Skip to content

neo-ngd/Neofura-authservice

 
 

Repository files navigation

NAS = Neofrura Auth Service

This project is implemented with Nestjs v6.9.0, MongoDB and PassportJs

Getting started

Install nodejs and mongodb in your machine.

Install dependencies with npm and run the application:

npm install
npm run start

Deploy using Docker

Before deploy the app in a container set the right configuration as explained in the section below, and then you can run:

docker-compose up -d

It will generate 3 containers:

  • nestjs: nodejs application -> localhost:3000 (you can change the port in the docker-compose.yml)
  • mongodb: database -> expose 27017 in the container network but not reacheable from outside.
  • mongo-express: a web-based MongoDB admin interface -> localhost:8081

You can edit the config is in docker-compose.yml.
❗ Note: For security reason, remember to change the db password in docker-compose.yml and in config.ts file, and to change the mongo-express password to access the console.

Configuration File

You can find a config.ts file in the root of the project.
Before run the server set your db configuration (according you are using docker or not) and your 📧 Nodemailer options to be able to send emails for registration:

# Docker Example #
"db": {
    "user": "root",
    "pass": "example",
    "host": "mongo",
    "port": "27017",
    "database": "testdb",
    "authSource": "admin"
}

# Local nodejs Example #
"db": {
   "user": null,
   "pass": null,
   "host": "localhost",
   "port": "27017",
   "database": "testdb",
   "authSource": null
}

...  

"host": {
    "url": "<server-url>",  //This link is used to redirect users to your server to confirm their email address (link via email)
    "port": "3000"
},

...

"mail":{
    "host": "<smtp-host>", //Nodemailer settings (go to the nodemailer documentation for further informations) - You need to set up this to make the signup api start working
    "port": "<port>",
    "secure": false,
    "user": "<username>",
    "pass": "<password>"
}

API

Server will listen on port 3000, and it expose the following APIs:

  • POST - /auth/email/register - Register a new user

    • email - string
    • password - string
    • name - string (optional)
    • surname - string (optional)
  • POST - /auth/email/login - Login user

    • email - string
    • password - string
  • GET - /auth/email/verify/:token - Validates the token sent in the email and activates the user's account

  • GET - /auth/email/resend-verification/:email - Resend verification email

  • GET - /auth/email/forgot-password/:email - Send a token via email to reset the password

  • POST - /auth/email/reset-password - Change user password

    • newPassword - string
    • newPasswordToken - string (token received by forgot-password api)
  • GET - /auth/users - Returns all users (must be logged in)

  • GET - /users/user/:email - Returns selected user info (must be logged in)

  • POST - /users/profile/update - Update user info

    • name - string
    • surname - string
    • phone - string
    • email - string
    • birthdaydate - Date
    • profilepicture - string (base64)
  • POST - /users/gallery/update - Add/Remove user photos

    • email - string
    • action - string ('add' or 'remove')
    • newPhoto - object (only for case 'add')
      • imageData - string (base64)
      • description - string
    • photoId - string (base64) (only for case 'remove')
  • POST - settings/update - Update user settings

    • email - string
    • settingsKey1 - string (Value1)
    • settingsKey2 - string (Value2)
    • ...

Passport JWT strategy

This project use JSON Web Token (JWT) Bearer Token as authentication strategy for Passport. The login API returns an access_token that you have to use to send a correct authorization header in calls that require authentication. You can find an example with postman here

Login response:

{
   ...
  "data": {
      "token": {
          "expires_in": "3600",
          "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...._DkYJJh4s"
      },
  ...
}

Authorization header example:

 Authorization → Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...._DkYJJh4s

Logger

All request and response are logged so this can help you to debug in production. If you use pm2 as process manager, I suggest you to install pm2-logrotate in your server.

Security

The project implements some of nodejs security techniques :

  • Helmet : can help protect your app from some well-known web vulnerabilities by setting HTTP headers appropriately
  • Express Rate Limit: to protect your applications from brute-force attacks
    • In the main.ts you can set a limit of requests in a time window (default is 100 requests in 15 minutes for all endpoints, and 3 requests in a 1 hour for sign up endpoint)

Copyright

Licensed under the MIT license.

About

No description, website, or topics provided.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • TypeScript 98.4%
  • Shell 1.1%
  • Other 0.5%