This project was inspired and based on the project node-auth by that showcases a way to implement auth features.
For more information on auth processes visit https://github.com/alex996/presentations/blob/master/auth.md and watch the accompanying video Authentication on the Web (Sessions, Cookies, JWT, localStorage, and more)
- login/logout/register + session expiry
- email verification (
"Confirm your email"
) - password reset (
"Forgot password"
) - password confirmation (
"Re-enter your password"
) - persistent login (
"Remember me"
) - account lockout (
"Too many failed login attempts"
) - rate limiting (
"Too many requests"
)
- MySQL as database
- MongoDB as session storage
- Both containerized
- Express as server application
- And typescript as language of choice
If you find any security related or other issues please do start a pull request
Install node.js
and Docker
Setup an ethereal account and get the email and password and replace the values in the .env file.
Visit https://ethereal.email/
Below is a sample configuration file create a .env
file in the root of the project and simply copy paste the example below or from the example.env file.
DO NOT: leave SESSION_REMEMBER_ME_MAX_AGE
SESSION_MAX_AGE
as empty KEY=
this will still be picked up by dotenv as a null or empty value and will cause cookie code to not work correctly so either provide the complete key value pair or just comment it out. Default values for many env variables are hardcoded in the server config.
################################## server variables ##################################
# optional default value is '3000' in server config
APP_PORT=3000
# optional default value is 'development' in server config
NODE_ENV=development
# optional default value is 'localhost' in server config
APP_HOSTNAME=localhost
# optional default value is 'http' in server config
APP_PROTOCOL=http
################################## security related variables ##################################
# optional default value is 12 in server config
SALT_ROUNDS=12
# optional default value is 'example' in server config
COOKIE_SECRET=example
# optional default value is 'okgr8' in server config
APP_SECRET=okgr8
# optional default value is 30 minutes converted to milliseconds in server config
# the maximum age of a session for a user
# unit is always milliseconds
# SESSION_MAX_AGE=
# optional default value is one week converted to milliseconds in server config
# the maximum age of a session when a user ticks the remember me checkbox
# unit is always milliseconds
# SESSION_REMEMBER_ME_MAX_AGE=
# optional default value is 'sid' in server config
SESSION_NAME=sid
# optional default value is '5 minutes' converted to milliseconds in server config
# the maximum age of a password reset link
# unit is always milliseconds
# PASSWORD_RESET_TIMEOUT=
# optional default value is '1 minute' converted to milliseconds in server config
# the maximum time after which on protected routes the app will ask a user for their password to contnue
# used for sensitive account settings etc.
# unit is always milliseconds
# CONFIRM_PASSWORD_TIME=
################################## mailer related variables ##################################
# you change the variables here according to the mailer service you choose
# optional default value is smtp.ethereal.email in server config
SMTP_HOST=smtp.ethereal.email
# optional default value is smtp.ethereal.email in server config
SMTP_PORT=587
# required there is no default in server config
# get your mail and password from ehtereal mail
SMTP_USER=<ADD YOUR EMAIL HERE>
# required there is no default in server config
SMTP_PASSWORD=<ADD YOUR EMAIL PASSWORD HERE>
# optional default value is 5m in server config
# the amount of time after which the email verficiation link will be invalid
# expressed in seconds or a string describing a time span zeit/ms. Eg: 60, "2 days", "10h", "7d"
# https://github.com/vercel/ms
EMAIL_VERIFICATION_EXPIRY_TIME=5m
################################### mysql db variables ###################################
# optional default value is 'simple' in compose file and server config
DATABASE_NAME=simple
# optional default value is 'localhost' in server config
DATABASE_HOST=localhost
# optional default value is 'example' in compose file and server config
DATABASE_PASSWORD=example
# optional default value is 'root' in compose file and server config
DATABASE_USER=root
# optional default value is '4050' in compose file and server config
DATABASE_PORT=4050
################################### mongo variables ###################################
# optional default value is 'session-cache' in compose file and server config
MONGO_DB_NAME=mongo-cache
# optional default value is 27017 in compose file and server config
MONGO_PORT=27017
# optional default value is 0.5 gb in compose file and server config
MONGO_CACHE_SIZE=0.5
# optional default value is localhost in server config
MONGO_HOST=localhost
# optional default value is 'root' in compose file and server config
MONGO_INITDB_ROOT_USERNAME=root
# optional default value is 'example' in compose file and server config
MONGO_INITDB_ROOT_PASSWORD=example
Then run npm install
in the root of project
Next (assuming docker is installed and running) run npm run up
After the containers are running run npm run dev
or npm run dev
Provided is a sample postman api for testing
SIDE NOTE : for passwords a schemavalidator is set such that password must contain at least one upper case letter, one lower case letter, one digit, one special character from _ or -, and have min length 8 and any ascii letter