Secure Authentication System
Production-ready auth: OTP, JWT, RBAC, rate limits
Built with a security-first approach: email OTP verification, JWT with refresh tokens, RBAC, and basic rate-limiting. Includes secure password hashing, input validation, and defenses against common attacks.
Tech Stack
Node.jsExpressMongoDBJWTNodemailer
Features
- Email OTP & token refresh
- Role-based access control (admin/user)
- Rate limiting & brute-force prevention
Challenges
- Securely designing refresh token flow
- Avoiding token leakage and XSS attack surfaces
Future Scope
- 2FA integration
- Audit logging