The Auth service is the identity backbone of Shop Microservers. It exposes two public endpoints — registration and login — and issues signed JWTs that every other protected service (cart, orders) uses to identify the caller. Passwords are never stored in plain text; they are hashed with bcrypt before being persisted to PostgreSQL. Once a token is issued, the Auth service is not involved in subsequent requests — downstream services verify the JWT independently using the sharedDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/astrxnomo/shop-microservers/llms.txt
Use this file to discover all available pages before exploring further.
JWT_SECRET.
Overview
Runtime
Express on port 3004 inside Docker. Gateway prefix:
/api/auth/.Database
PostgreSQL — database name
auth_db. Schema managed by Prisma.Key Dependencies
bcryptjs, jsonwebtoken, zod, @prisma/clientAuthentication
No auth required on any Auth service endpoint — these are the entry points for obtaining a token.
Endpoints
| Method | Path | Auth | Description |
|---|---|---|---|
| POST | /register | None | Create a new user account |
| POST | /login | None | Authenticate and receive a JWT |
All Auth endpoints are reachable through the gateway at
/api/auth/register and /api/auth/login.Data Model
The service has a singleUser model managed by Prisma:
passwordHash field stores the bcrypt output (salt rounds: 10). The plain-text password is never persisted.
Input Validation
Both endpoints share the same Zod schema:400 before reaching the service layer.
JWT Details
Tokens are produced by theissueToken helper inside auth.service.ts:
| Property | Value |
|---|---|
| Algorithm | HS256 (default for jsonwebtoken) |
| Secret | JWT_SECRET environment variable |
| Expiry | 7 days |
| Payload | { sub: userId, email } |
Using Tokens in Other Services
After login or registration, store the returned token and attach it as a Bearer token to every request that requires authentication:sub (the user’s ID) from the decoded JWT to scope data to the correct user.
Response Shape
A successful registration or login response follows the platform-wide envelope:Service Implementation
Error Cases
| HTTP Status | Condition |
|---|---|
400 | Request body fails Zod validation |
401 | Email not found or password does not match |
409 | Email address is already registered |
API Reference
POST /register
Create a new user account and receive a JWT.
POST /login
Authenticate an existing user and receive a JWT.