A modern, full-stack authentication system built with the MERN stack (MongoDB, Express.js, React, Node.js). This project provides a complete user authentication solution with secure password management, email verification, and a beautiful, responsive user interface.
- User Registration & Login with email validation
- JWT Token-based Authentication with HTTP-only cookies
- Password Reset via Email with secure token generation
- Password Hashing using bcrypt with salt rounds
- Protected Routes with middleware authentication
- Secure Logout with token cleanup
- Responsive Design that works on all devices
- Glassmorphism Effects with modern CSS gradients
- Loading States and smooth animations
- Error Handling with user-friendly messages
- Professional Email Templates for password reset
- HTTP-Only Cookies for token storage
- CORS Configuration for cross-origin security
- Input Validation on both client and server
- Error Sanitization to prevent information leakage
- Token Expiration with automatic cleanup
Before you begin, ensure you have the following installed:
-
Clone the repository
git clone https://github.com/yourusername/mern-auth-system.git cd mern-auth-system -
Install server dependencies
cd server npm install -
Install client dependencies
cd ../client npm install -
Environment Configuration
Create a
.envfile in theserverdirectory:PORT=3000 KEY=your_jwt_secret_key_here # Email Configuration (Gmail) EMAIL_USER=your-email@gmail.com EMAIL_PASS=your-app-specific-password # MongoDB Configuration MONGODB_URI=mongodb://127.0.0.1:27017/authentication
π§ Email Setup Guide:
- Enable 2-Factor Authentication on your Gmail account
- Generate an App-Specific Password: Google Account Settings
- Use the generated password in
EMAIL_PASS
-
Start MongoDB
# On Windows net start MongoDB # On macOS (with Homebrew) brew services start mongodb-community # On Linux sudo systemctl start mongod
-
Run the application
Start the server (Terminal 1):
cd server npm startStart the client (Terminal 2):
cd client npm run dev -
Access the application
- Frontend: http://localhost:5173
- Backend API: http://localhost:3000
Beautiful landing page with authentication status detection and smooth navigation.
Modern login and registration forms with real-time validation and error handling.
Protected user dashboard with user information and secure logout functionality.
Professional email-based password reset flow with secure token validation.
mern-auth-system/
βββ client/ # React Frontend
β βββ public/
β βββ src/
β β βββ Components/ # React Components
β β β βββ Dashboard.jsx # Protected Dashboard
β β β βββ ForgotPassword.jsx
β β β βββ Home.jsx # Landing Page
β β β βββ Login.jsx # Login Form
β β β βββ ResetPassword.jsx
β β β βββ Signup.jsx # Registration Form
β β βββ App.jsx # Main App Component
β β βββ App.css # Styling
β β βββ main.jsx # Entry Point
β βββ package.json
β βββ vite.config.js
βββ server/ # Node.js Backend
β βββ models/
β β βββ User.js # User Schema
β βββ routes/
β β βββ user.js # Authentication Routes
β βββ .env # Environment Variables
β βββ index.js # Server Entry Point
β βββ package.json
βββ README.md
| Method | Endpoint | Description | Authentication |
|---|---|---|---|
POST |
/signup |
Register new user | β |
POST |
/login |
User login | β |
POST |
/forgot-password |
Request password reset | β |
POST |
/reset-password/:token |
Reset password with token | β |
GET |
/verify |
Verify JWT token | β |
GET |
/logout |
User logout | β |
User Registration:
POST /auth/signup
Content-Type: application/json
{
"username": "johndoe",
"email": "john@example.com",
"password": "securePassword123"
}User Login:
POST /auth/login
Content-Type: application/json
{
"email": "john@example.com",
"password": "securePassword123"
}- React 18.3.1 - Modern React with Hooks
- Vite 5.3.2 - Fast build tool and development server
- React Router DOM 6.23.1 - Client-side routing
- Axios 1.7.2 - HTTP client for API requests
- CSS3 - Modern styling with gradients and animations
- Node.js - JavaScript runtime environment
- Express.js 4.19.2 - Web application framework
- MongoDB - NoSQL database
- Mongoose 8.4.3 - MongoDB object modeling
- JWT - JSON Web Token for authentication
- bcrypt 5.1.1 - Password hashing library
- Nodemailer 6.9.14 - Email sending functionality
- CORS - Cross-Origin Resource Sharing
- Nodemon - Development server auto-restart
- ESLint - Code linting and formatting
- Vite - Fast frontend build tool
| Variable | Description | Example |
|---|---|---|
PORT |
Server port number | 3000 |
KEY |
JWT secret key | your_jwt_secret_key |
EMAIL_USER |
Gmail address for sending emails | app@gmail.com |
EMAIL_PASS |
Gmail app-specific password | abcd efgh ijkl mnop |
MONGODB_URI |
MongoDB connection string | mongodb://localhost:27017/auth |
- Enable 2-Step Verification on your Google Account
- Generate App Password:
- Go to Google Account Settings
- Security β 2-Step Verification β App passwords
- Select "Mail" and "Other (Custom name)"
- Copy the generated 16-character password
- Use the app password in your
.envfile
-
Build the project:
cd client npm run build -
Deploy the
distfolder to your hosting platform
- Add production environment variables
- Update CORS origins for production URLs
- Use MongoDB Atlas for production database
NODE_ENV=production
PORT=process.env.PORT
MONGODB_URI=mongodb+srv://username:password@cluster.mongodb.net/database
FRONTEND_URL=https://your-frontend-domain.com- User can register with valid credentials
- User cannot register with existing email
- User can login with correct credentials
- User cannot login with incorrect credentials
- Password reset email is sent successfully
- Password reset token works correctly
- Protected routes require authentication
- Logout clears authentication state
Import the provided Postman collection for comprehensive API testing:
# Test user registration
POST http://localhost:3000/auth/signup
# Test user login
POST http://localhost:3000/auth/login
# Test token verification
GET http://localhost:3000/auth/verifyWe welcome contributions! Please follow these steps:
- Fork the repository
- Create a feature branch:
git checkout -b feature/amazing-feature - Commit your changes:
git commit -m 'Add amazing feature' - Push to the branch:
git push origin feature/amazing-feature - Open a Pull Request
- Follow the existing code style and conventions
- Add comments for complex logic
- Update documentation for new features
- Ensure all tests pass before submitting
1. Email not sending:
# Check email configuration
curl -X GET http://localhost:3000/auth/test-email2. MongoDB connection issues:
# Verify MongoDB is running
mongosh --eval "db.adminCommand('ismaster')"3. CORS errors:
- Ensure frontend URL is added to CORS origins
- Check that credentials are included in requests
4. JWT token issues:
- Verify JWT secret key in environment variables
- Check token expiration times
Enable debug logging by adding to your .env:
DEBUG=true
NODE_ENV=developmentThis project is licensed under the MIT License - see the LICENSE file for details.
- React Documentation - For excellent React guidance
- Express.js Guide - For backend development patterns
- MongoDB Documentation - For database best practices
- JWT.io - For JWT implementation reference
- Lines of Code: ~2,000+
- Components: 6 React components
- API Endpoints: 6 authentication routes
- Security Features: 8+ implemented
- Browser Support: All modern browsers
β Star this repository if you found it helpful!
Happy Coding! π