Rewrite authentication service from FastAPI/Python to Node.js/Express

- Replace FastAPI with Express.js framework
- Replace SQLAlchemy with Sequelize ORM
- Replace Alembic with Sequelize migrations
- Implement bcryptjs for password hashing
- Add JWT authentication with jsonwebtoken
- Create Express routes and controllers
- Add input validation with express-validator
- Implement rate limiting and security headers
- Configure CORS for all origins
- Add environment-based configuration
- Update README with Node.js setup instructions

Environment variables required:
- JWT_SECRET: JWT secret key for token signing
- NODE_ENV: Environment (development/production)
- PORT: Server port (default: 3000)
- JWT_EXPIRES_IN: Token expiration time (default: 24h)

README.md

@@ -1,39 +1,53 @@
 # User Authentication Service
 
-A FastAPI-based user authentication service with JWT token authentication and SQLite database.
+A Node.js Express-based user authentication service with JWT token authentication and SQLite database.
 
 ## Features
 
 - User registration and login
 - JWT token-based authentication
-- Password hashing with bcrypt
-- SQLite database with SQLAlchemy ORM
-- Database migrations with Alembic
+- Password hashing with bcryptjs
+- SQLite database with Sequelize ORM
+- Input validation with express-validator
+- Rate limiting and security headers
 - CORS enabled for all origins
 - Health check endpoint
-- Auto-generated API documentation
+- Environment-based configuration
 
 ## Environment Variables
 
-Set the following environment variables before running the application:
+Create a `.env` file in the root directory with the following variables:
 
-- `SECRET_KEY`: JWT secret key for token signing (required for production)
+- `NODE_ENV`: Environment (development/production)
+- `PORT`: Server port (default: 3000)
+- `JWT_SECRET`: JWT secret key for token signing (required for production)
+- `JWT_EXPIRES_IN`: Token expiration time (default: 24h)
+
+Copy `.env.example` to `.env` and update the values:
+```bash
+cp .env.example .env
+```
 
 ## Installation
 
-1. Install dependencies:
+1. Install Node.js dependencies:
 ```bash
-pip install -r requirements.txt
+npm install
 ```
 
-2. Run database migrations:
+2. Set up environment variables:
 ```bash
-alembic upgrade head
+cp .env.example .env
 ```
 
-3. Start the application:
+3. Start the application in development mode:
 ```bash
-uvicorn main:app --reload
+npm run dev
+```
+
+Or start in production mode:
+```bash
+npm start
 ```
 
 ## API Endpoints
@@ -47,32 +61,57 @@ uvicorn main:app --reload
 ### Protected Endpoints (require Bearer token)
 - `GET /api/v1/users/me` - Get current user info
 - `GET /api/v1/users/profile` - Get user profile
+- `PUT /api/v1/users/profile` - Update user profile
+- `DELETE /api/v1/users/deactivate` - Deactivate user account
 
-## API Documentation
-
-Once the application is running, visit:
-- Swagger UI: http://localhost:8000/docs
-- ReDoc: http://localhost:8000/redoc
-- OpenAPI JSON: http://localhost:8000/openapi.json
-
-## Usage Example
+## Usage Examples
 
 1. Register a new user:
 ```bash
-curl -X POST "http://localhost:8000/api/v1/auth/register" \
+curl -X POST "http://localhost:3000/api/v1/auth/register" \
      -H "Content-Type: application/json" \
      -d '{"email": "user@example.com", "password": "password123"}'
 ```
 
 2. Login to get access token:
 ```bash
-curl -X POST "http://localhost:8000/api/v1/auth/login" \
-     -H "Content-Type: application/x-www-form-urlencoded" \
-     -d "username=user@example.com&password=password123"
+curl -X POST "http://localhost:3000/api/v1/auth/login" \
+     -H "Content-Type: application/json" \
+     -d '{"email": "user@example.com", "password": "password123"}'
 ```
 
