Fake authentication API for development and testing environments. Ideal for quick integrations with frontends or microservices that require login/logout/verify without implementing a real authentication system.
- Login and Logout with cookies or Bearer token.
- Session verification (
/auth/verify). - User listing without passwords.
- Audit logs for every login/logout.
- In-memory sessions (Map).
git clone https://github.com/manubravo/mock-auth
cd mock-auth
npm installnpm startBy default, it listens on http://localhost:4000.
Returns all available users without passwords.
💡 Useful to see which users are available for testing.
Body:
{
"email": "superadmin@test.com",
"password": "test"
}Response:
{
"token": "uuid-token",
"user": {
"id": "1",
"email": "superadmin@test.com",
"role": "superadmin"
}
}📝 Also sets a
sessionTokencookie.
Closes the current session and deletes the token.
- Supports:
- Header:
Authorization: Bearer <token> - Cookie:
sessionToken
- Header:
Checks if a session is valid.
- Supports:
- Header:
Authorization: Bearer <token> - Cookie:
sessionToken
- Header:
Response if valid:
{
"valid": true,
"user": {
"id": "1",
"email": "superadmin@test.com",
"role": "superadmin"
}
}Returns all login/logout audit logs.
| ID | Password | Role | |
|---|---|---|---|
| 1 | superadmin@test.com | test | superadmin |
| 2 | admin1@test.com | test | admin |
| 3 | admin2@test.com | test | admin |
| 4 | editor@test.com | test | editor |
- Sessions managed with
Map()(no persistence). - UUID v4 tokens.
- HTTP Only cookies for better security.
- Middleware for parsing
bodyandcookies.
- Node.js + Express
- UUID for tokens
body-parserandcookie-parser
This API must not be used in production. It does not hash passwords or implement protection against common attacks (CSRF, Brute Force, etc). For testing or quick integration in local projects