This codebase is not production ready and is intended for internal use only. It has not undergone a full security audit and should not be used in production environments without proper review and testing.
A reusable Node.js backend service for WebAuthn/Passkey authentication.
- WebAuthn/Passkey registration and authentication
- JWT-based session management
- Redis integration for session management
- Rate limiting and security headers
- Modular architecture for easy extension
src/
├── config/ # Configuration files
├── controllers/ # Request handlers
├── middleware/ # Express middleware
├── models/ # Data models
├── routes/ # Route definitions
├── services/ # Business logic
├── utils/ # Utility functions
├── app.js # Express application setup
└── server.js # Server entry point
- Node.js >= 16.0.0
- Yarn or npm
- Redis instance (for session management)
- Clone the repository
- Install dependencies:
yarn install - Copy the example environment file and update with your values:
cp .env.example .env - Start the development server:
yarn dev
Create a .env file with the following variables:
API_BASE_URL=https://your-api-domain.com
API_RP_ID=your-rp-id
JWT_SECRET=your-jwt-secret
UPSTASH_REDIS_URL=your-redis-url
UPSTASH_REDIS_TOKEN=your-redis-token
yarn test
For development with watch mode:
yarn test:watch
yarn lint
The application is designed to be deployed to any Node.js hosting environment. For production deployment:
- Set
NODE_ENV=productionin your environment - Use a process manager like PM2 or Docker
- Set up HTTPS (required for WebAuthn)
- Configure a reverse proxy if needed
This project implements several security features including:
- Rate limiting
- Security headers
- JWT session management
- CORS protection
For detailed security documentation, see SECURITY.md.
ISC