Auth Server

This repository is a backend skeleton — a base structure you can clone and grow into a full product. It is not only a minimal demo: it is an opinionated layout (entrypoint, config, models, controllers, APIs, utilities) that you extend with business logic, extra routes, and integrations.

The included domain is a REST authentication service in TypeScript: email/password accounts, Google Sign-In, email verification, password reset links, and JWT middleware — wired to MongoDB, bcrypt, jsonwebtoken, and Nodemailer (Gmail OAuth2) so you start from working auth flows instead of an empty index.js.

Use it as the foundation for any backend that needs users and sessions; add modules beside src/apis, new models, and shared services without restructuring from scratch.

Features

• Registration — Creates a user, stores a hashed password, generates a one-time token, and emails a verification link.
• Login — Validates credentials and returns a JWT (users must be verified first).
• Google login — Verifies a Google ID token server-side and returns a JWT (creates the user if they do not exist).
• Email verification — Link endpoint marks the account verified and removes the pending token.
• Password reset — Sends a reset link; the handler clears the password so the client can collect a new one (extend as needed).
• Auth middleware — Verifies JWT from the Authorization header for protected routes.

Tech stack

• Node.js (see package.json engines for the minimum version)
• Express — HTTP API
• TypeScript — Source in serve.ts and src/
• MongoDB + Mongoose — User and token documents
• jsonwebtoken, bcryptjs
• google-auth-library — Google ID token verification
• Nodemailer — Outbound email
• dotenv — Environment configuration

API overview

Method	Path	Purpose
POST	/api/registry	Register with name, email, password
POST	/api/login	Login with email, password
POST	/api/g-login	Login with Google ID token
POST	/api/password-reset	Request password reset email
GET	/api/user-verify/:userId/:token	Confirm email from link
GET	/api/reset/:userId/:token	Password reset flow from link

Protected routes can use the auth middleware with a JWT in the Authorization header.

Getting started

Prerequisites

• Node.js satisfying the engines.node field in package.json
• A running MongoDB instance (default URI is set in src/config/index.ts)

Install

yarn install

Environment

Copy .env.example to .env and fill in values. The app also expects a JWT signing secret as TOKEN_KEY (used in src/apis/auth.ts). Other typical variables:

Variable	Role
HTTP_PORT	Server port (default 5005 if unset)
TOKEN_KEY	Secret for signing and verifying JWTs
BASE_URL	Public base URL for links in emails (include trailing path as your routes need)
USER, SERVICE	Nodemailer / Gmail account
OAUTH_CLIENTID, OAUTH_CLIENT_SECRET, OAUTH_REFRESH_TOKEN, OAUTH_ACCESS_TOKEN	Gmail OAuth2 for sending mail; OAUTH_CLIENTID is also used for Google Sign-In

Adjust mongoURI in src/config/index.ts if your database is not local.

Run in development

yarn serve

The server listens on http://localhost:<HTTP_PORT> (see .env or default 5005).

Build

yarn build

Ensure a clean script exists if your build script calls it, or invoke tsc directly as needed.

Project layout (skeleton)

This is the intended spine of the backend: copy the same patterns when you add features.

• serve.ts — Express app entry, CORS, JSON body parsing, DB connect
• src/apis/ — HTTP route handlers (group new routers here)
• src/controllers/ — Data access layer for users and tokens (mirror this for new resources)
• src/models/ — Mongoose schemas
• src/config/ — App and database configuration
• src/utils/ — Shared helpers (e.g. email)

License

MIT