Live Demos
Fully-functional, in-browser demos powered by StackBlitz WebContainers.
Each example uses an in-memory store so everything works out-of-the-box — no database setup required.
Fill in the .env.example values to connect a real database or enable email/SMS features.
Express (Basic)
The simplest integration: Express + @nik2208/node-auth with HttpOnly JWT cookies, bcrypt password hashing, and an admin panel.
| Stack | Node.js · Express · Vanilla HTML/JS |
| Auth | Register · Login · Logout · /auth/me · Refresh token |
| Database | In-memory |
| Start | npm start |
NestJS Fullstack
NestJS application with AuthModule.forRoot(), JwtAuthGuard, @CurrentUser() decorator, and a static HTML frontend.
| Stack | Node.js · NestJS · TypeScript · ts-node · Vanilla HTML/JS |
| Auth | Register · Login · Logout · /auth/me · Refresh · Protected endpoint |
| Database | In-memory |
| Start | npm start |
Next.js Fullstack (Pages Router)
Full-stack Next.js application with a catch-all /api/auth/[...auth] route, Edge Middleware route protection, and a login + dashboard UI.
| Stack | Node.js · Next.js 15 · TypeScript · React |
| Auth | Register · Login · Logout · Dashboard (protected) · Middleware redirect |
| Database | In-memory |
| Start | npm start (runs next dev) |
Angular SSR (with Guards & Interceptors)
Angular 19 application with Server-Side Rendering, a full auth layer, and all production-ready patterns:
AuthService— user state, login/logout/refresh via HttpOnly cookiesauthInterceptor— CSRF header + automatic token-refresh queue (handles concurrent 401s)authGuard,guestGuard,roleGuard— route protectionAPP_INITIALIZER— silent session restore on page reloadssrCookieInterceptor— forwards browser cookies to the API server during SSR
| Stack | Node.js · Angular 19 SSR · Express (node-auth API) · TypeScript |
| Dev mode | npm start → API server (port 3000) + ng serve (port 4200) with proxy |
| Production | npm run build && npm run serve:ssr |
| Database | In-memory |
Express + Angular SPA
Separate Express API (node-auth) on port 3000 and Angular SPA on port 4200. Angular proxies /auth/* and /admin/* to Express during development.
Same auth patterns as the Angular SSR demo (guards, interceptors, APP_INITIALIZER) — without SSR complexity. In production, Express serves the compiled Angular build.
| Stack | Node.js · Angular 19 · Express (node-auth API) · TypeScript |
| Dev mode | npm start → API server (port 3000) + ng serve (port 4200) with proxy |
| Production | npm run build && npm run serve:prod |
| Database | In-memory |
Using your own database
All demos use InMemoryUserStore by default. To connect a real database, replace it with one of the ready-made stores:
| Database | Guide |
|---|---|
| SQLite | docs/database/sqlite |
| MySQL | docs/database/mysql |
| PostgreSQL | docs/database/postgresql |
| MongoDB | docs/database/mongodb |
Copy the .env.example → .env (or .env.local for Next.js) and set ACCESS_TOKEN_SECRET, REFRESH_TOKEN_SECRET, and your database connection string.
The in-memory store is ephemeral — all registered users are lost when the server restarts. This is intentional for the demos. In production, use a persistent database.