- Created for Devscale Assignment #3 (backend only)
- Clone this repo
- Run
pnpm install
- Create
.env
file
MONGO_URI_TODOLIST=mongodb://user:password@127.0.0.1:27017/test
PORT=
JWT_ACCESS_KEY=
JWT_REFRESH_KEY=
- Run
pnpm dev
POST /api/v1/user
POST /api/v1/user/login
POST /api/v1/user/logout
GET /api/v1/todos
POST /api/v1/todos
Content-type:application-json
{
"title": "Task1"
"todos": "Doing something..."
}
- All detail http script located at
api_test
folder
App will check the availability of accessToken & refreshToken on each user's cookie
App will provide:
- User input validation (name, email format, password with minimum 8 characters)
- Collision check (filtered by unique email address)
- Password hashing by
bcrypt
- If all clear, user data will be saved into DB
App will provide:
- User input validation (email format & password)
- User record check (registered email)
- Password maching by
bcrypt compare
(string input password vs password on db) - Producing new accessToken (short lived) and refreshToken (mid long lived)
- RefreshToken will be saved into db
- Set both tokens into browser's cookie
App will provide:
- Check availability of both tokens
- If exist, app will remove cookie for both tokens
- All TodoList route will facing to auth middleware, to check some of below points,
- Check availability of both tokens (grant access)
- Check validation of
AccessToken
lifetime - If expired, Check availability & validation of
RefreshToken
on both side DB and cookie - If exitst, app will regenerate new AccessToken & set to cookie again
- Auth middleware will be passed through TodoList Routes