Secure Login API is a robust and secure backend application developed with Node.js and Express. It provides a comprehensive authentication system with advanced security features, including Two-Factor Authentication (2FA) and Google OAuth integration.
- User registration
- Secure login
- Two-Factor Authentication (2FA)
- Google OAuth integration
- CSRF protection
- Rate limiting
- Input sanitization
- NoSQL injection prevention
- Secure HTTP headers with Helmet
- Node.js
- Express
- MongoDB
- Mongoose
- JSON Web Tokens (JWT)
- Passport.js
- Speakeasy (for 2FA)
- Helmet
- Express Rate Limit
Install dependencies: npm install
Create a .env
file in the root directory with the following variables:
PORT=3000
MONGODB_URI=mongodb://localhost:27017/secureLoginApp
JWT_SECRET=tu_secreto_jwt_super_seguro
SESSION_SECRET=tu_secreto_de_sesion_super_seguro
GOOGLE_CLIENT_ID=tu_google_client_id
GOOGLE_CLIENT_SECRET=tu_google_client_secret
NODE_ENV=development
Make sure to replace the values with your own credentials and configurations.
To start the server:
npm start
Generate X-CSRF-Token
{
"email": "[email protected]",
"password": "password123"
}
X-CSRF-Token
: [CSRF Token obtained in step 1]
Content-Type
: application/json
{
"email": "",
"password": ""
}
X-CSRF-Token
: [Token CSRF obtenido en el paso 1]
Content-Type
: application/json
X-CSRF-Token
: [Token CSRF obtenido en el paso 1]
Authorization
: [Token JWT obtenido del login]
Content-Type
: application/json
X-CSRF-Token
: [Token CSRF obtenido en el paso 1]
Authorization
: [Token JWT obtenido del login]
Base64 representation of QR code (scan with auth app).
X-CSRF-Token
: [Token CSRF obtenido en el paso 1]
Authorization
: [Token JWT obtenido del login]
Content-Type
: application/json
Body (raw JSON):
{
"token": "123456" // El código de 6 dígitos de tu app de autenticación
}
GET /api/auth/google
: Initiate Google authenticationGET /api/auth/google/callback
: Google authentication callback