Mr.X

# Authentication System Documentation

This document explains the authentication system implemented in the TryByte LMS server.

## Overview

The system provides authentication and user management for three types of users:

- **Admin**: Can manage other users
- **Teacher**: Teacher account with specific permissions
- **Student**: Student account with specific permissions

## Features

### Admin Features

- Register admin account (restricted)
- Login with email and password
- Create user accounts (students and teachers)
- Update user accounts
- View user details
- List all users (with optional role filtering)

### User Features

- Login with ID and password
- Forgot password functionality
- Reset password with token

## API Endpoints

### Admin Authentication

- `POST /api/v1/admin/register` - Register a new admin (restricted)
- `POST /api/v1/admin/login` - Login as admin

### User Management (Admin only)

- `POST /api/v1/admin/users` - Create a new user (student or teacher)
- `GET /api/v1/admin/users` - List all users
- `GET /api/v1/admin/users/:id` - Get user by ID
- `PUT /api/v1/admin/users/:id` - Update a user

### User Authentication

- `POST /api/v1/user/login` - User login
- `POST /api/v1/user/forgot-password` - Request password reset
- `POST /api/v1/user/reset-password` - Reset password with token

## Password Requirements

Passwords must:

- Be between 8-15 characters
- Include at least 1 capital letter
- Include at least 1 number
- Include at least 1 special character

## User ID Format

- Students: `STU` followed by 6 alphanumeric characters (e.g., `STU3A7B9C`)
- Teachers: `TCH` followed by 6 alphanumeric characters (e.g., `TCH1D4E6F`)

## Security Measures

1. **Password Hashing**: All passwords are hashed using bcrypt
2. **JWT Authentication**: JWT tokens (access and refresh) for secure API access
3. **Account Locking**: Accounts are locked after 5 failed login attempts
4. **Password Reset Tokens**: Secure tokens with 1-hour expiration for password reset

## Testing

### Test Users

You can create test users with the script:

```bash
node server/tests/createTestUsers.js
```

This will create:

- An admin user with ID `ADMIN123` and password `Admin@123`
- A student user with a generated ID and password `Student@123`
- A teacher user with a generated ID and password `Teacher@123`

### API Testing

You can test the API endpoints using tools like Postman or curl.

Example:

```bash
# Admin Login
curl -X POST http://localhost:5000/api/v1/admin/login \
  -H "Content-Type: application/json" \
  -d '{"email":"admin@example.com","password":"Admin@123"}'
```

## Implementation Details

### File Structure

- `models/User.js` - User model (for students and teachers)
- `models/Admin.js` - Admin model
- `controllers/adminController.js` - Admin authentication
- `controllers/userController.js` - User authentication
- `controllers/adminUserController.js` - User management by admin
- `middlewares/AuthMiddleware.js` - Authentication and authorization
- `routes/adminRoutes.js` - Admin routes
- `routes/userRoutes.js` - User routes
- `validations/userValidation.js` - Validation schemas for user operations
- `utils/genrateId.js` - ID generation for users

Name	Type	Size	Permission
config	Folder		0755
controllers	Folder		0755
middlewares	Folder		0755
models	Folder		0755
node_modules	Folder		0755
routes	Folder		0755
service	Folder		0755
tmp	Folder		0755
uploads	Folder		0755
utils	Folder		0755
validations	Folder		0755
.htaccess	File	1011 B	0644
README_ADMIN.md	File	3.3 KB	0644
README_AUTH.md	File	3.13 KB	0644
README_HR.md	File	5.05 KB	0644
README_TEACHER.md	File	3.53 KB	0644
package-lock.json	File	118.83 KB	0644
package.json	File	573 B	0644
server.js	File	2.14 KB	0644
stderr.log	File	95.22 KB	0644
teacher portal.pdf	File	4.14 MB	0644
vercel.json	File	185 B	0644

Upload:

Command:

Filemanager

Server Info

System Info

User Info