User-JWT-Post Backend | DEMO
Backend for assignment at Varlyq Tech, implements total JWT-secured users and posting system with comments and like support.
- User registration and login system
- Full token-based authentication with strict user permissions
- Post content
- Comment and like user's comments
- Keep track of refresh tokens and allow only one active token at a time
- Invalidate access tokens after a user has logged out
Most of the features and code is geared towards security and token storage. Can act as a reference for future jwt-based projects.
The api is hosted on Render.
Render Link: Try it out
Postman Collections: Explore
Github: Link
NOTE: Since the web service is hosted on free tier, it can take upto a minute for the first request to be fulfilled.
For full API documentation, refer to POSTMAN Collection.
Few of the available apis are listed below:
GET /api/v1/users/
POST /api/v1/posts/
Authorization | Type | Description |
---|---|---|
token |
Bearer Token |
Required. Access token for logged in user |
POST /api/v1/posts/:postId/comments/
Parameter | Type | Description |
---|---|---|
postId |
string |
Required. Post to add comment to |
GET /api/v1/posts/:postId/comments/:commentId
Parameter | Type | Description |
---|---|---|
commentId |
string |
Required. Id of the liked comment |
accessToken |
Bearer Token |
Required. User who likes the comment |
This project uses yarn for package management.
Install yarn and run:
yarn && yarn start
This will start the application and the server will listen for requests on default http PORT 3000.
To run this project, you will need to add the following environment variables to your .env file, also stated in the .env.example file in the repository.
PORT
for running in host machine.
MONGO_URI
url for the connected mongodb.
JWT_ACCESS_SECRET
secret for access token cryptographic signing
JWT_REFRESH_SECRET
secret for refresh token cryptographic signing
JWT_ACCESS_TIME
time after which access token is invalidated
JWT_REFRESH_TIME
time after which refresh token is invalidated