- Signup
- Login
- Logout
- Refresh tokens + invalidate old token
- Get user data + isAuth middleware
- Change user password
- Send email service
- Send SMS service
- Forgot + reset password
- Update phone or email
- Email verification
- Phone verification
- Validate user input
- Social auth google
- Fail login limit
- Requests limit
- Migrate refresh_tokens table to redis
Про токены, JSON Web Tokens (JWT), аутентификацию и авторизацию. Token-Based Authentication
Контрольний список безпеки API
Generate google auth url on the client side
function getGoogleUrl(): string {
const rootUrl = `https://accounts.google.com/o/oauth2/v2/auth`;
const options = {
redirect_uri: process.env.GOOGLE_REDIRECT,
client_id: process.env.GOOGLE_CLIENT_ID,
access_type: 'offline',
response_type: 'code',
prompt: 'consent',
scope: [
'https://www.googleapis.com/auth/userinfo.profile',
'https://www.googleapis.com/auth/userinfo.email',
].join(' '),
state: '/',
} as Record<string, string>;
const qs = new URLSearchParams(options);
return `${rootUrl}?${qs}`;
}