Skip to content

JWT-based API for user registration and authorization

License

Notifications You must be signed in to change notification settings

Deliaz/sails-api-jwt

Folders and files

NameName
Last commit message
Last commit date

Latest commit

8c3d161 · Aug 30, 2022

History

66 Commits
Dec 8, 2017
Aug 26, 2017
Jan 18, 2018
Aug 12, 2017
Aug 23, 2017
Aug 26, 2017
Sep 26, 2017
Aug 19, 2017
Aug 23, 2017
Aug 12, 2017
Aug 30, 2022
Aug 12, 2017
Apr 20, 2018

Repository files navigation

JSON Web Token authorization API

Based on Sails.js (v0.12)

Coverage Status Build status Greenkeeper badge

An example implementation of JWT-based API for user registration and authorization.

It supports:

  1. User register;
  2. User login;
  3. Getting account info;
  4. Token generation and validation;
  5. Password reset (with a reset token);
  6. Password change (with JWT credentials);
  7. Account locking.

Things to do:

  1. Optional email notifications (based on environment);
  2. Keep reset token encrypted and with a validity date;
  3. Unlock after some freeze period;
  4. Registration confirmation (with a confirm token).

Start

npm run start

or, if you have Sails globally:

sails lift

For security reasons, please change JWT_SECRET in api/config/env/development.js.

Pass JWT

Token-free endpoints:

/user/create
/user/login
/user/forgot
/user/reset_password

Token-required endpoints:

/user
/user/change_password 

To pass a JWT use Authorization header:

Authorization: Bearer <JWT>

API methods description

For some reasons I do not use REST. Shortcuts also disabled by default (see api/config/blueprints.js).

POST /user/create

Creates a new user. Requirements for the password: length is 6-24, use letters and digits.

request

{
  "email": "email@example.com",
  "password": "abc123",
  "password_confirm": "abc123"
}

response

{
  "token": "<JWT>"
}

POST /user/login

request

{
  "email": "email@example.com",
  "password": "abc123"
}

response

{
  "token": "<JWT>"
}

N.B. Account will be blocked after 5 fails in 2 mins (configurable in api/services/UserManager.js).

GET /user

Returns basic info about current account. Requires authorization.
request Params not required.

response

{
  "id": 1,
  "email": "email@example.com"
}

POST /user/change_password

Changes user password. User should be authorized.

request

{
  "email": "email@example.com",
  "password": "abc123", 
  "new_password": "xyz321",
  "new_password_confirm": "xyz321"
}

response

{
  "token": "<JWT>"
}

N.B. All old tokens will be invalid after changing password.

POST /user/forgot

Initiates procedure of password recovery.

request

{
  "email": "email@example.com"
}

response

{
  "message": "Check your email"
}

POST /user/reset_password

Reset password to a new one with a reset token. Reset token sends to a user after /user/forgot.

request

{
  "email": "email@example.com",
  "reset_token": "<Password Reset Token>",
  "new_password": "xyz321",
  "new_password_confirm": "xyz321"
}

response

{
  "message": "Done"
}

HTTP codes

All endpoints uses HTTP status codes to notify about execution results

  • 200 ok, reqeust executed successfully;
  • 201 created, new user created successfully;
  • 400 bad request, usually means wrong params;
  • 403 forbidden, for locked accounts;
  • 500 server error, something went wrong.

Tests

The project uses Travis-CI and Coveralls integration and has some tests. Run it via:

npm run test

Inspired by

This project is based on this repo: https://github.com/swelham/sails-jwt-example (unlicensed).
I refactored and improved it for myself.

License

It is MIT.