Create a robust authentication API that handles user registration, login, password reset, and JWT token management with proper security practices.

Project Checklist

• Implement user registration endpoint with email validation
• Create login endpoint that returns JWT tokens
• Add password hashing using bcrypt or similar
• Implement JWT token generation and validation middleware
• Create protected routes that require authentication
• Add password reset functionality with email tokens

Bonus Project Checklist Items

• Implement refresh token rotation
• Add rate limiting to prevent brute force attacks
• Create email verification system
• Add two-factor authentication (2FA)
• Implement session management and logout
• Add OAuth integration (Google, GitHub)

Inspiration (Any companies/libraries similar)

• Auth0
• Firebase Auth
• Passport.js

Hint/Code snippet to start

const jwt = require('jsonwebtoken');
const bcrypt = require('bcrypt');

async function register(req, res) {
  const { email, password } = req.body;
  const hashedPassword = await bcrypt.hash(password, 10);
  // Save user to database
  const token = jwt.sign({ userId: user.id }, process.env.JWT_SECRET);
  res.json({ token });
}

function authenticateToken(req, res, next) {
  const token = req.headers['authorization'];
  if (!token) return res.sendStatus(401);
  jwt.verify(token, process.env.JWT_SECRET, (err, user) => {
    if (err) return res.sendStatus(403);
    req.user = user;
    next();
  });
}