Skip to content

Security: om-dev007/Velnixa-Backend

Security

docs/security.md

Security Documentation

Authentication Flow

Register
 ↓
Generate OTP
 ↓
Send Email
 ↓
Verify OTP
 ↓
Account Activated

Login Flow

User Login
 ↓
Validate Credentials
 ↓
Generate Access Token
 ↓
Generate Refresh Token
 ↓
Store Session
 ↓
Response

Refresh Token Flow

Access Token Expired
 ↓
Rotate Token API
 ↓
Validate Refresh Token
 ↓
Generate New Access Token
 ↓
Generate New Refresh Token
 ↓
Update Session
 ↓
Response

Logout Flow

Logout
 ↓
Delete Session
 ↓
Clear Cookie
 ↓
Success

Authorization

Request
 ↓
authMiddleware
 ↓
JWT Validation
 ↓
Protected Route

Admin Authorization

Request
 ↓
authMiddleware
 ↓
adminMiddleware
 ↓
Admin Route Access

Security Features

  • JWT Authentication
  • HTTP Only Cookies
  • Password Hashing (Bcrypt)
  • OTP Verification
  • Refresh Token Rotation
  • Session Tracking
  • Role Based Access Control
  • Protected Routes

There aren't any published security advisories