This is a simple app built to demonstrate the use of token-based authentication. It is built using NodeJS and Express. The app is deployed with corresponding frontend at dalcyn.com. The frontend deployed can be found in this repo: auth-frontend
- Node (for backend)
- Express (for building the APIs)
- Postgres as the database
- JWT for tokens
- Redis for storing all active tokens.
Since JWTs are stateless, we do not have any control over them and they cannot be revoked naturally. This presents a problem for some scenarios e.g. when we want to log the user out from all devices and make sure that the active tokens cannot be used again. This is why we need to store the active tokens. In this implementation, we are storing the tokens in Redis and revoking them whenever we need. The downside to this, though, is that we need to check whether the token exists in out cache or not for every request. Storing tokens in redis cache allows us to do this while also keeping the quering speeds fast.
It has the following auth features:
- log in
- signup
- signup/login with GitHub
- change password
- log out
- view posts
- add posts
The user can now log in from multiple devices and log out from one device only without affecting other devices. When password is changed, user gets logged out from all the devices.
To demonstrate the auth system I have created a post viewing and publishing system. All posts can be viewed publically but to add a post the user needs to be authenticated (either with email signup/login or with GitHub).
- Clone the repo
git clone <the repo url in the address bar>
- Install all the dependencies
npm i
- Set up the environment variables needed
.example-envfile contains the name for all the required keys
- Run this command:
npm run watch:dev- This will transpile all the code and place in
srcfolder and then start a server at port8080. For localhost it will be accessible athttp://localhost:8080