A secure REST APIs built using Node.js, Express, and MongoDB with JWT authentication, role-based access, and CRUD operations for Users and Products.
This project demonstrates how to build a secure REST API using:
- Express.js for routing
- Mongoose for MongoDB object modeling
- JWT for authentication
- Middleware for access control and validation
It provides a ready-to-use backend for projects that need user management, authentication, student and product CRUD, and role-based authorization.
| Technology | Description |
|---|---|
| Node.js | JavaScript runtime for building the server |
| Express.js | Web framework for building APIs |
| MongoDB + Mongoose | NoSQL database and ODM |
| JWT (JSON Web Token) | Authentication and authorization |
| bcryptjs | Password hashing |
| dotenv | Environment variable management |
| Joi | Schema validation |
✅ User Authentication & Authorization (JWT)
✅ Role-based Access Control (Admin/User)
✅ CRUD Operations for Users, Students, and Products
✅ Validation using Joi
✅ Secure Password Hashing with bcrypt
✅ Error Handling Middleware
✅ Query Filters (e.g., /api/users?role=admin&age=25)
✅ Environment Config Support (.env)
git clone https://github.com/sanashaju/node-express-jwt-auth-api.git
cd node-express-jwt-auth-apinpm install# Server Port
PORT=9002
# Database name
DATABASE=node-express-jwt-auth-api-dev
# MongoDB Connection URI
MONGO_URI=mongodb+srv://sana:[email protected]/
# JWT Secret Key for Authentication
JWT_SECRET=this_is_my_secret
# Node Environment: development or production
NODE_ENV=development
npm run dev # Development mode
npm start # Production modeServer will run on:
👉 http://localhost:9002
swagger: '2.0'
info:
title: REST API
description: Auto-generated Swagger doc
version: 1.0.0
host: localhost:9002
basePath: /
schemes:
- http
paths:
/api/auth/register:
post:
description: ''
parameters:
- name: body
in: body
schema:
type: object
properties:
username:
example: any
email:
example: any
password:
example: any
role:
example: any
age:
example: any
responses:
'201':
description: Created
'400':
description: Bad Request
/api/auth/login:
post:
description: ''
parameters:
- name: body
in: body
schema:
type: object
properties:
email:
example: any
password:
example: any
responses:
'200':
description: OK
'400':
description: Bad Request
'401':
description: Unauthorized
/api/users/:
get:
description: ''
parameters:
- name: age
in: query
type: string
- name: role
in: query
type: string
responses:
'200':
description: OK
/api/users/{id}:
get:
description: ''
parameters:
- name: id
in: path
required: true
type: string
responses:
'200':
description: OK
'400':
description: Bad Request
'404':
description: Not Found
/api/products/:
post:
description: ''
parameters:
- name: body
in: body
schema:
type: object
properties:
title:
example: any
author:
example: any
price:
example: any
category:
example: any
publisher:
example: any
isbn:
example: any
stock:
example: any
responses:
'201':
description: Created
'400':
description: Bad Request
'403':
description: Forbidden
get:
description: ''
parameters:
- name: category
in: query
type: string
- name: minPrice
in: query
type: string
- name: maxPrice
in: query
type: string
responses:
'200':
description: OK
/api/products/{id}:
patch:
description: ''
parameters:
- name: id
in: path
required: true
type: string
- name: body
in: body
schema:
type: object
properties:
title:
example: any
author:
example: any
price:
example: any
category:
example: any
publisher:
example: any
isbn:
example: any
stock:
example: any
responses:
'200':
description: OK
'400':
description: Bad Request
'403':
description: Forbidden
'404':
description: Not Found
delete:
description: ''
parameters:
- name: id
in: path
required: true
type: string
responses:
'200':
description: OK
'403':
description: Forbidden
'404':
description: Not Found
If you like this project, please ⭐ star the repo!