Authentication Module
Opened this issue · 0 comments
Authentication Module
An authentication module's task is to verify the identity of users or entities accessing a system or service, ensuring only authorized access.
Database Structure
1. Table : users
| Field | Datatype | Required | Note |
|---|---|---|---|
| id | Int(8) | Yes | Primary Key |
| varchar(128) | Yes | Index | |
| password | varchar(128) | Yes | |
| firstname | varchar(128) | No | |
| lastname | varchar(128) | No | |
| username | varchar(128) | No | Index |
| country_code | int(8) | No | |
| mobile_number | varchar(32) | No | |
| verified_at | timestamp | No | |
| created_at | timestamp | Yes | Created timestamp |
| updated_at | timestamp | No | |
| deleted_at | timestamp | No | |
| created_by | Int(8) | No | |
| updated_by | Int(8) | No | |
| deleted_by | Int(8) | No |
Note
The users table will include only these specific fields. If you need to store additional user details, you should create a separate profile table with the relevant fields. This table will incorporate a user_id field to establish a one-to-one relationship.
2. Table : profile
Warning
Please note that the profile table is optional, you should only create it if you intend to include additional user-related fields.
| Field | Datatype | Required | Note |
|---|---|---|---|
| id | Int(8) | Yes | Primary Key |
| user_id | Int(8) | Yes | Foreign Key: users |
| created_at | timestamp | Yes | Created timestamp |
| updated_at | timestamp | No | |
| deleted_at | timestamp | No | |
| created_by | Int(8) | No | |
| updated_by | Int(8) | No | |
| deleted_by | Int(8) | No | |
| ... | ... | ... | All the other additional user-related fields |
3. Table : user_otps
| Field | Datatype | Required | Note |
|---|---|---|---|
| id | Int(8) | Yes | Primary Key |
| user_id | Int(8) | Yes | Index |
| otp | varchar(32) | Yes | |
| otp_for | enum('verification','reset_password') | Yes | Index |
| verified_at | timestamp | No | |
| created_at | timestamp | Yes | Created timestamp |
| updated_at | timestamp | No | |
| deleted_at | timestamp | No |
Role and Permission
By default, the system should have an admin and user role. Kindly use the Laravel Permission package for that.
Endpoints
Important
For all endpoints that require authentication, kindly ensure that the token is included in the Authorization header of the API request.
Base URL : api/v1/
| Endpoint | Method | Argument | Response | Authentication Required | Description |
|---|---|---|---|---|---|
| send-otp | Post | Send OTP | Send OTP response | No | Send the OTP to the email. |
| verify-otp | Post | Verify OTP | Verify OTP Response | Yes | Verify the OTP |
| signup | Post | SignUp Request | SignUp response | No | We will require email during the signup process, and to verify it the generated token will be stored in the user_otps table. |
| login | Post | Login Request | Login response | No | This endpoint is intended for user login using an email . |
| forgot-password | Post | Forgot Password Request | Forgot Password Response | No | It requires an email address to be provided. |
| reset-password | Post | Reset password Request | Reset Password Response | No | It requires either an email address to be provided. |
| me | Get | User Response | Yes | To retrieve the profile of the logged-in user, please include the token in the Authorization header of the API request. | |
| me | Post | Update Profile Request | User Response | Yes | |
| change-password | Post | Change Password Request | Success Response | Yes |
Request Object
- Send OTP params
{
email: String
}- Verify OTP params
{
used_for: String
otp: String
}- SignUp Request
{
email: String
password: String
firstname: String
lastname: String
username: String
country_code: Integer
mobile_number: String
}- Login Request
{
email: String
password: String
}- Forgot Password Request
{
email: String
}- Reset Password Request
{
email: String
otp: String
password: String
confirm_password: String
}- Update Profile Request
{
firstname: String
lastname: String
email: String
country_code: Integer
mobile_number: String
username: String
}- Change Password Request
{
current_password: String
password: String
confirm_password: String
}Response Object
- Success Response
{
status: Boolean
message: String
}- SignUp / Login Response
{
status: Boolean
message: String
token: String
user: UserObject
}- User Object
{
id: Integer
email: String
firstname: String
lastname: String
username: String
country_code: Integer
mobile_number: String
verified_at: DateTime
}