This project is a sample implementation of an authentication system that uses JSON Web Token to manage users' login data in Node.js web server.
Express.js, Mongoose, ES6 Syntax is used in this project.
Tutorial on this project is available at https://velopert.com/2448 (KOREAN)
- node.js 6.9.x
- npm 3.x
- MongoDB 3.0
- Install dependencies
npm install
- Rename
config.example.jstoconfig.js - Get a mongodb server and input
mongodbUriofconfig.js
npm start
POST /api/auth/register
{
username,
password
}
Description: creates a new user; first user will be assigned as an admin user. Password is stored in HMAC-SHA1 format
POST /api/auth/login
{
username,
password
}
Description: logs in to the server. Server will return a JWT token as:
{
"message": "logged in successfully",
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJfaWQiOiI1ODQ4MjU1NjJhOWRlMDE5NmM5MTI4ZmIiLCJ1c2VybmFtZSI6InRlc3RlciIsImFkbWluIjp0cnVlLCJpYXQiOjE0ODExMjMxNjMsImV4cCI6MTQ4MTcyNzk2MywiaXNzIjoidmVsb3BlcnQuY29tIiwic3ViIjoidXNlckluZm8ifQ.vh8LPqxYWJtO6Bxe7reL7sEon13dYFFnhpnyyEmaLBk"
}GET /api/auth/check or GET /api/auth/check?token={token}
Description: checks the JWT. Token should be passed as Url-encoded query or x-access-token header
APIs in user routes need admin's permission to process
GET /api/user/list
Description: retrieves all user list
POST /api/user/assign-admin/:username
Description: assigns admin permission to the given user
MIT License.
Copyright (c) 2016 velopert.