Table of Contents
For this series, I'm following an excellent video tutorial fromTraversy Media
Introduction
To get started with user registration and authentication, we'll begin by installing the necessary dependencies. Specifically, we'll use thebcryptjs library to securely store user passwords as hashes, and thejsonwebtoken library to generate JSON Web Tokens (JWT) for user authentication.
Install Dependencies
Firstly, let's install the required libraries:
npmibcryptjsnpmijsonwebtokenGenerate JWT Token
In this step, we are creating a function to generate a JWT token to use later. Write this function inuserController.js file.
constjwt=require("jsonwebtoken");constbcrypt=require("bcryptjs");constasyncHandler=require("express-async-handler");constUser=require("../models/userModel");// Generate JWTconstgenerateToken=(id)=>{returnjwt.sign({id},process.env.JWT_SECRET,{expiresIn:"30d"});};Don't forget to initialize theJWT_SECRET variable in your.env file. You can choose any suitable value for it.
Register User
Now, we'll write down the logic for registering a user inuserController.js file.
constregisterUser=asyncHandler(async(req,res)=>{const{name,email,password}=req.body;if(!name||!email||!password){res.status(400);thrownewError("Please add all fields");}// check if user existsconstuserExists=awaitUser.findOne({email});if(userExists){res.status(400);thrownewError("User already exists");}// create hash passwordconstsalt=awaitbcrypt.genSalt(10);consthashedPassword=awaitbcrypt.hash(password,salt);// create userconstuser=awaitUser.create({name,email,password:hashedPassword,});if(user){res.status(201).json({_id:user.id,name:user.name,email:user.email,token:generateToken(user._id),});}else{res.status(400);thrownewError("Invalid user data");}});Let's test the registration process using Postman and ensure everything works as expected.
And it'll show an error if you try to add the same user again.
Authenticate User
To enable authentication for a registered user, we will implement a 'Login User' function within theuserController file, which will involve verifying the user's identity by comparing their provided email and password.
constloginUser=asyncHandler(async(req,res)=>{const{email,password}=req.body;if(!email||!password){res.status(400);thrownewError("Please add all fields");}// Check for user emailconstuser=awaitUser.findOne({email});if(user&&(awaitbcrypt.compare(password,user.password))){res.json({_id:user.id,name:user.name,email:user.email,token:generateToken(user._id),});}else{res.status(400);thrownewError("Invalid credentials");}});Let's test the login process with correct and incorrect credentials.
In the next article, we'll work on Authentication Middleware and also create a new API to get logged-in user data.
Connect with me
Top comments(8)
- Joined
Thank you for sharing this is what I am goign to use for my project
Do you know how to add a middleware to routes ?
- Email
- LocationLondon, United Kingdom
- EducationMCS
- Pronounsshe/her
- WorkFinding work
- Joined
I'm glad that it is helpful for you.
I am going to write about middleware in my next blog but you can also checkthis video.
- Joined
Thank you very much for the video link it was helpful because I was stuck on how to use the token
I know Traversy Media from Packt Publishing site, Brad is a very good tutor
So I have been able to finish a first version of a project API
You can find it onmy GitHub
I am thinking about writing a tutorial on how I am coding it, it was inspired by Medusajs early versions
- Email
- LocationLondon, United Kingdom
- EducationMCS
- Pronounsshe/her
- WorkFinding work
- Joined
Certainly, it's a great idea to explore that topic in writing.
- EducationBachelor of Physics and Computer Science
- WorkSenior Full stack Developer
- Joined
good job 👏👏
Nice series of tutorial. I'm adding this here as an intro, abouthow to secure APIs in node, using Basic Authentication, API Keys and JWT tokens. JWT tokens are definitely the best, especially for jam-stack apps.
- Email
- LocationLondon, United Kingdom
- EducationMCS
- Pronounsshe/her
- WorkFinding work
- Joined
For this series, I used MongoDB.
For further actions, you may consider blocking this person and/orreporting abuse
