Hey there! I’m Yatharth Kumar Saxena, and over the last 30 days I hand-crafted a production-grade authentication service (🌟 296 commits, 4500+ lines of handwritten code). Now I’m opening the doors so the community can push it even further.
- 📖 Introduction (#-introduction)
- 🛠️ What Went In (#-what-went-in)
- 🧩 Current Architecture (#-current-architecture)
- 🗂️ Folder Structure (#-folder-structure)
- 🧑💻 Open Contribution Areas (#-open-contribution-areas)
- 🤝 How to Contribute (#-how-to-contribute)
- ⚙️ Tech Stack & Principles (#-tech-stack--principles)
- 🎯 Final Takeaway (#-🎯-final-takeaway)
This repository is purely for external contributions. Think of it as the public workshop where we co-create new features, squash bugs, and polish the architecture. The original solo build lives here.
“System fails. Design survives.” — YKS
- ⏳ 30 days of focused backend design & development.
- ✅ 296 commits — every thought versioned.
- 📄 4500+ lines of handwritten code (excluding Express.js boilerplate).
- 🧠 17 APIs · JWT auth · device-aware sessions · rate limiting · single-admin model.
Design Principles: SOLID · DRY · YAGNI · KISS
Design Patterns: Singleton · Factory · Template Method · Strategy · Chain-of-Responsibility
The service is microservice-ready and battle-tested for scalability.
Total files: 60+ (source, configs, docs, tests excluding node_modules folder)
| 📁 /folder | 🏷️ Description |
|---|---|
configs/ |
🛠️ Environment & token configs |
controllers/ |
🧩 Route logic & orchestration |
middlewares/ |
🔗 Auth, role, rate-limit chains |
models/ |
🗄️ Mongoose schemas |
rate-limiters/ |
⏱️ Custom limiter factories |
services/ |
⚙️ Business logic abstractions |
utils/ |
🧰 Helper utilities |
README.md |
🗺️ You are here! |
Every sub-folder contains its own README.md with deeper details. 📝
-
OTP Verification Workflow 📲
Goal: After sign-up,isActivestays false until user verifies a 6-digit OTP (email/SMS).
Controller should wait up to 30 s for verification; else user re-requests OTP.
Clean, modular design (consider pluggable microservice vs internal API). -
Forgot-Password API 🔑
Secure token/OTP flow → password reset. -
Enhanced Logging 📈
Structured logs, trace IDs, winston/pino integration. -
Performance & Reliability ⚡
Caching, graceful shutdowns, horizontal scalability ideas. -
Bug Fixes / Refactors 🐞
Anything that boosts maintainability, reliability, or availability.
Contributions must align with existing HLD/LLD and follow design principles.
- Fork this repo ➜ create a feature branch.
- Run
npm install& rename.env.sample➜.env. - Write clean, commented code + unit tests.
- Create a PR referencing an open issue.
- Fill out the PR template (design rationale, test evidence).
Note: First-time OSS contributors welcome! 🙌
- Node.js + Express.js (REST)
- MongoDB/Mongoose (TTL indexes for cleanup)
- JWT (access & refresh)
- Cron jobs (log & account cleanup)
- Rate Limiting (device/user aware)
Design mantra: clean code, clear contracts, scalable architecture.
This project started as my personal deep-dive into system design. Now it’s our playground to experiment, learn, and craft production-ready auth-tech together. Your smallest PR or biggest refactor — everything counts.
Looking forward to your valuable contributions! 🙏