This documentation describes the authentication and password reset functionalities. The routes include user registration, login, forgot password, and reset password functionality.
Vercel Deployment Link: Vercel Link
The API is based on the following base URL:
http://localhost:3000
This route allows a new user to register by providing a username, email, and password. The password is hashed using bcrypt before being stored in the database.
- URL:
/register - Method:
POST - Headers:
- Content-Type:
application/json
- Content-Type:
- Body Parameters:
{
"username": "string",
"email": "string",
"password": "string"
}-
Success Response:
-
Code:
201 Created -
Content:
{ "user": { "_id": "user_id", "username": "string", "email": "string", "password": "hashed_password" }, "token": "jwt_token" }
-
-
Error Response:
-
Code:
400 Bad Request(If the email already exists) -
Content:
{ "error": "User already exists" } -
Code:
500 Internal Server Error(On server error) -
Content:
{ "message": "Something went wrong" }
-
This route allows an existing user to log in by providing their email and password. It checks if the email exists and if the password matches the hashed password in the database.
- URL:
/login - Method:
POST - Headers:
- Content-Type:
application/json
- Content-Type:
- Body Parameters:
{
"email": "string",
"password": "string"
}-
Success Response:
-
Code:
200 OK -
Content:
{ "user": { "_id": "user_id", "username": "string", "email": "string" }, "token": "jwt_token" }
-
-
Error Response:
-
Code:
400 Bad Request(If the email does not exist or if the password is incorrect) -
Content:
{ "error": "User doesn't exist" } -
Code:
400 Bad Request(If the password is incorrect) -
Content:
{ "message": "Invalid Credentials" } -
Code:
500 Internal Server Error(On server error) -
Content:
{ "message": "Something went wrong" }
-
This route allows a user to request a password reset. The server sends a password reset link to the user's email with a JWT token that is valid for 15 minutes.
- URL:
/forgot-password - Method:
POST - Headers:
- Content-Type:
application/json
- Content-Type:
- Body Parameters:
{
"email": "string"
}-
Success Response:
-
Code:
200 OK -
Content:
{ "message": "Password reset link sent to email" }
-
-
Error Response:
-
Code:
404 Not Found(If the email does not exist) -
Content:
{ "message": "User not found" } -
Code:
500 Internal Server Error(On server error) -
Content:
{ "message": "Something went wrong" }
-
This route allows a user to reset their password by providing a valid JWT token and a new password. The token is verified, and the user's password is updated with the new hashed password.
- URL:
/reset-password - Method:
POST - Headers:
- Content-Type:
application/json
- Content-Type:
- Query Parameters:
{
"token": "jwt_token"
}- Body Parameters:
{
"newPassword": "string"
}-
Success Response:
-
Code:
200 OK -
Content:
{ "message": "Password reset successful" }
-
-
Error Response:
-
Code:
400 Bad Request(If the token is invalid or the user does not exist) -
Content:
{ "message": "Invalid token or user does not exist" } -
Code:
500 Internal Server Error(On server error) -
Content:
{ "message": "Something went wrong" }
-
Make sure to configure the following environment variables:
MONGO_URL=your_mongodb_connection_string
SECRET_KEY=your_jwt_secret_key
ADMIN_EMAIL=your_email@gmail.com
NODEMAILER_PASS=your_app_passsword
- 400 Bad Request: The server could not understand the request due to invalid syntax or incorrect user data.
- 500 Internal Server Error: The server encountered an unexpected condition that prevented it from fulfilling the request.
This API provides user authentication features, including registration, login, and password management (forgot and reset password). JWT tokens are used for both authentication and password reset functionality. The password reset link is sent via email using the sendEmail utility, which relies on Nodemailer.