Koa API has a fleshed-out user login, signup, forgot password, email verification system using JWT, includes example seed data for users, and the following technologies listed below.
- Koa 2.13.0
- Fully written using async/await & Classes
- Koa-Router
- Koa-Bodyparser
- KCors
- Koa-Json-Error for JSON requests/responses
- Bcrypt
- Sendgrid for emails
- Nodemon for running in development
- Babel
- PM2 for running in production
- MongoDB with Mongoose (mongoose validation)
- Seed data for testing app
- Password recover system with token
- *UPDATED Authentication with JWT token and refreshToken stored in secure cookies
###Important! rename example.env to .env and enter your credentials also make sure you have mongoDB running.
# install dependencies
npm install
# Development with nodemon with hot reload
npm start
# build for production with prettier and babel
npm run build
# serve in production using pm2
npm run live
# run prettier on the project
npm run pretty
# run tests
npm run test
# Rund seed data !important will rewrite MongoDB data ##
npm run seed
User authentication process:
- User creates an account
- User verifies email
- User logs in
- The server sets both
token
andrefreshToken
on a secure cookie - We take the
token
and decode it usingjwt-decode
. This gets us the logged-in user's information` - If the token expires and the refreshToken is still valid we issue a new token.
Yep, PM2 is awesome on production.
The src
folder is the heart of the program.
We use controllers to keep our router thin.
The controller's responsibility is to manage the request body and make sure it's nice and clean when it eventually
gets sent to a model
to make database calls.
MongoDB with Mongoose for speed and fairly easy to used.
The custom middleware we're using is based on the koa-jwt
library.
Our models folder where database calls are made and validation is performed
This is where we do authentication for restricted URL
index.js it's the brain of the app.
copyright 2001 Oscar Quinteros