Building a Secure Authentication System with Node.js and Express With Email Service

Published at: 5 Feb 2025

Category: History

Author: Admin

Building a Secure Authentication System with Node.js and Express With Email Service

Introduction
Refer to this Github Repo
Features of the Authentication App
Project Structure
Implementation Overview
1. User Registration
2. JWT Authentication
What is JSON Web Token (JWT)?
3. Role-Based Access Control
Deployment

Introduction

Authentication is a crucial part of web applications, ensuring users can securely log in and manage their accounts. In this blog post, I have provided you an overview of how things work, and I also mentioned my GitHub repo for a better understanding of the code. You can take a quick overview of the project on Try Out. I will share how I built an authentication system using Node.js, Express, and various useful packages.

Refer to this Github Repo

Features of the Authentication App

Secure password encryption with bcrypt
JSON Web Token (JWT) authentication using jsonwebtoken and passport-jwt
Role-based access control via accesscontrol
Cookie management with cookie-parser
Email verification and password reset functionality with nodemailer and mailgen
File uploads using multer
MongoDB database integration with mongoose
Environment variable management using dotenv
Enhanced API security through cors and validator

I have designed this project so that it can be used as starter code for any application. It includes role-based access control, which is commonly required in CRMs, along with integrated email services. I have also ensured that each method and function is reusable, following the DRY (Don't Repeat Yourself) principle to keep the code efficient and maintainable.

Project Structure

server/
│   server.js            # Main server file
│   .env                 # Environment variables
│   package.json         # Project dependencies and scripts
│
├── config/
│   ├── db.js            # Database connection setup
│   ├── passport.js      # Passport authentication setup
│
├── models/
│   ├── User.js          # User schema definition
│
├── routes/
│   ├── authRoutes.js    # Routes for authentication
│   ├── userRoutes.js    # Routes for user actions
│
├── controllers/
│   ├── authController.js  # Handles authentication logic
│   ├── userController.js  # Manages user operations
│
├── middleware/
│   ├── authMiddleware.js  # Middleware for authentication
│
├── utils/
│   ├── mailer.js        # Email handling logic
│
└── uploads/             # Storage for uploaded files

Implementation Overview

1. User Registration

const bcrypt = require('bcrypt');
const saltRounds = 10;
const hashedPassword = await bcrypt.hash(password, saltRounds);

Security is key. It is crucial to hash the password before saving it to the database. In the code above I explain you about how to hashed your password using bcrypt.

2. JWT Authentication

const jwt = require('jsonwebtoken');
const token = jwt.sign({ userId: user._id }, process.env.JWT_SECRET, { expiresIn: '1h' });

In this code snippet, we are using jsonwebtoken to generate a token for user authentication. The token is created with the jwt.sign() method, which takes a payload (here, userId: user._id) and a secret key (process.env.JWT_SECRET) to securely sign the token. The token is set to expire in 1 hour (expiresIn: '1h'), after which the user will need to re-authenticate.

What is JSON Web Token (JWT)?

JWT (JSON Web Token) is a compact, URL-safe token used for securely transmitting information between parties as a JSON object. It's commonly used for authentication, where the server generates a token for a user upon login, and the user sends this token in subsequent requests to prove their identity. JWTs consist of three parts: the header, payload, and signature, which together ensure the integrity and authenticity of the information.

3. Role-Based Access Control

const ac = new AccessControl();
ac.grant('user').readOwn('profile');
ac.grant('admin').extend('user').updateAny('profile');

Deployment

"scripts": {
  "start": "node server.js",
  "dev": "nodemon server.js"
}

Building a Secure Authentication System with Node.js and Express With Email Service

Introduction

Refer to this Github Repo

Features of the Authentication App

Project Structure

Implementation Overview

1. User Registration

2. JWT Authentication

What is JSON Web Token (JWT)?

3. Role-Based Access Control

Deployment

About

Our Recent posts

How to Send Browser Push Notifications in Node.js – A Step-by-Step Guide

Top Best Practices for Building Scalable and Secure Node.js Applications

Top 50 Most Asked Interview Questions for MERN Stack Developers (2025)

How to Build a Real-time Chat App With NodeJS, Socket.IO, and MongoDB.

CRUD Operations in MERN Stack: A Practical Example

Top 5 Mern Stack Projects for Beginners with source code.

How to Integrate Amadeus Flight API with Your Travel Website: A Step-by-Step Project Guide

Top 10 Best Bike Routes in India for Adventure Seekers and Bikers

How to Create a QR Code: A Step-by-Step Guide

The new seven wonders of the world

Top 10 MERN Stack Project Ideas for Developers with Code

5 Best Honeymoon Destinations in India.

Top 5 Winter Destinations in India You Must Visit

How to Use QR Codes for Event Promotion: A Complete Guide

Unique Proposal Ideas with QR Code Generator | Snaap.io

How to Build a Simple URL Shortener with Node.js

Improving SEO with URL Shortening: Myths vs. Facts

How to Send Email in Node.js Using SMTP (Gmail Example)

Why MERN Stack is the Best Tech Stack to Learn in 2025: A Developer's View

Preventing Broken Links: How URL Shorteners Ensure Link Longevity

How to Create a Short URL in 4 Simple Steps: A Quick Guide

5 Reasons Why Short URLs Are Essential for Social Media and SEO

Introducing tocify.js – The Ultimate Utility for Table of Contents (TOC) for HTML Documents

My Web Crawler - A Powerful Tool for Efficient Website Crawling and Content Extraction

Follow Us