Build Production-Ready Authentication System in Backend Using MongoDB

[deepanshu-prajapati01]

Hi team 👋

Currently, the backend lacks any proper authentication logic or user management system, making it insecure and non-functional for real-world use. To move the platform toward production readiness, I’d like to design and implement a full-fledged authentication setup using MongoDB as the database.

---

🔍 Current Problem:

• No existing backend routes for login, register, logout, or auth middleware.
• No user model or database schema.
• No protection for private routes or APIs.
• App is vulnerable and cannot handle user sessions securely.

---

✅ Proposed Implementation Plan:

🛠 Backend Auth Setup

• Create a User model (with name, email, password, timestamps).
• Use MongoDB with Mongoose for schema management and queries.

🔐 Auth Routes

• POST /auth/register → create user, hash password, validate inputs
• POST /auth/login → authenticate user, issue JWT token
• GET /auth/logout → clear session/cookie
• GET /auth/me → fetch logged-in user data

🔒 Security Practices

• Use JWT with HTTP-only cookies for secure session handling.
• Hash passwords using bcrypt.
• Add auth middleware to protect private routes.
• Input validation using a package like express-validator or custom logic.

---

🏷 Labels Requested:

• gssoc2025
• level 3
• backend
• feature
• auth

👉 Please assign this issue to me — I’ll handle the full backend auth logic setup from scratch and ensure it’s secure, scalable, and production-ready.

Thanks! 🙌

[AnirudhPhophalia]

@vinit105
If this issue is not resolved, can you please assign me

[deepanshu-prajapati01]

Yes, @AnirudhPhophalia, you can take this issue since I’m tied up with something else right now.

[AnirudhPhophalia]

@vinit105
I have raised a PR #38
Please review and merge
Thanks