Production-like authentication sample application showing secure sign-up/login, JWT/Session handling, RBAC and best practices for modern web apps.
- Full-stack demo (React frontend + Node/Express backend + MySQL)
- Focused on secure user authentication and session management
- Includes protected routes, role-based access, token refresh, password hashing and security headers
- Frontend: React, React Router, Axios
- Backend: Node.js, Express, Passport, JWT
- Database: MySQL
- Security: bcrypt, helmet, CORS, CSRF protection, secure cookies
git clone https://github.com/amariwan/fullstack-auth-system.git
cd fullstack-auth-systemcd backend && npm install
cd ../frontend && npm installCopy the template and set your values:
cp backend/.env.example backend/.env
cp frontend/.env.example frontend/.env# backend
cd backend && npm run dev
# frontend (in a separate terminal)
cd frontend && npm start- Uses bcrypt to hash passwords
- Uses HTTP-only cookies for session tokens
- Includes CSRF protection for state-changing requests
- Includes helmet + recommended security header defaults
- Add MFA (TOTP / SMS)
- Add OAuth providers (Google, GitHub)
- Add email confirmation flows
- Add rate limiting / brute force protection
MIT