search

Its-Aman-Yadav / Community-Site

This is open source village community site
https://community-site-theta.vercel.app/
MIT License
125 stars 279 forks source link

JWT Authentication for Secure User Access using Node js Express Js and MongoDB [ Backend ] #1473

Open Abhishek-TG18 opened 1 day ago

Abhishek-TG18 commented 1 day ago

Describe the feature

The JWT Authentication feature allows secure and stateless user authentication in a Node.js backend. It works by generating a JSON Web Token (JWT) upon successful login, which is used for authenticating subsequent requests.

User Registration: When a user signs up, their credentials (like username and password) are securely stored in a MongoDB database. Passwords are encrypted using bcryptjs to ensure they are not stored in plain text.

User Login: During login, the backend verifies the user's credentials by comparing the hashed password stored in the database. Upon successful validation, the backend generates a JWT, which is signed using a secret key stored in environment variables. This JWT is sent back to the client.

Protected Routes: Certain routes in the application (such as profile information or dashboard access) are protected and can only be accessed by authenticated users. These routes require the client to pass the JWT in the Authorization header of the HTTP request. The token is then verified by the backend using the same secret key. If the token is valid, access is granted.

Token Expiry and Refresh: Tokens can be set to expire after a certain period (e.g., 1 hour) for security purposes. The client will need to log in again or use a refresh token strategy to obtain a new JWT.

JWT Structure: The JWT typically contains the user’s ID and other necessary payload data (e.g., user role) to allow the backend to authenticate and authorize access to resources. The token consists of three parts:

Header: Specifies the type of token and the signing algorithm used. Payload: Contains claims, which include user details and metadata. Signature: Verifies that the token hasn’t been tampered with.

Add ScreenShots

Screenshot (106) NO LOGINING IN AFTER entering credentails

Record

github-actions[bot] commented 1 day ago

Congratulations, @Abhishek-TG18! 🎉 Thank you for creating your issue. Your contribution is greatly appreciated and we look forward to working with you to resolve the issue. Keep up the great work!

We will promptly review your changes and offer feedback. Keep up the excellent work! Kindly remember to check our contributing guidelines

Abhishek-TG18 commented 1 day ago

Please add gsoc-ext and hacktoberfest tag