email address, and password.
- Request Body:
{ "firstName": "John", "lastName": "Doe", "email": "john.doe@example.com", "password": "password123" } - Response:
{ "message": "User registered successfully. Please check your email for activation." }
- Endpoint:
/activate/:token - Method:
GET - Description: Activate a user account using the activation token sent via email.
- Parameters:
token: Activation token received via email.
- Response:
{ "message": "Account activated successfully." }
- Endpoint:
/resend-activation - Method:
POST - Description: Resend the activation link to a user who hasn't activated the account within the specified time.
- Request Body:
{ "email": "john.doe@example.com" } - Response:
{ "message": "Activation link resent successfully. Please check your email for activation." }
- Endpoint:
/login - Method:
POST - Description: Authenticate the user and generate a JWT token.
- Request Body:
{ "email": "john.doe@example.com", "password": "password123" } - Response:
{ "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...." }
- Endpoint:
/profile - Method:
GET - Description: Access the user's profile route. Requires a valid JWT token.
- Authorization Header: Bearer Token
- Response:
{ "message": "Profile route accessed by user with ID: <userId>" }
- Endpoint:
/forget-password - Method:
POST - Description: Initiate the process of resetting the user's password by sending a reset link to their email.
- Request Body:
{ "email": "john.doe@example.com" } - Response:
{ "message": "Reset link sent successfully. Please check your email." }
- Endpoint:
/reset-password/:token - Method:
POST - Description: Reset the user's password using the reset token sent via email.
- Parameters:
token: Reset token received via email.
- Request Body:
{ "newPassword": "newPassword123" } - Response:
{ "message": "Password reset successful." }
- Description: Catch-all route to handle 404 errors.
- Response:
{ "message": "Page not found" }
This catch-all route will respond with a 404 status and a JSON message indicating that the requested page is not found.
- Middleware Function:
verifyToken - Description: Verifies the JWT token included in the Authorization header. Applied to protected routes.
- Ensure to include the JWT token in the Authorization header as Bearer Token for protected routes.
- Use the provided activation link or resend-activation endpoint for account activation.
- For security reasons, keep sensitive information such as JWT secret keys and email credentials in a secure configuration file (e.g., environment variables).