authentication using express mongoose
const mongoose = require('mongoose');
const server = require('@leonardosarmentocastro/server');
const i18n = require('@leonardosarmentocastro/i18n'); // mandatory
const { authentication, authenticationSchema } = require('@leonardosarmentocastro/authentication');
(async () => {
const api = await server.start(8080, {
middlewares: (app) => {
i18n.connect(app); // mandatory
},
routes: (app) => {
const schema = new mongoose.Schema({ authentication: authenticationSchema, name: String });
const model = new mongoose.model('Customer', schema);
// creates
// * "[GET] /authentication/me"
// * "[POST] /authentication/sign-in"
// * "[POST] /authentication/sign-out"
// * "[POST] /authentication/sign-up"
authentication.connect(app, model);
// creates
// * "[POST] /authentication/2FA/cancel"
// * "[POST] /authentication/2FA/check"
// * "[POST] /authentication/2FA/verify"
authentication.twoFactor.connect(app, model);
},
});
})();For authentication
-
[GET] /authentication/me: serves authenticated model data; -
[POST] /authentication/sign-in: validates token + authenticates an model, saving a JWT Authorization token to the model and attaching it to response's header; -
[POST] /authentication/sign-up: creates/authenticates an model, saving a JWT Authorization token to the model and attaching it to response's header; -
[POST] /authentication/sign-out: validates token + remove JWT Authorization token from model and remove it from response's header.
For 2FA verification
-
[POST] /authentication/2FA/cancel: cancel the verification request before the 5 minute duration runs out; -
[POST] /authentication/2FA/check: checks if the served 4 digit PIN sent by the user, matches the one sent to the given cellphone number; -
[POST] /authentication/2FA/verify: sends a SMS with a 4 digit PIN code to a given cellphone number.
-
AUTHENTICATION_SECRET: secret used to sign jwt tokens when signing tokens; -
AUTHENTICATION_SMS_2FA_VONAGE_API_KEY: API key for sending 2FA SMS usingVonage; -
AUTHENTICATION_SMS_2FA_VONAGE_API_SECRET: API secret for sending 2FA SMS usingVonage; -
AUTHENTICATION_SMS_2FA_SENDER_NAME: The sender name that is going to be written on 2FA SMS messages.
For schema validation:
AUTHENTICATION_VALIDATOR_ERROR_INVALID_CELLPHONE_NUMBERVALIDATOR_ERROR_PASSWORD_NOT_STRONGVALIDATOR_ERROR_FIELD_IS_REQUIRED
For endpoint resolvers:
AUTHENTICATION_ERROR_CELLPHONE_NUMBER_NOT_FOUNDAUTHENTICATION_ERROR_PASSWORD_MISMATCHAUTHENTICATION_ERROR_REGISTRY_FOR_TOKEN_NOT_FOUNDAUTHENTICATION_ERROR_TOKEN_EXPIREDAUTHENTICATION_ERROR_TOKEN_INVALIDAUTHENTICATION_ERROR_TOKEN_NOT_BEFORE
For cellphone 2FA through SMS using Vonage:
AUTHENTICATION_SMS_2FA_CANCEL_UNEXPECTED_ERRORAUTHENTICATION_SMS_2FA_CHECK_UNEXPECTED_ERRORAUTHENTICATION_SMS_2FA_CELLPHONE_NUMBER_ALREADY_REGISTEREDAUTHENTICATION_SMS_2FA_VERIFICATION_UNEXPECTED_ERROR