JWTization is a web service that enables the authentication of the Users by making use of JWT Tokens. This includes actions such as Register, Login, View profile and Log Out. It is a simple Node.js Authentication-based Project.
A simple frontend website a setup for ease of understanding using EJS. The website is named as -> 'Web 51'. A user has to first register and then when the User enters correct LOGIN Credentials, a verification link (with JWT token embedded) is sent to the User. When User clicks on the Link, then he is authenticated and can access the personal/secret content.
Another variant of the Project focusses solely on the Authentication process rather than UI. When the data is sent to the "register" route, the User is registered into the Database. Afterwards, when user Logins with correct Credentials, a JWT token is generated. If the User tries to access the profile route without the token, access is denied. With JWT token passed in the Authorization Header, the User now can access the profile content. This can be tested using API testing tool such as POSTMAN.
A JSON web token(JWT) is JSON Object which is used to securely transfer information over the web(between two parties). It can be used for an authentication system and can also be used for information exchange.The token is mainly composed of header, payload, signature
Passport is authentication middleware for Node.js. Extremely flexible and modular, Passport can be unobtrusively dropped in to any Express-based web application. Passport.js has more than 500 authentication strategies for authentication and security. Passport-jwt is one of those strategies. It is a Middleware that enables the user to direct at the Protected Routes after authenticating with a JWT token. If the User possesses the JWT token, the login activity is successful, else not.
Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment. Mongoose supports both promises and callbacks. It is a powerful tool to handle database efficiently.
Nodemailer is a module for Node.js applications to ease the email sending processes. It is secure, Unicode support, multiple receipents capabilities etc. makes it more robust.
- Simple yet beautiful UI design
- Database enabled
- Register new User
- Password Encyrption
- Login Activity Authentication
- Email Verification Link to the user
- Access to the route only after authentication of token
- Authenticated only after JWT token is verified
- Profile Page
- Logout
- Runtime Environment: Node.js
- Back-end Framework: Express
- Database: MongoDB
- Database ODM : Mongoose
- Middleware: Passport.js
- Authentication Strategy : Passport-jwt
- Frontend : HTML, CSS, EJS
- Password Encyrption : BcryptJS
- Mailing Service: Nodemailer
- Database GUI : Robo3T
- API testing Tool: POSTMAN
git clone https://github.com/sohamsshah/JWTization
Node.js, NPM and MongoDB must have been installed to your local system. In the terminal, go to the Project directory and run command:
npm install
Set up the MongDB server and CLI by running th following commands in the terminal:
-
For MongoDB Local Server set up:
mongod -
For MongoDB CLI set up:
mongo
As discussed, this project is in two variants. (A) Authentication Service (tested with POSTMAN) and (B) Web 51 Website
(A) In order to use raw Authentitcation Service (tested with POSTMAN) ,
Write the code in server.js file as -> require('./routes/routes')(app,passport);
Comment out the complementary code. (Also explained the same in the server.js file in this repository)
In routes.js file, the routes of this project are defined. Other middleware authentication, user database, etc. are unchanged, so no other codes are modified.
(B) In order to avail the Web 51 Website Email-Verification Service ,
Write the code in the server.js file -> require('./routes/routes_2')(app,passport);
In routes_2.js file, the routes relating to the Email Verification Service + Authentication are defined along with the mailing service.
Other middleware authentication, user database, etc. are unchanged, so no other codes are modified.
nodemon server.js
In this "Gmail" is used as service. By default, the less secure apps/services are disallowed. Allow them by by clicking on this link
In .env file, there are 3 fields: GMAIL_ID : "your-gmail-id-here" GMAIL_PWD: "your-password-here" SECRET: "enter-any-long-string-for-encryption"
- Soham Shah (webFlayer 🎃)