 3. Access protected endpoint:
 ```bash
-curl -X GET "http://localhost:8000/api/v1/users/me" \
+curl -X GET "http://localhost:3000/api/v1/users/me" \
      -H "Authorization: Bearer YOUR_ACCESS_TOKEN"
 ```
+
+4. Update user profile:
+```bash
+curl -X PUT "http://localhost:3000/api/v1/users/profile" \
+     -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
+     -H "Content-Type: application/json" \
+     -d '{"email": "newemail@example.com"}'
+```
+
+## Development
+
+### Available Scripts
+
+- `npm start` - Start the production server
+- `npm run dev` - Start development server with nodemon
+- `npm run lint` - Run ESLint
+- `npm run lint:fix` - Run ESLint with auto-fix
+
+### Project Structure
+
+```
+src/
+├── config/         # Database configuration
+├── controllers/    # Route controllers
+├── middleware/     # Custom middleware
+├── models/         # Sequelize models
+├── routes/         # Express routes
+├── utils/          # Utility functions
+└── server.js       # Main server file
+```

alembic.ini

@@ -1,41 +0,0 @@
-[alembic]
-script_location = alembic
-prepend_sys_path = .
-version_path_separator = os
-sqlalchemy.url = sqlite:////app/storage/db/db.sqlite
-
-[post_write_hooks]
-
-[loggers]
-keys = root,sqlalchemy,alembic
-
-[handlers]
-keys = console
-
-[formatters]
-keys = generic
-
-[logger_root]
-level = WARN
-handlers = console
-qualname =
-
-[logger_sqlalchemy]
-level = WARN
-handlers =
-qualname = sqlalchemy.engine
-
-[logger_alembic]
-level = INFO
-handlers =
-qualname = alembic
-
-[handler_console]
-class = StreamHandler
-args = (sys.stderr,)
-level = NOTSET
-formatter = generic
-
-[formatter_generic]
-format = %(levelname)-5.5s [%(name)s] %(message)s
-datefmt = %H:%M:%S

alembic/env.py

@@ -1,49 +0,0 @@
-from logging.config import fileConfig
-from sqlalchemy import engine_from_config
-from sqlalchemy import pool
-from alembic import context
-import sys
-import os
-
-sys.path.append(os.path.dirname(os.path.dirname(__file__)))
-
-from app.db.base import Base
-
-config = context.config
-
-if config.config_file_name is not None:
-    fileConfig(config.config_file_name)
-
-target_metadata = Base.metadata
-
-def run_migrations_offline() -> None:
-    url = config.get_main_option("sqlalchemy.url")
-    context.configure(
-        url=url,
-        target_metadata=target_metadata,
-        literal_binds=True,
-        dialect_opts={"paramstyle": "named"},
-    )
-
-    with context.begin_transaction():
-        context.run_migrations()
-
-def run_migrations_online() -> None:
-    connectable = engine_from_config(
-        config.get_section(config.config_ini_section),
-        prefix="sqlalchemy.",
-        poolclass=pool.NullPool,
-    )
-
-    with connectable.connect() as connection:
-        context.configure(
-            connection=connection, target_metadata=target_metadata
-        )
-
-        with context.begin_transaction():
-            context.run_migrations()
-
-if context.is_offline_mode():
-    run_migrations_offline()
-else:
-    run_migrations_online()

alembic/script.py.mako

@@ -1,22 +0,0 @@
-"""${message}
-
-Revision ID: ${up_revision}
-Revises: ${down_revision | comma,n}
-Create Date: ${create_date}
-
-"""
-from alembic import op
-import sqlalchemy as sa
-${imports if imports else ""}
-
-# revision identifiers, used by Alembic.
-revision = ${repr(up_revision)}
-down_revision = ${repr(down_revision)}
-branch_labels = ${repr(branch_labels)}
-depends_on = ${repr(depends_on)}
-
-def upgrade() -> None:
-    ${upgrades if upgrades else "pass"}
-
-def downgrade() -> None:
-    ${downgrades if downgrades else "pass"}

