AuthLogic - IEEE-Team-3/map GitHub Wiki

Authentication Flow

  1. Sign Up

    • Validates email/password
    • Hashes password
    • Saves user in DB

  2. Login

    • Compares password hash
    • Issues JWT token

  3. Token Management

    • Access Token (short-lived)
    • Refresh Token (long-lived, stored in HttpOnly cookie)

Example Routes

POST /api/auth/register
POST /api/auth/login
POST /api/auth/logout
GET  /api/auth/me

Middlewares

  • requireAuth: Verifies token and sets req.user
  • checkGlobalRole: Restricts routes by global role

Security

  • Rate limiting login attempts
  • Email verification before full access
  • Option for 2FA (future support)
⚠️ **GitHub.com Fallback** ⚠️