Authentication Boilerplate Monorepo

A starting point for custom authentication without magic libraries. This monorepo provides:

• A Fastify API using JWT refresh tokens, accepting credentials via the Authorization header or a token cookie.
• A Next.js 14 Frontend with server/client authentication, middleware revalidation, and Axios interceptors.
• Shared Zod schemas via the @repo/schemas package.
• Turborepo for local package sharing and scripting.

API

Built with Fastify, the API handles auth using:

• Type Validation: Zod
• ORM: Drizzle with PostgreSQL
• Mailing: Resend & React Email
• Encryption: bcrypt
• Caching: Redis

Documentation is available on the following API routes:

• Scalar UI for a modern interface at /docs
• Swagger for the classic one at /reference

Frontend

The frontend leverages Next.js 14 for seamless server/client authentication, with revalidation in middleware and auth interceptors powered by Axios.

Authentication Flow

Users authenticate via JWT refresh tokens. Supported actions include:

• Password reset (authenticated and "forgot password")
• Email confirmation before signup
• Account deletion
• Display name updates

Development Setup

Begin by configuring your environment. Rename and update the provided .env.example files:

• Global secrets: .env.example for DB, Redis, etc.
• API secrets: apps/server/.env.example for JWT signing keys and API keys.
• Next.js variables: apps/web/.env.example.

Next, spin up your Postgres and Redis databases with Docker Compose:

docker compose up

Install dependencies and run database migrations:

npm install
npm run migrate

Finally, start the development server:

npm run dev