Security and Authentication

This application uses JSON Web Token (JWT) for authentication. All the secure routes require JWT in the Authorization header of the HTTP request. The passport.authenticate middleware is used to validate the JWT.

Some routes are protected with an adminGuard middleware, which checks for admin level authorization.

The authentication and authorization process is as follows:

  1. Client sends a login request to /auth/login with required credentials.
  2. If the credentials are correct, a JWT is returned.
  3. This JWT should be added in the Authorization header for all subsequent secure API calls.

End Points

/auth - (GET) Endpoint for testing the authController, will be disabled in the production environment.

/auth/login - (POST) Endpoint for logging in a user.

/auth/sign-up - (POST) Endpoint for signing up a new user.

/auth/reset-pass - (POST) Endpoint for resetting a user's password.

/auth/request-pass - (POST) Endpoint for requesting a password reset.

/auth/user-email - (POST) Endpoint for setting or updating a user's email.

/auth/sign-out - (POST) Endpoint for logging out a user.

/auth/refresh-token - (POST) Endpoint for refreshing a user's token.

/auth/invite-link - (POST) Endpoint for generating an invite link for a user.

/auth/user-sms-code - (POST) Endpoint for sending a SMS code to a user.

/auth/getFolderLimits - (POST) Endpoint for getting a user's folder limit.


comments powered by Disqus