Over the years, I have been able to adopt an interesting approach to register a user as well as log in the user. Am delighted to share a few decision that has worked for me and I find useful and worthwhile. And I hope to get comments and more insight from you guys to further help me learn and become better. Yes, we are all learning.
What we want to do.
I will assume you have an existing understanding of javascript, node js, express, and MongoDB. we want to set up a platform whereby a user can register as well as login to there account
Main Dependencies
- Nodejs must be installed
- Mongo DB
- Passport
- Babel
- JSON WEB TOKEN
Overview of dependencies, project structuring.
The src folder contains the source file of the project. the purpose of each of the subfolders will be explained subsequently.
The package.json file and the basic dependencies
A config folder to help specify variables required click here to have a better understanding of how the environment variables are loaded. here is the default config file.
Server.js file
Where we will be starting our development server
On a successful server setup in your console, you should have this logged.
Now that the server is up and running let write some code, let create a register model (create a register.model .js file) and put in the following
Now let create our register controller (create a register.controller.js file)
Now let create our route
Guys, we are still on track now that we have a registered user let create our Login controller and route (create a login.controller.js file)
Let create our login route(create a login.route.js file)
Guys now that we are done let test what we've done so far :
Using Postman (Create a user).
Let try to login with our Email and password :
Wow we finally built An Authentication system with node, express, and MongoDB thank you for your patience
Source code
Top comments (9)
Thanks for sharing your toughs on Authentication, but please don't role your own Authentication/Authorization, instead use battle proved solutions in the community.
Why, you may ask?
Because this are very security sensitive things that can easily go wrong, like you have just have done here in your solution.
What did I do wrong?
Well to start with you should NEVER return the user data like the password hash, this is a terribly bad thing to do from any perspective you may look into it, plus returning the
_id
is also not advisable.Some other things are not quite ok as well, but I let that as an exercise for you to figure out. To help you with that I recommend you to read the OWASP API Security Top 10, and afterwards I hope that you will see that you are incurring in some of the top 10 security risks.
That's a good example of an Authentication with nodejs and mongoDB, I just use bcrypt to encrypt the password, this way, you don't work with a plain password but only with encrypted passwords.
Please read my reply to see why you shouldn't roll your own Authentication, and why this is not a good example of doing it.
Can i know your icon and color theme
Hello αвιηαѕн, I use Webstorm IDE (WebStorm Material Theme)
I also use Webstorm but how can I find that icon theme and editor theme?
install Material Theme
Hi Adeeyo, thanks for the post. It will help if you can use code blocks instead of images for your code. This will make it easier for people to copy the code if they want to do so.
Hi, Sarah thanks for your feedback, Noted.
Some comments have been hidden by the post's author - find out more