A Node.js based backend API that provides secure user authentication for Unity applications. It implements bcrypt for password hashing and JWT (JSON Web Tokens) for token-based authentication. Designed for secure login, this project demonstrates the integration of Unity with a PostgreSQL database using modern security standards.
This project contains two main components:
Client Side: Handles user login and authentication via a Unity frontend.
Server Side: Manages backend logic, database interactions, and token-based authentication using bcrypt and JWT.
The user will need to make a few adjustments to the project to align it with their database configuration and schema.
The server-side includes eight key files responsible for authentication, database communication, and token generation.
File Structure:
/API
|-- .env // Environment variables for database connection and JWT secret.
|-- server.js // Main entry point for starting the server.
|-- db.js // Database connection configuration.
|-- /src
|-- /BankDetails Directory containing all the backend logic related to authentication.
|-- auth.js Handles bcrypt password comparison and JWT token generation.
|-- controller.js Controller for processing incoming requests and sending appropriate responses.
|-- middleware.js Middleware to verify JWT tokens for protected routes.
|-- queries.js SQL queries for database interactions. Contains placeholders for schema and table name.
|-- config.js Configuration file for JWT and bcrypt setup.
|-- generateHashes.js To generate new Hashed passwords if needed.
#Note: hash codes can be generated and furthermore updated in the postgres database by using below mentioned query:
UPDATE <Schema.TableName> SET password_hash = 'Hashed Value' WHERE account_number = 'First account number';
# Edit .env File:
The .env file has been left empty for you to customize based on your own database setup.
You'll need to add the following environment variables:
JWT_SECRET="<Your JWT Secret>"
BCRYPT_SALT_ROUNDS="<Your Salt Rounds>" (Default Bcrypt_Salt_Round = 10)
DB_USER="<Your Database User>"
DB_HOST="<Your Database Host>"
DB_NAME="<Your Database Name>"
DB_PASSWORD="<Your Database Password>"
DB_PORT="<Your Database Port>"
These values will configure your database connection and password hashing mechanism.
# Modify queries.js:
Inside queries.js, replace the placeholders for schema and table names:
"<your Schema.Tablename>"
This needs to be changed to match your own database structure (e.g., public.Users).
const query = SELECT * FROM public.Users WHERE account_number = $1;
The client side is provided in the form of a Unity package that can be directly imported into a Unity project.
Steps to Set Up the Client Side:
Import the Unity Package:
Download the provided Unity package file from this repository.
In Unity, go to Assets > Import Package > Custom Package... and select the package.
This will import the necessary scripts and assets for the login system.
Configure Backend URL:
After importing, ensure the backend URL in the Unity login script points to your server’s endpoint.
Example (in Unity script):
string url = "http://localhost:3000/api/v1/BankDetails";
Update the URL to match your backend's actual address.
Once everything is configured, you can test the login functionality by running the Unity scene and entering valid credentials.
This section outlines the step-by-step process of how the frontend and backend interact during login.
Workflow:
How the Frontend and Backend Work Together
User Interaction (Frontend):
The user launches the Unity application and enters their Account Number and Password in the login screen.
Sending Login Credentials:
Upon clicking "Login," the Unity application sends an HTTP POST request to the backend API (e.g., http://localhost:3000/api/..../login) with the account number and password.
Backend Receives Request:
The backend server receives the POST request, extracts the account number and password from the request body, and queries the database to find the user by account number.
Password Verification:
The backend fetches the hashed password from the database for the provided account number.
The provided password is compared to the stored hashed password using bcrypt.compare().
Authentication:
If the password matches, the backend generates a JWT token, which is signed using the secret from the .env file, and sends the token back to the Unity frontend as a response.
If the password does not match, an error response is returned, and the user is informed that the login failed.
Frontend Receives Token:
The Unity application receives the JWT token if login is successful.
The token can then be used to authenticate further requests or grant access to other parts of the application.
Future Requests:
For any future authenticated requests, the Unity app will attach the JWT token in the headers to prove the user is authenticated.