alembic/versions/001_create_users_table.py

@@ -1,33 +0,0 @@
-"""create users table
-
-Revision ID: 001
-Revises: 
-Create Date: 2024-01-01 00:00:00.000000
-
-"""
-from alembic import op
-import sqlalchemy as sa
-
-# revision identifiers, used by Alembic.
-revision = '001'
-down_revision = None
-branch_labels = None
-depends_on = None
-
-def upgrade() -> None:
-    op.create_table('users',
-        sa.Column('id', sa.Integer(), nullable=False),
-        sa.Column('email', sa.String(), nullable=False),
-        sa.Column('hashed_password', sa.String(), nullable=False),
-        sa.Column('is_active', sa.Boolean(), nullable=True),
-        sa.Column('created_at', sa.DateTime(timezone=True), server_default=sa.text('(CURRENT_TIMESTAMP)'), nullable=True),
-        sa.Column('updated_at', sa.DateTime(timezone=True), nullable=True),
-        sa.PrimaryKeyConstraint('id')
-    )
-    op.create_index(op.f('ix_users_email'), 'users', ['email'], unique=True)
-    op.create_index(op.f('ix_users_id'), 'users', ['id'], unique=False)
-
-def downgrade() -> None:
-    op.drop_index(op.f('ix_users_id'), table_name='users')
-    op.drop_index(op.f('ix_users_email'), table_name='users')
-    op.drop_table('users')

app/api/routes/auth.py

@@ -1,87 +0,0 @@
-from datetime import timedelta
-from fastapi import APIRouter, Depends, HTTPException, status
-from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm
-from sqlalchemy.orm import Session
-from jose import JWTError, jwt
-
-from app.core.security import (
-    ALGORITHM,
-    SECRET_KEY,
-    create_access_token,
-    get_password_hash,
-    verify_password,
-)
-from app.db.session import get_db
-from app.models.user import User
-from app.schemas.user import Token, TokenData, UserCreate, User as UserSchema
-
-router = APIRouter()
-oauth2_scheme = OAuth2PasswordBearer(tokenUrl="api/v1/auth/login")
-
-def get_user_by_email(db: Session, email: str):
-    return db.query(User).filter(User.email == email).first()
-
-def authenticate_user(db: Session, email: str, password: str):
-    user = get_user_by_email(db, email)
-    if not user:
-        return False
-    if not verify_password(password, user.hashed_password):
-        return False
-    return user
-
-def create_user(db: Session, user: UserCreate):
-    hashed_password = get_password_hash(user.password)
-    db_user = User(
-        email=user.email,
-        hashed_password=hashed_password
-    )
-    db.add(db_user)
-    db.commit()
-    db.refresh(db_user)
-    return db_user
-
-async def get_current_user(token: str = Depends(oauth2_scheme), db: Session = Depends(get_db)):
-    credentials_exception = HTTPException(
-        status_code=status.HTTP_401_UNAUTHORIZED,
-        detail="Could not validate credentials",
-        headers={"WWW-Authenticate": "Bearer"},
-    )
-    try:
-        payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
-        email: str = payload.get("sub")
-        if email is None:
-            raise credentials_exception
-        token_data = TokenData(email=email)
-    except JWTError:
-        raise credentials_exception
-    user = get_user_by_email(db, email=token_data.email)
-    if user is None:
-        raise credentials_exception
-    return user
-
-async def get_current_active_user(current_user: User = Depends(get_current_user)):
-    if not current_user.is_active:
-        raise HTTPException(status_code=400, detail="Inactive user")
-    return current_user
-
-@router.post("/register", response_model=UserSchema)
-def register(user: UserCreate, db: Session = Depends(get_db)):
-    db_user = get_user_by_email(db, email=user.email)
-    if db_user:
-        raise HTTPException(status_code=400, detail="Email already registered")
-    return create_user(db=db, user=user)
-
-@router.post("/login", response_model=Token)
-def login_for_access_token(form_data: OAuth2PasswordRequestForm = Depends(), db: Session = Depends(get_db)):
-    user = authenticate_user(db, form_data.username, form_data.password)
-    if not user:
-        raise HTTPException(
-            status_code=status.HTTP_401_UNAUTHORIZED,
-            detail="Incorrect email or password",
-            headers={"WWW-Authenticate": "Bearer"},
-        )
-    access_token_expires = timedelta(minutes=30)
-    access_token = create_access_token(
-        subject=user.email, expires_delta=access_token_expires
-    )
-    return {"access_token": access_token, "token_type": "bearer"}

