# User Authentication Service

A Node.js Express-based user authentication service with JWT token authentication and SQLite database.

## Features

- User registration and login
- JWT token-based authentication
- Password hashing with bcryptjs
- SQLite database with Sequelize ORM
- File upload functionality with multer
- Image processing and avatar uploads
- Input validation with express-validator
- Rate limiting and security headers
- CORS enabled for all origins
- Health check endpoint
- Environment-based configuration

## Environment Variables

Create a `.env` file in the root directory with the following variables:

- `NODE_ENV`: Environment (development/production)
- `PORT`: Server port (default: 3000)
- `JWT_SECRET`: JWT secret key for token signing (required for production)
- `JWT_EXPIRES_IN`: Token expiration time (default: 24h)

Copy `.env.example` to `.env` and update the values:
```bash
cp .env.example .env
```

## Installation

1. Install Node.js dependencies:
```bash
npm install
```

2. Set up environment variables:
```bash
cp .env.example .env
```

3. Start the application in development mode:
```bash
npm run dev
```

Or start in production mode:
```bash
npm start
```

## API Endpoints

### Public Endpoints
- `GET /` - Service information
- `GET /health` - Health check
- `POST /api/v1/auth/register` - User registration
- `POST /api/v1/auth/login` - User login

### Protected Endpoints (require Bearer token)
- `GET /api/v1/users/me` - Get current user info
- `GET /api/v1/users/profile` - Get user profile
- `PUT /api/v1/users/profile` - Update user profile
- `DELETE /api/v1/users/deactivate` - Deactivate user account

### File Upload Endpoints
- `POST /api/v1/upload/files` - Upload multiple files (protected)
- `POST /api/v1/upload/avatar` - Upload user avatar (protected)
- `GET /api/v1/upload/files` - List uploaded files (protected)
- `GET /api/v1/upload/files/:filename` - Download specific file (public)
- `GET /api/v1/upload/avatars/:filename` - Get avatar image (public)
- `DELETE /api/v1/upload/files/:filename` - Delete file (protected)

## Usage Examples

1. Register a new user:
```bash
curl -X POST "http://localhost:3000/api/v1/auth/register" \
     -H "Content-Type: application/json" \
     -d '{"email": "user@example.com", "password": "password123"}'
```

2. Login to get access token:
```bash
curl -X POST "http://localhost:3000/api/v1/auth/login" \
     -H "Content-Type: application/json" \
     -d '{"email": "user@example.com", "password": "password123"}'
```

3. Access protected endpoint:
```bash
curl -X GET "http://localhost:3000/api/v1/users/me" \
     -H "Authorization: Bearer YOUR_ACCESS_TOKEN"
```

4. Update user profile:
```bash
curl -X PUT "http://localhost:3000/api/v1/users/profile" \
     -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
     -H "Content-Type: application/json" \
     -d '{"email": "newemail@example.com"}'
```

5. Upload files:
```bash
curl -X POST "http://localhost:3000/api/v1/upload/files" \
     -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
     -F "files=@/path/to/file1.pdf" \
     -F "files=@/path/to/file2.jpg"
```

6. Upload avatar:
```bash
curl -X POST "http://localhost:3000/api/v1/upload/avatar" \
     -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
     -F "avatar=@/path/to/avatar.jpg"
```

7. List uploaded files:
```bash
curl -X GET "http://localhost:3000/api/v1/upload/files" \
     -H "Authorization: Bearer YOUR_ACCESS_TOKEN"
```

## Development

### Available Scripts

- `npm start` - Start the production server
- `npm run dev` - Start development server with nodemon
- `npm run lint` - Run ESLint
- `npm run lint:fix` - Run ESLint with auto-fix

### Project Structure

```
src/
├── config/         # Database configuration
├── controllers/    # Route controllers
│   ├── authController.js
│   ├── userController.js
│   └── uploadController.js
├── middleware/     # Custom middleware
│   ├── auth.js
│   └── upload.js
├── models/         # Sequelize models
├── routes/         # Express routes
│   ├── auth.js
│   ├── users.js
│   └── upload.js
├── utils/          # Utility functions
└── server.js       # Main server file
```

### File Upload Details

**Supported File Types:**
- Images: JPEG, JPG, PNG, GIF, WebP
- Documents: PDF, TXT, DOC, DOCX

**Upload Limits:**
- General files: 10MB per file, max 5 files
- Avatar images: 5MB per file, max 1 file
- Avatar images are automatically resized to 200x200px

**Storage Locations:**
- General files: `/app/storage/uploads/`
- Avatar images: `/app/storage/avatars/`