winnie/airclientauth
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2 Commits 1 Branch 0 Tags
c37cf16ac292557bde28c2e97025981d5bd8b84d
T
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Patrick c37cf16ac2 license
2026-06-07 20:43:46 +02:00
.gitignore
first commit
2026-06-07 20:42:34 +02:00
index.js
first commit
2026-06-07 20:42:34 +02:00
LICENSE
license
2026-06-07 20:43:46 +02:00
package-lock.json
first commit
2026-06-07 20:42:34 +02:00
package.json
first commit
2026-06-07 20:42:34 +02:00
README.md
first commit
2026-06-07 20:42:34 +02:00

README.md

airclientauth

A simple, lightweight authentication system built with Node.js, Express, SQLite, and JSON Web Tokens (JWT).

Features

  • CLI User Management: Easily create users from the command line.
  • First-Login Password Setup: Users created via CLI do not have initial passwords. They set their password securely on their first login attempt.
  • JWT Authentication: Generates tokens for secure API communication.
  • SQLite Storage: Hashes and stores passwords safely using bcrypt and SQLite.

Installation

  1. Clone or download the repository.
  2. Install dependencies:
npm install

Usage

1. Start the Server

To start the API server on port 3000:

npm start

(The SQLite database users.db will be created automatically on the first run).

2. Create a User (CLI)

You can create a new user account without a password using the built-in CLI tool:

npm run airclientauth -- create myusername

3. API Endpoints

Login / Set Password

POST /login

  • First Login (Setting the Password) When a user logs in for the first time, they must provide a password to set it.

    Request:

    {
  "username": "myusername",
  "password": "mynewsecurepassword"
}

    Response:

    {
  "status": "success",
  "message": "Password set successfully. Logged in.",
  "token": "eyJhbGciOiJIUzI..."
}

    (Note: If you attempt to log in for the first time without a password, the server will return a 403 Forbidden status with { "status": "require_password" } to let the client know it needs to prompt the user).

  • Subsequent Logins Once the password is set, use the same endpoint to log in.

    Request:

    {
  "username": "myusername",
  "password": "mynewsecurepassword"
}

    Response:

    {
  "status": "success",
  "message": "Logged in successfully",
  "token": "eyJhbGciOiJIUzI..."
}

Verify Token

GET /verify

Check if a provided JWT is still valid.

Request Headers:

Authorization: Bearer <your_jwt_token>

Response (Valid):

{
  "valid": true,
  "user": "myusername"
}

Response (Invalid):

{
  "valid": false,
  "error": "Invalid or expired token"
}

Tech Stack

  • Express: Web framework for the API endpoints.
  • bcryptjs: Secure password hashing.
  • jsonwebtoken (JWT): Token-based authentication.
  • sqlite3 / sqlite: File-based database storage.
Reference in New Issue View Git Blame Copy Permalink
S
Description
No description provided
Readme 49 KiB
Languages
JavaScript 100%