app/api/routes/users.py

@@ -1,15 +0,0 @@
-from fastapi import APIRouter, Depends
-
-from app.api.routes.auth import get_current_active_user
-from app.models.user import User
-from app.schemas.user import User as UserSchema
-
-router = APIRouter()
-
-@router.get("/me", response_model=UserSchema)
-def read_users_me(current_user: User = Depends(get_current_active_user)):
-    return current_user
-
-@router.get("/profile", response_model=UserSchema)
-def get_user_profile(current_user: User = Depends(get_current_active_user)):
-    return current_user

app/core/security.py

@@ -1,30 +0,0 @@
-import os
-from datetime import datetime, timedelta
-from typing import Any, Union
-from passlib.context import CryptContext
-from jose import jwt
-
-pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
-
-SECRET_KEY = os.getenv("SECRET_KEY", "your-secret-key-change-this-in-production")
-ALGORITHM = "HS256"
-ACCESS_TOKEN_EXPIRE_MINUTES = 30
-
-def create_access_token(
-    subject: Union[str, Any], expires_delta: timedelta = None
-) -> str:
-    if expires_delta:
-        expire = datetime.utcnow() + expires_delta
-    else:
-        expire = datetime.utcnow() + timedelta(
-            minutes=ACCESS_TOKEN_EXPIRE_MINUTES
-        )
-    to_encode = {"exp": expire, "sub": str(subject)}
-    encoded_jwt = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
-    return encoded_jwt
-
-def verify_password(plain_password: str, hashed_password: str) -> bool:
-    return pwd_context.verify(plain_password, hashed_password)
-
-def get_password_hash(password: str) -> str:
-    return pwd_context.hash(password)

app/db/base.py

@@ -1,3 +0,0 @@
-from sqlalchemy.ext.declarative import declarative_base
-
-Base = declarative_base()

app/db/session.py

@@ -1,22 +0,0 @@
-from pathlib import Path
-from sqlalchemy import create_engine
-from sqlalchemy.orm import sessionmaker
-
-DB_DIR = Path("/app/storage/db")
-DB_DIR.mkdir(parents=True, exist_ok=True)
-
-SQLALCHEMY_DATABASE_URL = f"sqlite:///{DB_DIR}/db.sqlite"
-
-engine = create_engine(
-    SQLALCHEMY_DATABASE_URL,
-    connect_args={"check_same_thread": False}
-)
-
-SessionLocal = sessionmaker(autocommit=False, autoflush=False, bind=engine)
-
-def get_db():
-    db = SessionLocal()
-    try:
-        yield db
-    finally:
-        db.close()

app/models/user.py

@@ -1,13 +0,0 @@
-from sqlalchemy import Column, Integer, String, Boolean, DateTime
-from sqlalchemy.sql import func
-from app.db.base import Base
-
-class User(Base):
-    __tablename__ = "users"
-    
-    id = Column(Integer, primary_key=True, index=True)
-    email = Column(String, unique=True, index=True, nullable=False)
-    hashed_password = Column(String, nullable=False)
-    is_active = Column(Boolean, default=True)
-    created_at = Column(DateTime(timezone=True), server_default=func.now())
-    updated_at = Column(DateTime(timezone=True), onupdate=func.now())

