pkartch/basil
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity
Files
2d53b9e2839d43fdd46d83d48302e55878320b3f
basil/packages/api/.env.example
Paul R Kartchner 2d53b9e283
Some checks failed
CI Pipeline / Lint Code (push) Has been cancelled
Details
CI Pipeline / Test API Package (push) Has been cancelled
Details
CI Pipeline / Test Web Package (push) Has been cancelled
Details
CI Pipeline / Test Shared Package (push) Has been cancelled
Details
CI Pipeline / Build All Packages (push) Has been cancelled
Details
CI Pipeline / Generate Coverage Report (push) Has been cancelled
Details
Docker Build & Deploy / Build Docker Images (push) Has been cancelled
Details
Docker Build & Deploy / Push Docker Images (push) Has been cancelled
Details
Docker Build & Deploy / Deploy to Staging (push) Has been cancelled
Details
Docker Build & Deploy / Deploy to Production (push) Has been cancelled
Details
E2E Tests / End-to-End Tests (push) Has been cancelled
Details
E2E Tests / E2E Tests (Mobile) (push) Has been cancelled
Details
Security Scanning / NPM Audit (push) Has been cancelled
Details
Security Scanning / Dependency License Check (push) Has been cancelled
Details
Security Scanning / Code Quality Scan (push) Has been cancelled
Details
Security Scanning / Docker Image Security (push) Has been cancelled
Details
Security Scanning / Security Summary (push) Has been cancelled
Details
feat: add comprehensive authentication system with JWT and OAuth 
Implement a complete authentication system with local email/password
authentication, Google OAuth, JWT tokens, and role-based access control.

Backend Features:
- Database schema with User, RefreshToken, VerificationToken, RecipeShare models
- Role-based access control (USER, ADMIN)
- Recipe visibility controls (PRIVATE, SHARED, PUBLIC)
- Email verification for local accounts
- Password reset functionality
- JWT access tokens (15min) and refresh tokens (7 days)
- Passport.js strategies: Local, JWT, Google OAuth
- bcrypt password hashing with 12 salt rounds
- Password strength validation (min 8 chars, uppercase, lowercase, number)
- Rate limiting on auth endpoints (5 attempts/15min)
- Email service with styled HTML templates for verification and password reset

API Endpoints:
- POST /api/auth/register - Register with email/password
- POST /api/auth/login - Login and get tokens
- POST /api/auth/logout - Invalidate refresh token
- POST /api/auth/refresh - Get new access token
- GET /api/auth/verify-email/:token - Verify email address
- POST /api/auth/resend-verification - Resend verification email
- POST /api/auth/forgot-password - Request password reset
- POST /api/auth/reset-password - Reset password with token
- GET /api/auth/google - Initiate Google OAuth
- GET /api/auth/google/callback - Google OAuth callback
- GET /api/auth/me - Get current user info

Security Middleware:
- requireAuth - Protect routes requiring authentication
- requireAdmin - Admin-only route protection
- optionalAuth - Routes that work with or without auth
- requireOwnership - Check resource ownership

Admin Tools:
- npm run create-admin - Interactive script to create admin users
- verify-user-manual.ts - Helper script for testing

Test Coverage:
- 49 unit and integration tests (all passing)
- Password utility tests (12 tests)
- JWT utility tests (17 tests)
- Auth middleware tests (12 tests)
- Auth routes integration tests (8 tests)

Dependencies Added:
- passport, passport-local, passport-jwt, passport-google-oauth20
- bcrypt, jsonwebtoken
- nodemailer
- express-rate-limit, express-validator, cookie-parser

Environment Variables Required:
- JWT_SECRET, JWT_REFRESH_SECRET
- JWT_EXPIRES_IN, JWT_REFRESH_EXPIRES_IN
- GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET (optional)
- SMTP configuration for email
- APP_URL, API_URL

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-25 04:37:05 +00:00

62 lines
1.9 KiB
Plaintext
Raw Blame History

# Server Configuration
PORT=3001
NODE_ENV=development
# Database
DATABASE_URL="postgresql://basil:basil@localhost:5432/basil?schema=public"
# Storage Configuration
STORAGE_TYPE=local
LOCAL_STORAGE_PATH=./uploads
# S3 Configuration (Optional)
# STORAGE_TYPE=s3
# S3_BUCKET=basil-recipes
# S3_REGION=us-east-1
# S3_ACCESS_KEY_ID=your-access-key
# S3_SECRET_ACCESS_KEY=your-secret-key
# CORS
CORS_ORIGIN=http://localhost:5173
# Backup Configuration
BACKUP_PATH=./backups
# Authentication & JWT
JWT_SECRET=change-this-to-a-random-secret-min-32-characters-long
JWT_REFRESH_SECRET=change-this-to-another-random-secret-min-32-characters
JWT_EXPIRES_IN=15m
JWT_REFRESH_EXPIRES_IN=7d
# Google OAuth (Optional)
# Get these from: https://console.cloud.google.com/apis/credentials
GOOGLE_CLIENT_ID=your-google-client-id
GOOGLE_CLIENT_SECRET=your-google-client-secret
GOOGLE_CALLBACK_URL=http://localhost:3001/api/auth/google/callback
# Email Configuration (for verification emails)
# For development, you can use services like Mailtrap, Ethereal Email, or Gmail
SMTP_HOST=smtp.gmail.com
SMTP_PORT=587
SMTP_SECURE=false
SMTP_USER=your-email@gmail.com
SMTP_PASSWORD=your-app-password
EMAIL_FROM=Basil Recipe Manager <noreply@your-domain.com>
# Application URL (used in verification emails)
APP_URL=http://localhost:5173
API_URL=http://localhost:3001
# Remote Database Configuration (Optional)
# To use a remote PostgreSQL database, update DATABASE_URL with remote credentials
# Example for remote database:
# DATABASE_URL="postgresql://username:password@remote-host:5432/basil?schema=public"
#
# For AWS RDS:
# DATABASE_URL="postgresql://username:password@your-instance.region.rds.amazonaws.com:5432/basil?schema=public"
#
# For Digital Ocean Managed Database:
# DATABASE_URL="postgresql://username:password@your-db.db.ondigitalocean.com:25060/basil?sslmode=require"
#
# Note: When using a remote database, you can disable the local postgres service in docker-compose.yml
Reference in New Issue View Git Blame Copy Permalink