🚀 JWT Authentication Backend – Assignment Submission

This project demonstrates a complete authentication system using Node.js, Express, MongoDB, and JWT. It is written so that any evaluator (even non-technical) can test it step by step using Postman.

✅ What This Project Does

Create a user (Signup)

Login a user

Generate a JWT token

Protect private APIs using JWT

Store data securely in MongoDB

Prevent duplicate users

Never expose passwords

🛠️ Tech Stack (Simple Terms)

Node.js – Server

Express.js – API framework

MongoDB – Database

JWT – Authentication

bcrypt – Password security

⚙️ HOW TO RUN THE PROJECT (VERY IMPORTANT) Step 1️⃣ Install Node.js

Make sure Node.js (LTS) is installed.

Check:node -v

Step 2️⃣ Download / Clone the Project git clone <REPOSITORY_URL> cd jwt-auth-backend

Step 3️⃣ Install Dependencies npm install

Step 4️⃣ Environment Configuration

Create a file named .env in the root folder:

PORT=5000 MONGO_URI=mongodb://127.0.0.1:27017/jwt_auth_db JWT_SECRET=supersecretjwtkey JWT_EXPIRES_IN=1h

Step 5️⃣ Start the Server npm run dev

✅ You should see:

MongoDB connected Server running on port 5000

🧪 COMPLETE POSTMAN TESTING GUIDE

🟢 STEP 1: USER SIGNUP (Create Account) 🔹 Create New Request

Method: POST

URL:

http://localhost:5000/api/auth/signup

🔹 Headers Tab

Add exactly this:

Key Value Content-Type application/json

🔹 Body Tab

Select raw

Select JSON

Paste this:

{ "name": "Test User", "email": "testuser@mail.com", "password": "123456" }

🔹 Click Send ✅ Expected Output { "message": "User registered successfully" }

❗ If fields are missing, API will return:

{ "message": "All fields are required" }

🟢 STEP 2: USER LOGIN (Get Token) 🔹 New Request

Method: POST

URL:

http://localhost:5000/api/auth/login

🔹 Body → raw → JSON { "email": "testuser@mail.com", "password": "123456" }

✅ Expected Output { "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." }

📌 Copy this token (very important)

🟢 STEP 3: ACCESS PROTECTED API (JWT REQUIRED) 🔹 New Request

Method: GET

URL:

http://localhost:5000/api/auth/profile

🔹 Headers Tab

Add:

Key Value Authorization Bearer PASTE_TOKEN_HERE

Example:

Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

✅ Expected Output { "_id": "...", "name": "Test User", "email": "testuser@mail.com", "createdAt": "...", "updatedAt": "..." }

✔ Password is NOT returned ✔ Token validation works

🔐 Security Features Verified

Passwords are hashed

JWT expires automatically

Protected routes reject invalid tokens

Sensitive data is hidden

Duplicate users are blocked

🧠 Common Errors & What They Mean Error Meaning All fields are required Request body missing fields Invalid credentials Email or password wrong Unauthorized Token missing or invalid Token expired Login again to get new token

📦 Database Verification (Optional)

Using MongoDB Compass:

mongodb://127.0.0.1:27017

You will see:

jwt_auth_db → users

👤 Author

Rushikesh Dharme

✅ Assignment Status

✔ All requirements implemented ✔ Tested via Postman ✔ Secure & production-ready structure

🏁 Final Note

This README is intentionally step-by-step so that any evaluator can run and verify the APIs without technical knowledge.