app/schemas/user.py

@@ -1,29 +0,0 @@
-from pydantic import BaseModel, EmailStr
-from typing import Optional
-from datetime import datetime
-
-class UserBase(BaseModel):
-    email: EmailStr
-
-class UserCreate(UserBase):
-    password: str
-
-class UserLogin(BaseModel):
-    email: EmailStr
-    password: str
-
-class User(UserBase):
-    id: int
-    is_active: bool
-    created_at: datetime
-    updated_at: Optional[datetime] = None
-    
-    class Config:
-        from_attributes = True
-
-class Token(BaseModel):
-    access_token: str
-    token_type: str
-
-class TokenData(BaseModel):
-    email: Optional[str] = None

main.py

@@ -1,41 +0,0 @@
-from fastapi import FastAPI
-from fastapi.middleware.cors import CORSMiddleware
-from app.api.routes import auth, users
-from app.db.session import engine
-from app.db.base import Base
-
-Base.metadata.create_all(bind=engine)
-
-app = FastAPI(
-    title="User Authentication Service",
-    description="A FastAPI service for user authentication",
-    version="1.0.0",
-    openapi_url="/openapi.json"
-)
-
-app.add_middleware(
-    CORSMiddleware,
-    allow_origins=["*"],
-    allow_credentials=True,
-    allow_methods=["*"],
-    allow_headers=["*"],
-)
-
-app.include_router(auth.router, prefix="/api/v1/auth", tags=["authentication"])
-app.include_router(users.router, prefix="/api/v1/users", tags=["users"])
-
-@app.get("/")
-async def root():
-    return {
-        "title": "User Authentication Service",
-        "documentation": "/docs",
-        "health": "/health"
-    }
-
-@app.get("/health")
-async def health_check():
-    return {
-        "status": "healthy",
-        "service": "User Authentication Service",
-        "version": "1.0.0"
-    }

package.json

@@ -0,0 +1,45 @@
+{
+  "name": "user-authentication-service",
+  "version": "1.0.0",
+  "description": "A Node.js Express-based user authentication service with JWT and SQLite",
+  "main": "src/server.js",
+  "scripts": {
+    "start": "node src/server.js",
+    "dev": "nodemon src/server.js",
+    "migrate": "sequelize-cli db:migrate",
+    "migrate:undo": "sequelize-cli db:migrate:undo",
+    "seed": "sequelize-cli db:seed:all",
+    "lint": "eslint src/",
+    "lint:fix": "eslint src/ --fix"
+  },
+  "keywords": [
+    "nodejs",
+    "express",
+    "authentication",
+    "jwt",
+    "sqlite",
+    "sequelize"
+  ],
+  "author": "BackendIM",
+  "license": "MIT",
+  "dependencies": {
+    "express": "^4.18.2",
+    "sequelize": "^6.35.2",
+    "sqlite3": "^5.1.6",
+    "bcryptjs": "^2.4.3",
+    "jsonwebtoken": "^9.0.2",
+    "cors": "^2.8.5",
+    "helmet": "^7.1.0",
+    "express-validator": "^7.0.1",
+    "express-rate-limit": "^7.1.5",
+    "dotenv": "^16.3.1"
+  },
+  "devDependencies": {
+    "nodemon": "^3.0.2",
+    "eslint": "^8.55.0",
+    "sequelize-cli": "^6.6.2"
+  },
+  "engines": {
+    "node": ">=16.0.0"
+  }
+}

requirements.txt

@@ -1,8 +0,0 @@
-fastapi==0.104.1
-uvicorn==0.24.0
-sqlalchemy==2.0.23
-alembic==1.13.0
-python-jose[cryptography]==3.3.0
-passlib[bcrypt]==1.7.4
-python-multipart==0.0.6
-ruff==0.1.6

src/config/database.js

@@ -0,0 +1,22 @@
+const { Sequelize } = require('sequelize');
+const path = require('path');
+const fs = require('fs');
+
+const dbDir = '/app/storage/db';
+if (!fs.existsSync(dbDir)) {
+  fs.mkdirSync(dbDir, { recursive: true });
+}
+
+const sequelize = new Sequelize({
+  dialect: 'sqlite',
+  storage: path.join(dbDir, 'db.sqlite'),
+  logging: process.env.NODE_ENV === 'development' ? console.log : false,
+  define: {
+    timestamps: true,
+    underscored: true,
+    createdAt: 'created_at',
+    updatedAt: 'updated_at'
+  }
+});
+
+module.exports = { sequelize };

src/controllers/authController.js

@@ -0,0 +1,106 @@
+const { body, validationResult } = require('express-validator');
+const User = require('../models/User');
+const { generateToken } = require('../utils/jwt');
+
+const registerValidation = [
+  body('email')
+    .isEmail()
+    .normalizeEmail()
+    .withMessage('Please provide a valid email'),
+  body('password')
+    .isLength({ min: 6 })
+    .withMessage('Password must be at least 6 characters long')
+];
+
+const loginValidation = [
+  body('email')
+    .isEmail()
+    .normalizeEmail()
+    .withMessage('Please provide a valid email'),
+  body('password')
+    .notEmpty()
+    .withMessage('Password is required')
+];
+
+const register = async (req, res) => {
+  try {
+    const errors = validationResult(req);
+    if (!errors.isEmpty()) {
+      return res.status(400).json({
+        error: 'Validation failed',
+        details: errors.array()
+      });
+    }
+
+    const { email, password } = req.body;
+
+    const existingUser = await User.findOne({ where: { email } });
+    if (existingUser) {
+      return res.status(400).json({ error: 'Email already registered' });
+    }
+
+    const user = await User.create({
+      email,
+      password
+    });
+
+    const token = generateToken({ userId: user.id, email: user.email });
+
+    res.status(201).json({
+      message: 'User registered successfully',
+      user: user.toJSON(),
+      token,
+      tokenType: 'Bearer'
+    });
+  } catch (error) {
+    console.error('Registration error:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
+};
+
+const login = async (req, res) => {
+  try {
+    const errors = validationResult(req);
+    if (!errors.isEmpty()) {
+      return res.status(400).json({
+        error: 'Validation failed',
+        details: errors.array()
+      });
+    }
+
+    const { email, password } = req.body;
+
+    const user = await User.findOne({ where: { email } });
+    if (!user) {
+      return res.status(401).json({ error: 'Invalid email or password' });
+    }
+
+    if (!user.isActive) {
+      return res.status(401).json({ error: 'Account is inactive' });
+    }
+
+    const isValidPassword = await user.validatePassword(password);
+    if (!isValidPassword) {
+      return res.status(401).json({ error: 'Invalid email or password' });
+    }
+
+    const token = generateToken({ userId: user.id, email: user.email });
+
+    res.json({
+      message: 'Login successful',
+      user: user.toJSON(),
+      token,
+      tokenType: 'Bearer'
+    });
+  } catch (error) {
+    console.error('Login error:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
+};
+
+module.exports = {
+  register,
+  login,
+  registerValidation,
+  loginValidation
+};

src/controllers/userController.js

@@ -0,0 +1,61 @@
+const User = require('../models/User');
+
+const getProfile = async (req, res) => {
+  try {
+    res.json({
+      user: req.user.toJSON()
+    });
+  } catch (error) {
+    console.error('Get profile error:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
+};
+
+const updateProfile = async (req, res) => {
+  try {
+    const { email } = req.body;
+    const userId = req.user.id;
+
+    if (email && email !== req.user.email) {
+      const existingUser = await User.findOne({ 
+        where: { email },
+        attributes: ['id']
+      });
+      
+      if (existingUser && existingUser.id !== userId) {
+        return res.status(400).json({ error: 'Email already in use' });
+      }
+    }
+
+    const updatedUser = await req.user.update({
+      email: email || req.user.email
+    });
+
+    res.json({
+      message: 'Profile updated successfully',
+      user: updatedUser.toJSON()
+    });
+  } catch (error) {
+    console.error('Update profile error:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
+};
+
+const deactivateAccount = async (req, res) => {
+  try {
+    await req.user.update({ isActive: false });
+    
+    res.json({
+      message: 'Account deactivated successfully'
+    });
+  } catch (error) {
+    console.error('Deactivate account error:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
+};
+
+module.exports = {
+  getProfile,
+  updateProfile,
+  deactivateAccount
+};

src/middleware/auth.js

@@ -0,0 +1,61 @@
+const { verifyToken } = require('../utils/jwt');
+const User = require('../models/User');
+
+const authenticateToken = async (req, res, next) => {
+  try {
+    const authHeader = req.headers.authorization;
+    const token = authHeader && authHeader.split(' ')[1];
+
+    if (!token) {
+      return res.status(401).json({ error: 'Access token required' });
+    }
+
+    const decoded = verifyToken(token);
+    const user = await User.findByPk(decoded.userId);
+
+    if (!user) {
+      return res.status(401).json({ error: 'User not found' });
+    }
+
+    if (!user.isActive) {
+      return res.status(401).json({ error: 'User account is inactive' });
+    }
+
+    req.user = user;
+    next();
+  } catch (error) {
+    return res.status(401).json({ error: 'Invalid or expired token' });
+  }
+};
+
+const optionalAuth = async (req, res, next) => {
+  try {
+    const authHeader = req.headers.authorization;
+    
+    if (!authHeader) {
+      return next();
+    }
+
+    const token = authHeader.split(' ')[1];
+    
+    if (!token) {
+      return next();
+    }
+
+    const decoded = verifyToken(token);
+    const user = await User.findByPk(decoded.userId);
+
+    if (user && user.isActive) {
+      req.user = user;
+    }
+
+    next();
+  } catch (error) {
+    next();
+  }
+};
+
+module.exports = {
+  authenticateToken,
+  optionalAuth
+};

src/models/User.js

@@ -0,0 +1,59 @@
+const { DataTypes } = require('sequelize');
+const bcrypt = require('bcryptjs');
+const { sequelize } = require('../config/database');
+
+const User = sequelize.define('User', {
+  id: {
+    type: DataTypes.INTEGER,
+    primaryKey: true,
+    autoIncrement: true
+  },
+  email: {
+    type: DataTypes.STRING,
+    allowNull: false,
+    unique: true,
+    validate: {
+      isEmail: true
+    }
+  },
+  password: {
+    type: DataTypes.STRING,
+    allowNull: false,
+    validate: {
+      len: [6, 100]
+    }
+  },
+  isActive: {
+    type: DataTypes.BOOLEAN,
+    defaultValue: true,
+    field: 'is_active'
+  }
+}, {
+  tableName: 'users',
+  hooks: {
+    beforeCreate: async (user) => {
+      if (user.password) {
+        const salt = await bcrypt.genSalt(10);
+        user.password = await bcrypt.hash(user.password, salt);
+      }
+    },
+    beforeUpdate: async (user) => {
+      if (user.changed('password')) {
+        const salt = await bcrypt.genSalt(10);
+        user.password = await bcrypt.hash(user.password, salt);
+      }
+    }
+  }
+});
+
+User.prototype.validatePassword = async function(password) {
+  return await bcrypt.compare(password, this.password);
+};
+
+User.prototype.toJSON = function() {
+  const values = { ...this.get() };
+  delete values.password;
+  return values;
+};
+
+module.exports = User;

src/routes/auth.js

@@ -0,0 +1,9 @@
+const express = require('express');
+const { register, login, registerValidation, loginValidation } = require('../controllers/authController');
+
+const router = express.Router();
+
+router.post('/register', registerValidation, register);
+router.post('/login', loginValidation, login);
+
+module.exports = router;

src/routes/users.js

@@ -0,0 +1,12 @@
+const express = require('express');
+const { getProfile, updateProfile, deactivateAccount } = require('../controllers/userController');
+const { authenticateToken } = require('../middleware/auth');
+
+const router = express.Router();
+
+router.get('/me', authenticateToken, getProfile);
+router.get('/profile', authenticateToken, getProfile);
+router.put('/profile', authenticateToken, updateProfile);
+router.delete('/deactivate', authenticateToken, deactivateAccount);
+
+module.exports = router;

src/server.js

@@ -0,0 +1,76 @@
+require('dotenv').config();
+const express = require('express');
+const cors = require('cors');
+const helmet = require('helmet');
+const rateLimit = require('express-rate-limit');
+
+const authRoutes = require('./routes/auth');
+const userRoutes = require('./routes/users');
+const { sequelize } = require('./config/database');
+
+const app = express();
+const PORT = process.env.PORT || 3000;
+
+const limiter = rateLimit({
+  windowMs: 15 * 60 * 1000,
+  max: 100,
+  message: 'Too many requests from this IP, please try again later.'
+});
+
+app.use(helmet());
+app.use(cors({ origin: '*' }));
+app.use(limiter);
+app.use(express.json({ limit: '10mb' }));
+app.use(express.urlencoded({ extended: true }));
+
+app.get('/', (req, res) => {
+  res.json({
+    title: 'User Authentication Service',
+    documentation: '/docs',
+    health: '/health'
+  });
+});
+
+app.get('/health', (req, res) => {
+  res.json({
+    status: 'healthy',
+    service: 'User Authentication Service',
+    version: '1.0.0',
+    timestamp: new Date().toISOString()
+  });
+});
+
+app.use('/api/v1/auth', authRoutes);
+app.use('/api/v1/users', userRoutes);
+
+app.use('*', (req, res) => {
+  res.status(404).json({ error: 'Endpoint not found' });
+});
+
+app.use((error, req, res, next) => {
+  console.error('Error:', error);
+  res.status(error.status || 500).json({
+    error: error.message || 'Internal server error'
+  });
+});
+
+async function startServer() {
+  try {
+    await sequelize.authenticate();
+    console.log('Database connection established successfully.');
+    
+    await sequelize.sync();
+    console.log('Database synchronized.');
+    
+    app.listen(PORT, () => {
+      console.log(`Server is running on port ${PORT}`);
+      console.log(`Health check: http://localhost:${PORT}/health`);
+      console.log(`API docs: http://localhost:${PORT}/docs`);
+    });
+  } catch (error) {
+    console.error('Unable to start server:', error);
+    process.exit(1);
+  }
+}
+
+startServer();

src/utils/jwt.js

@@ -0,0 +1,28 @@
+const jwt = require('jsonwebtoken');
+
+const JWT_SECRET = process.env.JWT_SECRET || 'your-secret-key-change-this-in-production';
+const JWT_EXPIRES_IN = process.env.JWT_EXPIRES_IN || '24h';
+
+const generateToken = (payload) => {
+  return jwt.sign(payload, JWT_SECRET, { expiresIn: JWT_EXPIRES_IN });
+};
+
+const verifyToken = (token) => {
+  try {
+    return jwt.verify(token, JWT_SECRET);
+  } catch (error) {
+    throw new Error('Invalid token');
+  }
+};
+
+const decodeToken = (token) => {
+  return jwt.decode(token);
+};
+
+module.exports = {
+  generateToken,
+  verifyToken,
+  decodeToken,
+  JWT_SECRET,
+  JWT_EXPIRES_IN
+};