Auth & User Management API

A secure Authentication and User Management backend built with Node.js, Express, MongoDB, JWT, and bcrypt.
Includes role-based access control (user/admin), password reset via token, and email notifications using Resend.

---

🚀 Features

• User Registration (with hashed passwords)
• User Login (JWT authentication via cookies)
• User Logout (clears cookie)
• Password Reset (forgot/reset flow via email token)
• Role-based Access (user/admin)
• User Management
  • Self profile management (view, update, delete account)
  • Admin operations (list all users, update role, delete any user)
• Email Notifications
  • Welcome email on registration
  • Login alert
  • Password reset email
  • Account deletion email
• API Documentation with Swagger (/api-docs)

---

⚙️ Installation & Setup

1. Clone the repository:

   git clone https://github.com/iamdanwi/auth-user-management-api.git
   cd auth-user-management-api

2. Install dependencies:

   npm install

3. Create a .env file:

   PORT=3000
   MONGO_URI=mongodb://127.0.0.1:27017/authdb
   JWT_SECRET=your_jwt_secret
   JWT_EXPIRES_IN=7d
   CLIENT_URL=http://localhost:3000
   RESEND_API_KEY=your_resend_api_key
   NODE_ENV=development

4. Start the server:

   npm run dev

   or

   node server.js

5. Visit API Docs:

   http://localhost:3000/api-docs
   

---

🔑 API Endpoints with Examples

Auth Routes

Register

POST /auth/register

curl -X POST http://localhost:3000/auth/register \
  -H "Content-Type: application/json" \
  -d '{"name":"John Doe","email":"john@example.com","password":"secret123"}'

Login

POST /auth/login

curl -X POST http://localhost:3000/auth/login \
  -H "Content-Type: application/json" \
  -d '{"email":"john@example.com","password":"secret123"}' \
  -c cookies.txt

Logout

POST /auth/logout

curl -X POST http://localhost:3000/auth/logout -b cookies.txt

Forgot Password

POST /auth/forgot-password

curl -X POST http://localhost:3000/auth/forgot-password \
  -H "Content-Type: application/json" \
  -d '{"email":"john@example.com"}'

Reset Password

POST /auth/reset-password/:token

curl -X POST http://localhost:3000/auth/reset-password/<token> \
  -H "Content-Type: application/json" \
  -d '{"password":"newpassword123"}'

---

User Routes (Authenticated)

Get Own Profile

curl -X GET http://localhost:3000/users/me -b cookies.txt

Update Own Profile

curl -X PUT http://localhost:3000/users/me \
  -H "Content-Type: application/json" \
  -d '{"name":"Johnny Doe","password":"newSecret123"}' \
  -b cookies.txt

Delete Own Account

curl -X DELETE http://localhost:3000/users/me -b cookies.txt

---

Admin Routes

Get All Users

curl -X GET http://localhost:3000/users -b cookies.txt

Get User by ID

curl -X GET http://localhost:3000/users/64f1234567890 -b cookies.txt

Update User Role

curl -X PUT http://localhost:3000/users/64f1234567890/role \
  -H "Content-Type: application/json" \
  -d '{"role":"admin"}' \
  -b cookies.txt

Delete User by ID

curl -X DELETE http://localhost:3000/users/64f1234567890 -b cookies.txt

---

📧 Email Notifications

• Welcome Mail → Sent on registration
• Login Alert → Sent on login
• Password Reset → Sent when user requests password reset
• Account Deletion → Sent when account is deleted

---

📘 Documentation

Swagger API docs available at:

http://localhost:3000/api-docs

---

🧑‍💻 Author

Built by iamdanwi as a beginner-friendly Authentication & User Management API project.

---

📄 License

This project is licensed under the MIT License. See the LICENSE file for details.