Hybrid Authentication with PostgreSQL (Drizzle)

PostgreSQL implementation of hybrid authentication using Drizzle ORM for users and Redis for session tracking and refresh token rotation.

Installation Guide

Add the hybrid authentication blueprint using the Servercn CLI:

npx servercn-cli add blueprint hybrid-auth

Key Features

  • PostgreSQL + Drizzle ORM for type-safe database operations
  • JWT access/refresh token rotation with Redis-backed sessions
  • OAuth support (GitHub, Google, Facebook) via Passport.js
  • OTP-based email verification and password reset
  • Account lockout after failed login attempts
  • Soft/hard account deletion with reactivation support
  • Cloudinary file upload integration for avatars
  • Rate limiting and security headers

API Endpoints

All endpoints are the same for both MVC and Feature architectures.

Authentication Routes

Base URL: http://localhost:9000/api/v1/auth

MethodEndpointDescription
POST/signupRegister new user and send verification OTP
POST/verify-userVerify email with OTP
POST/signinLogin user and set auth cookies
GET/profileGet current user profile
PATCH/profileUpdate profile and avatar
GET/sessionsList active sessions
DELETE/sessionsRevoke all sessions except current
DELETE/sessions/:sessionIdRevoke a specific session
POST/refresh-tokenRotate access and refresh tokens
POST/logoutLogout current session
POST/forgot-passwordRequest password reset OTP
POST/verify-reset-otpVerify password reset OTP
POST/reset-passwordReset password after OTP verification
POST/change-passwordChange password and revoke sessions
POST/account/request-deleteRequest account deletion token
DELETE/account/deleteDelete or deactivate account by token
PUT/account/reactivateReactivate soft-deleted account

OAuth Routes

Base URL: http://localhost:9000/api/auth

MethodEndpointDescription
GET/githubInitiate GitHub OAuth
GET/github/callbackGitHub OAuth callback
GET/googleInitiate Google OAuth
GET/google/callbackGoogle OAuth callback
GET/facebookInitiate Facebook OAuth
GET/facebook/callbackFacebook OAuth callback

Health Check

Base URL: http://localhost:9000/api/v1/health

MethodEndpointDescription
GET/Basic health check
GET/detailedDetailed health status

Environment Variables

Create a .env file with the following:

PORT='9000'
NODE_ENV='development'
LOG_LEVEL='info'
CORS_ORIGIN=''
CLIENT_URL=''
 
DATABASE_URL='postgresql://user:password@localhost:5432/mydb'
REDIS_URL=''
 
JWT_ACCESS_SECRET=''
JWT_REFRESH_SECRET=''
CRYPTO_SECRET=''
 
RESEND_API_KEY=''
EMAIL_FROM=''
 
CLOUDINARY_CLOUD_NAME=''
CLOUDINARY_API_KEY=''
CLOUDINARY_API_SECRET=''
 
GOOGLE_CLIENT_ID=''
GOOGLE_CLIENT_SECRET=''
GOOGLE_REDIRECT_URI=''
 
GITHUB_CLIENT_ID=''
GITHUB_CLIENT_SECRET=''
GITHUB_REDIRECT_URI=''
 
FACEBOOK_APP_ID=''
FACEBOOK_APP_SECRET=''
FACEBOOK_REDIRECT_URI=''

File & Folder Structure

Loading files...

Installation

npx servercn-cli add bp hybrid-auth

Contributed by

Johnvessly AltiJohnvessly Alti