Skip to content

taherx7/Auth_backend

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

ย 

History

2 Commits
backend
backend
ย 
ย 
LISENCE.md
LISENCE.md
ย 
ย 
README.md
README.md
ย 
ย 

Repository files navigation

๐Ÿ” Auth System โ€” Cookie-Based Authentication Backend (Node.js + Prisma)

This project is a secure, modular, and production-ready authentication system built with:

  • Node.js
  • Express
  • Prisma ORM
  • PostgreSQL
  • HTTP-only secure cookies for session-based authentication

It provides a clean and scalable foundation for any web app that needs:

โœ”๏ธ User registration
โœ”๏ธ Login with session cookies
โœ”๏ธ Protected routes
โœ”๏ธ Token rotation
โœ”๏ธ Password hashing
โœ”๏ธ Environment-based configuration
โœ”๏ธ Safe DB access via Prisma

โš™๏ธ What This Backend Includes

๐Ÿ”‘ Cookie-Based Authentication

  • Uses HTTP-only, Secure, and SameSite cookies
  • Prevents XSS access to tokens
  • Sessions work automatically with the browser
  • No localStorage / JWT exposure

๐Ÿ‘ค User System

  • Register new users
  • Login with email/password
  • Access protected routes using session cookies
  • Logout by clearing cookies

๐Ÿ›ก๏ธ Security Layer

  • Bcrypt password hashing
  • CSRF-safe cookie setup
  • Prisma schema validation
  • Optional Zod input validation

๐Ÿ—‚๏ธ Tech Stack

Layer Technology
Backend Node.js + Express
ORM Prisma
Database PostgreSQL
Auth Session cookies
Environment dotenv
Hashing bcryptjs
Deployment Ready

๐Ÿš€ Purpose of This Project

This repository serves as a starter template for building full web applications that require authentication without exposing JWT tokens.

It is:

  • Beginner-friendly
  • Clean and modular
  • Structured for real-world usage
  • Great for boosting your GitHub portfolio
  • A strong backend base for any SaaS or dashboard

Common Use Cases:

  • Admin dashboards
  • SaaS platforms
  • Internal company tools
  • Full-stack projects (React, Vue, Next.js)
  • Mobile apps with API authentication

๐Ÿงช API Testing Guide

Below are all the main authentication routes, ready to test with Postman, Thunder Client, or cURL.

๐Ÿ‘‰ 1. Register a User

POST http://localhost:3000/auth/register
Content-Type: application/json
Example JSON body:

{
  "email": "test@test.com",
  "password": "mypassword"
}

๐Ÿ‘‰ 2. Login (sets secure cookie)
POST http://localhost:3000/auth/login
Content-Type: application/json


Example JSON body:

{
  "email": "test@test.com",
  "password": "mypassword"
}


If login is successful:

A secure HTTP-only cookie will be automatically stored in your client

No need to manually copy tokens

Cookie is sent automatically with subsequent requests

๐Ÿ‘‰ 3. Access Protected Route
GET http://localhost:3000/auth/me


Requirements:

Must send the cookie from login

Works automatically in browsers

In Postman: enable โ€œSend Cookiesโ€ or use Cookie Jar

Example Response:

{
  "id": 1,
  "email": "test@test.com",
  "createdAt": "2025-01-15T15:21:51.124Z"
}

๐Ÿ‘‰ 4. Logout
POST http://localhost:3000/auth/logout


Behavior:

Clears the HTTP-only session cookie

After logout, /auth/me will return 401 Unauthorized

About

Cookie-based authentication backend (Node.js + Prisma + PostgreSQL)

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages