loginjs-express v1.0.3
Login.js
Minimalist module built to set up a secure back-end express login system in record speed.
Installation
Before installing, download and install Node.js.
For brand new projects, be sure to create a package.json
first with the npm init
command.
Next, run the following command in your terminal:
npm i loginjs-express
Quick Setup
Create an index.js
file, and paste the starter code shown below inside of it.
const loginJS = require('loginjs-express');
// required
const loginConfig = {
mongodbURI: process.env.MONGODB_URI,
jwtSecret: process.env.JWT_SECRET,
};
// required
const resetConfig = {
jwtResetSecret: process.env.JWT_RESET_SECRET,
emailFromUser: process.env.EMAIL_FROM_USER,
emailFromPass: process.env.EMAIL_FROM_PASS,
emailHost: process.env.EMAIL_HOST,
emailPort: process.env.EMAIL_PORT,
emailSecure: process.env.EMAIL_SECURE,
};
// required
const verifyEmailConfig = {
emailFromUser: process.env.EMAIL_FROM_USER,
emailFromPass: process.env.EMAIL_FROM_PASS,
emailHost: process.env.EMAIL_HOST,
emailPort: process.env.EMAIL_PORT,
emailSecure: process.env.EMAIL_SECURE,
}
// Insert optional customization here if you need it (see below).
loginJS(loginConfig, resetConfig, verifyEmailConfig);
These are optional should you need to change default values included in Login.js. If so, please add the following to your index.js
:
// optional
resetConfig.jwtResetExpiration = parseInt(process.env.JWT_RESET_EXPIRATION); // in seconds
resetConfig.emailHeading = 'Your Custom Heading';
resetConfig.emailSubjectLine = 'Your Custom Subject Line';
resetConfig.emailMessage ='Your custom reset password message goes here. Reset password link will be generated and placed below your custom message.';
// optional
loginConfig.passwordLength = parseInt(process.env.ACCOUNT_PWD_LENGTH); // positive integer
loginConfig.jwtSessionExpiration = parseInt(
process.env.JWT_SESSION_EXPIRATION
); // in seconds
// optional
verifyEmailConfig.emailHeading = 'Your Custom Heading';
verifyEmailConfig.emailSubjectLine = 'Your Custom Subject Line';
verifyEmailConfig.emailMessage = 'Your custom verify email message goes here. Verify email link will be generated and placed below your custom message.';
Create a .env
file to store a list of environmental variables needed for this module to run.
These are required:
// replace mock credentials with your own
MONGODB_URI=mongodb+srv://jdoe:password@cluster0.d312b.mongodb.net/loginjs?retryWrites=true&w=majority
JWT_SECRET=xyzjwtsec3874r3t
JWT_RESET_SECRET=mtcjreset56874sec56rt
EMAIL_FROM_USER=support@loginjs.com
EMAIL_FROM_PASS=hky34KTcyTyz18
EMAIL_HOST=smtp.zoho.com
EMAIL_PORT=465
EMAIL_SECURE=true
These are optional should you need to change default values included in Login.js. If so, please add the following to your index.js
:
JWT_SESSION_EXPIRATION = 3600; // default value inside Login.js module set 7200 (seconds)
JWT_RESET_EXPIRATION = 600; // default value inside Login.js module set to 900 (seconds)
ACCOUNT_PWD_LENGTH = 10; // default value inside Login.js module set to 8
Stand-alone Login System Quick Setup
If you prefer quick access to only the login functionality without the reset password feature, then the setup is as follows:
Create an index.js
file, and paste the starter code shown below inside of it.
const loginJS = require('loginjs-express');
const createLogin = loginJS.createLogin;
// required
const loginConfig = {
mongodbURI: process.env.MONGODB_URI,
jwtSecret: process.env.JWT_SECRET,
};
// required
const verifyEmailConfig = {
emailFromUser: process.env.EMAIL_FROM_USER,
emailFromPass: process.env.EMAIL_FROM_PASS,
emailHost: process.env.EMAIL_HOST,
emailPort: process.env.EMAIL_PORT,
emailSecure: process.env.EMAIL_SECURE,
}
// Insert optional customization here if you need it (see below).
// Login system without reset password feature
createLogin(loginConfig, verifyEmailConfig, launchApp = true);
These are optional should you need to change default values included in Login.js. If so, please add the following to your index.js
:
loginConfig.passwordLength = parseInt(process.env.ACCOUNT_PWD_LENGTH); // positive integer
loginConfig.jwtSessionExpiration = parseInt(
process.env.JWT_SESSION_EXPIRATION
); // in seconds
verifyEmailConfig.emailHeading = 'Your Custom Heading';
verifyEmailConfig.emailSubjectLine = 'Your Custom Subject Line';
verifyEmailConfig.emailMessage = 'Your custom verify email message goes here. Verify email link will be generated and placed below your custom message.';
Create a .env
file to store a list of environmental variables needed for this module to run. These are required.
// replace mock credentials with your own
MONGODB_URI=mongodb+srv://jdoe:password@cluster0.d312b.mongodb.net/loginjs?retryWrites=true&w=majority
JWT_SECRET=xyzjwtsec3874r3t
EMAIL_FROM_USER=support@loginjs.com
EMAIL_FROM_PASS=hky34KTcyTyz18
EMAIL_HOST=smtp.zoho.com
EMAIL_PORT=465
EMAIL_SECURE=true
These are optional:
JWT_SESSION_EXPIRATION = 3600; // default value inside Login.js module set to 7200 (seconds)
ACCOUNT_PWD_LENGTH = 10; // default value inside Login.js module set to 8
Features
Client sign up and sign In
Client gravatar
Encrypted password storage in MongoDB
Client authentication and reset password
Client email verification
Reset password email sent to the client
Verify email sent to the client
MongoDB Setup
Login.js integrates with MongoDB. Before running the Login.js module, be sure to launch a MongoDB server and provide its URI as an environment variable in .env
file (discussed above).
Alternatively, I recommend setting up a MongoDB Cloud Cluster.
Security Issues
If you discover a security vulnerability or would like to help me improve Login.js, please email me. Alternatively, submit a pull request at this project's Github, and we'll go from there. Thank you for your support.
API Endpoints
To test these endpoints, I would highly recommend using Postman as per illustrations and other details below.
Register Client
POST: /api/register
Get Authorized Client
GET: /api/login
Sign In Client
POST: /api/login
Verify Email Address
PATCH: /api/verify-email
Forgot Password
PUT: /api/forgot-password
Reset Password
PATCH: /api/reset-password
req and res Objects
Register Client
// a 'verify your email address' link, which contains the 'verifyEmailToken' in the URL, is sent via email to the client
// req object (sent from client to server)
req.body = {
name,
email,
password
}
// res object (returned to client from server)
res.json({
token
})
Get Authorized Client
// token (from above) sent back to the server via http headers for client authorization and access to private routes
axios.defaults.headers.common['x-auth-token'] = token;
Sign In Client
// if the client's email address remains unverified, a 'verify your email address' link, which contains the 'verifyEmailToken' in the URL, is sent via email to the client
// req object (sent from client to server)
req.body = {
name,
email,
password
}
// res object (returned to client from server)
res.json({
token
})
Verify Email
// note: 'verifyEmailToken' inside req.body directly below is from the email to the client (see comments above), and it's the same token as above
// req object (sent from client to server)
req.body = {
verifyEmailToken,
newPassword
}
// res object (returned to client from server)
res.json({
msg
})
Forgot Password
// req object (sent from client to server)
req.body = {
email
}
// a reset-password link, which contains the 'resetToken' in the URL, is sent via email to the client
// res object (returned to client from server)
res.json({
msg
})
Reset Password
// note: 'resetToken' inside req.body below is from the email to client (see comment above)
// req object (sent from client to server)
req.body = {
resetToken,
newPassword
}
// res object (returned to client from server)
res.json({
msg
})
Testing Endpoints in Postman (illustrations)
Register Client
Shows the req object with the client's name, email, and password sent to the server, and it shows the res object returned with the token.
Get Authorized Client Information
Shows x-auth-token and its value set in the headers, and it shows the res object returned with the client details.
Sign In Client
Shows the req object sent with the client email and password to the server, and it shows the res object returned with the token.
Verify Email Address
Shows the req object sent with the 'verifyEmailToken' to the server, and it shows the res object returned with a msg to the client.
Forgot Password
Shows the req object sent with the client email to the server, and it shows the res object returned with a msg to the client.
Reset Password
Shows the req object sent with the 'resetToken' and client's 'newPassword' to the server, and it shows the res object returned with a msg to the client.
Reset Password Email Sent to Client
Verification Email Sent to Client