Hybrid Authentication with MongoDB (Mongoose)

MongoDB implementation of hybrid authentication using Mongoose for users and Redis for session tracking and refresh token rotation.

Installation Guide

Add the hybrid authentication blueprint using the Servercn CLI:

npx servercn-cli add blueprint hybrid-auth

API Endpoints

All endpoints are the same for both MVC and Feature architectures.

Authentication Routes

Base URL: http://localhost:9000/api/v1/auth

MethodEndpointDescription
POST/signupRegister new user and send verification OTP
POST/verify-userVerify email with OTP
POST/signinLogin user and set auth cookies
GET/profileGet current user profile
PATCH/profileUpdate profile and avatar
GET/sessionsList active sessions
DELETE/sessionsRevoke all sessions except current
DELETE/sessions/:sessionIdRevoke a specific session
POST/refresh-tokenRotate access and refresh tokens
POST/logoutLogout current session
POST/forgot-passwordRequest password reset OTP
POST/verify-reset-otpVerify password reset OTP
POST/reset-passwordReset password after OTP verification
POST/change-passwordChange password and revoke sessions
POST/account/request-deleteRequest account deletion token
DELETE/account/deleteDelete or deactivate account by token
PUT/account/reactivateReactivate soft-deleted account

OAuth Routes

Base URL: http://localhost:9000/api/auth

MethodEndpointDescription
GET/githubInitiate GitHub OAuth
GET/github/callbackGitHub OAuth callback
GET/googleInitiate Google OAuth
GET/google/callbackGoogle OAuth callback
GET/facebookInitiate Facebook OAuth
GET/facebook/callbackFacebook OAuth callback

Health Check

Base URL: http://localhost:9000/api/v1/health

MethodEndpointDescription
GET/Basic health check
GET/detailedDetailed health status

Environment Variables

Create a .env file with the following:

PORT='9000'
NODE_ENV='development'
LOG_LEVEL='info'
CORS_ORIGIN=''
CLIENT_URL=''
 
DATABASE_URL=''
REDIS_URL=''
 
JWT_ACCESS_SECRET=''
JWT_REFRESH_SECRET=''
CRYPTO_SECRET=''
 
RESEND_API_KEY=''
EMAIL_FROM=''
 
CLOUDINARY_CLOUD_NAME=''
CLOUDINARY_API_KEY=''
CLOUDINARY_API_SECRET=''
 
GOOGLE_CLIENT_ID=''
GOOGLE_CLIENT_SECRET=''
GOOGLE_REDIRECT_URI=''
 
GITHUB_CLIENT_ID=''
GITHUB_CLIENT_SECRET=''
GITHUB_REDIRECT_URI=''
 
FACEBOOK_APP_ID=''
FACEBOOK_APP_SECRET=''
FACEBOOK_REDIRECT_URI=''

File & Folder Structure

Loading files...

Installation

npx servercn-cli add bp hybrid-auth