secure-auth is a secure and feature-rich web application that provides robust user authentication with support for multi-factor authentication (MFA) to enhance security. This application uses modern technologies like Rust, MongoDB, and various cryptographic techniques to ensure secure handling of user data.
- Create an Account: Users can sign up by providing a username, email, and password.
- Email and Phone Verification: Ensures that users verify their email and phone number before accessing the services.
- Password Authentication: Users can log in using their username or email along with their password.
- Multi-Factor Authentication (MFA): If enabled, users are prompted for an additional MFA code after entering their password.
- TOTP-Based MFA: Uses Time-based One-Time Passwords (TOTP) for MFA, compatible with apps like Google Authenticator.
- MFA Setup:
- Generates a TOTP secret for the user.
- Provides a QR code for easy scanning by authentication apps.
- Encrypts and stores the TOTP secret securely in the database.
- MFA Verification:
- Verifies the TOTP code entered by the user.
- Issues an access token upon successful verification.
- Password Hashing: Uses secure hashing algorithms to store passwords.
- Encrypted Data Storage: Encrypts sensitive data like TOTP secrets before storing them in the database.
- Recovery Codes: Generates and securely stores recovery codes for account recovery.
- Access Tokens: Issues JWT tokens for authenticated sessions.
- Token Management: Handles token creation and validation to manage user sessions.
To run Secure Auth, you need to have Rust and MongoDB installed on your machine. Follow the steps below to set up the application.
- Rust (latest stable version)
- MongoDB
- Clone the Repository:
git clone https://github.com/yourusername/secure-auth.git
cd secure-auth
- Set Up Environment Variables: Create a .env file in the root directory and add the following environment variables:
MONGODB_URI="mongodb://localhost:27017"
MONGODB_NAME="AuthenticationSystem"
JWT_SECRET="SOME-SECRET"
JWT_RESET_SECRET="SOME-OTHER-RESET-TOKEN"
SMTP_SERVER="send.ahasend.com" # Or your smtp provider
SMTP_USERNAME="your-smtp-username"
SMTP_PASSWORD="your-smtp-password"
SERVER_DOMAIN="your-domain-server" # example.com
MFA_ISSUER="Your Company Name" #Your brand/company name that shows up in user's authenticator
# Your_base64_encoded_32_byte_key, 32_byte_key like 'mDFmCpcKsI5elbTZgOqRd0hobFobrPkv'
ENCRYPTION_KEY="bURGbUNwY0tzSTVlbGJUWmdPcVJkMGhvYkZvYnJQa3Y=" # <- base64 encoded of the key (change this)
# Your_base64_encoded_16_byte_iv # 16_byte_iv like 'oHlnHr8DAjfCyB1W'
ENCRYPTION_IV="b0hsbkhyOERBamZDeUIxVw==" # <- base64 encoded of the iv (change this)
- Install Dependencies:
cargo build
- cargo run
cargo build
- User Registration
- Endpoint:
/register
- Method: POST
- Request Body:
{
"username": "johndoe",
"email": "[email protected]",
"password": "yourpassword"
}
- User Login
- Endpoint:
/login
- Method: POST
- Request Body:
{
"identifier": "johndoe", // username or email
"password": "yourpassword"
}
- Verify Email
- Endpoint:
/verify_email
- Method:
GET
- URL:
//@notice: Verification token will be automatically send to user's email
// then user will be verified and redirected to your frontend's "/verification-success"
`https://your-server-domain.com/verify_email?token=${verification_token}`
- Setup MFA
- Endpoint:
/setup_mfa/{user_id}
- Method:
POST
- Response: Returns a QR code for TOTP setup, with additional data e.g.
MFA recovery codes
.
- Verify MFA
- Endpoint:
/verify_mfa/{user_id}
- Method:
POST
- Request Body:
{
"totp_code": "123456"
}
- Forgot Password
- Endpoint:
/forgot_password
- Method:
POST
- Request Body:
{
"email": "[email protected]"
}
- Reset Password
- Endpoint:
/reset_password
- Method:
POST
- Request Body:
{
"email": "[email protected]",
"new_password": "a-new-password", // "String" type
"reset_token": "get-reset-token-from-frontend-url-param-&-put-here",
}
We welcome contributions to Secure-auth. If you find a bug or have a feature request, please open an issue or submit a pull request.
Secure-auth is licensed under the MIT License. See the LICENSE file for more information.
Special thanks to all contributors and the open-source community for their invaluable support and contributions.