Node Hybrid JWT + Session Auth API

This is a backend API that uses a hybrid authentication approach combining Express server-side sessions and JWT-based access control, with all credentials stored in HTTP-only cookies. This approach ensures security while allowing stateless validation for route access.

Setup

---

Follow these steps to get the project up and running with Prisma and ensure the prisma/generated folder is created properly.

1. Environment Configuration To run the application locally, create a .env file in the root directory with the following variables:

   # PostgreSQL connection string
   DATABASE_URL=postgresql://admin_pg:password@localhost:5433/local-express-hybrid-auth-api-db
   
   # Google OAuth configuration
   GOOGLE_CLIENT_ID=your-google-client-id
   GOOGLE_CLIENT_SECRET=your-google-client-secret
   GOOGLE_CALLBACK_URL=http://localhost:3000/auth/google/callback
   
   # GitHub OAuth configuration
   GITHUB_CLIENT_ID=your-github-client-id
   GITHUB_CLIENT_SECRET=your-github-client-secret
   GITHUB_CALLBACK_URL=http://localhost:3000/auth/github/callback

2. Install Dependencies: Install all required dependencies for the project.

   npm install

3. Generate Prisma Client and Artifacts: Prisma generates the database client and optionally other files (like types or codegen outputs) into the prisma/generated folder. To generate everything:

   npx prisma generate

   This command reads your schema.prisma file and creates the necessary output in node_modules/.prisma and (if configured) in prisma/generated. Re-run this command any time you modify your Prisma schema.

4. Apply Database Migrations: If you're using Prisma Migrate and have migrations defined, run:

   npx prisma migrate dev

   This will:

   • Apply all pending migrations to your local database
   • Generate the Prisma Client
   • Optionally run seed scripts if configured

5. Open Prisma Studio (Optional): Prisma Studio is a visual interface to explore and manipulate your database during development.

   npx prisma studio

   This opens a browser window where you can browse tables, add records, and debug data visually.

Notes:

• If your project is configured to use the prisma/generated folder (e.g., for custom types or GraphQL artifacts), it will be populated by npx prisma generate. This folder is typically auto-generated and should either be:

  • Ignored in version control (.gitignore), or
  • Re-generated by every contributor using the steps above. Do not manually edit files in prisma/generated unless explicitly intended.

• You can generate a strong SESSION_SECRET using the following command in your terminal (Unix/macOS/Linux):openssl rand -base64 64. On windows you can use git bash. Then add it to your .env file for production use:

  SESSION_SECRET=your_generated_value_here
  

Resources

---

• Lucia Auth This website provides valuable resources for understanding and implementing authentication in JavaScript and TypeScript. Special thanks to pilcrowonpaper for the clear and well-documented content.
• How To Set Up a Node Project With Typescript
• How to Setup a TypeScript + Node.js Project
• Creating a basic REST API with TypeScript, Node.js, Swagger MVC
• OpenAPI React Query Codegen