Patrick
115 lines
2.4 KiB
Markdown
115 lines
2.4 KiB
Markdown
# airclientauth
|
|
|
|
A simple, lightweight authentication system built with Node.js, Express, SQLite, and JSON Web Tokens (JWT).
|
|
|
|
## Features
|
|
|
|
- **CLI User Management**: Easily create users from the command line.
|
|
- **First-Login Password Setup**: Users created via CLI do not have initial passwords. They set their password securely on their first login attempt.
|
|
- **JWT Authentication**: Generates tokens for secure API communication.
|
|
- **SQLite Storage**: Hashes and stores passwords safely using bcrypt and SQLite.
|
|
|
|
## Installation
|
|
|
|
1. Clone or download the repository.
|
|
2. Install dependencies:
|
|
|
|
```bash
|
|
npm install
|
|
```
|
|
|
|
## Usage
|
|
|
|
### 1. Start the Server
|
|
|
|
To start the API server on port 3000:
|
|
|
|
```bash
|
|
npm start
|
|
```
|
|
*(The SQLite database `users.db` will be created automatically on the first run).*
|
|
|
|
### 2. Create a User (CLI)
|
|
|
|
You can create a new user account without a password using the built-in CLI tool:
|
|
|
|
```bash
|
|
npm run airclientauth -- create myusername
|
|
```
|
|
|
|
### 3. API Endpoints
|
|
|
|
#### Login / Set Password
|
|
**`POST /login`**
|
|
|
|
- **First Login (Setting the Password)**
|
|
When a user logs in for the first time, they must provide a password to set it.
|
|
|
|
*Request:*
|
|
```json
|
|
{
|
|
"username": "myusername",
|
|
"password": "mynewsecurepassword"
|
|
}
|
|
```
|
|
*Response:*
|
|
```json
|
|
{
|
|
"status": "success",
|
|
"message": "Password set successfully. Logged in.",
|
|
"token": "eyJhbGciOiJIUzI..."
|
|
}
|
|
```
|
|
*(Note: If you attempt to log in for the first time without a password, the server will return a `403 Forbidden` status with `{ "status": "require_password" }` to let the client know it needs to prompt the user).*
|
|
|
|
- **Subsequent Logins**
|
|
Once the password is set, use the same endpoint to log in.
|
|
|
|
*Request:*
|
|
```json
|
|
{
|
|
"username": "myusername",
|
|
"password": "mynewsecurepassword"
|
|
}
|
|
```
|
|
*Response:*
|
|
```json
|
|
{
|
|
"status": "success",
|
|
"message": "Logged in successfully",
|
|
"token": "eyJhbGciOiJIUzI..."
|
|
}
|
|
```
|
|
|
|
#### Verify Token
|
|
**`GET /verify`**
|
|
|
|
Check if a provided JWT is still valid.
|
|
|
|
*Request Headers:*
|
|
```
|
|
Authorization: Bearer <your_jwt_token>
|
|
```
|
|
|
|
*Response (Valid):*
|
|
```json
|
|
{
|
|
"valid": true,
|
|
"user": "myusername"
|
|
}
|
|
```
|
|
|
|
*Response (Invalid):*
|
|
```json
|
|
{
|
|
"valid": false,
|
|
"error": "Invalid or expired token"
|
|
}
|
|
```
|
|
|
|
## Tech Stack
|
|
- **Express**: Web framework for the API endpoints.
|
|
- **bcryptjs**: Secure password hashing.
|
|
- **jsonwebtoken (JWT)**: Token-based authentication.
|
|
- **sqlite3 / sqlite**: File-based database storage.
|