DEV Community

Adeeyo adewale temitayo
Adeeyo adewale temitayo

Posted on

Build An Authentication system with node, express, and MongoDB

Over the years, I have been able to adopt an interesting approach to register a user as well as log in the user. Am delighted to share a few decision that has worked for me and I find useful and worthwhile. And I hope to get comments and more insight from you guys to further help me learn and become better. Yes, we are all learning.

What we want to do.

I will assume you have an existing understanding of javascript, node js, express, and MongoDB. we want to set up a platform whereby a user can register as well as login to there account

Main Dependencies

  1. Nodejs must be installed
  2. Mongo DB
  3. Passport
  4. Babel
  5. JSON WEB TOKEN

Overview of dependencies, project structuring.

The src folder contains the source file of the project. the purpose of each of the subfolders will be explained subsequently.

Screen Shot 2019-10-24 at 9.08.20 PM.png

The package.json file and the basic dependencies

Screen Shot 2019-10-24 at 9.48.26 PM.png

A config folder to help specify variables required click here to have a better understanding of how the environment variables are loaded. here is the default config file.

Screen Shot 2019-10-24 at 9.53.09 PM.png

Server.js file
Where we will be starting our development server

Screen Shot 2019-10-24 at 9.56.48 PM.png

On a successful server setup in your console, you should have this logged.

Screen Shot 2019-10-24 at 9.59.50 PM.png

Now that the server is up and running let write some code, let create a register model (create a register.model .js file) and put in the following

Screen Shot 2019-10-24 at 10.02.33 PM.png

Now let create our register controller (create a register.controller.js file)

Screen Shot 2019-10-24 at 10.05.06 PM.png

Screen Shot 2019-10-24 at 10.05.43 PM.png

Now let create our route

Screen Shot 2019-10-24 at 10.10.48 PM.png

Guys, we are still on track now that we have a registered user let create our Login controller and route (create a login.controller.js file)

Screen Shot 2019-10-24 at 10.15.00 PM.png

Screen Shot 2019-10-24 at 10.15.32 PM.png

Let create our login route(create a login.route.js file)

Screen Shot 2019-10-24 at 10.17.41 PM.png

Guys now that we are done let test what we've done so far :
Using Postman (Create a user).

Screen Shot 2019-10-24 at 10.28.47 PM.png

Screen Shot 2019-10-24 at 10.30.50 PM.png

Let try to login with our Email and password :

Screen Shot 2019-10-24 at 10.32.25 PM.png

Screen Shot 2019-10-24 at 10.33.03 PM.png

Wow we finally built An Authentication system with node, express, and MongoDB thank you for your patience
Source code

Top comments (9)

Collapse
 
exadra37 profile image
Info Comment hidden by post author - thread only accessible via permalink
Paulo Renato

Thanks for sharing your toughs on Authentication, but please don't role your own Authentication/Authorization, instead use battle proved solutions in the community.

Why, you may ask?

Because this are very security sensitive things that can easily go wrong, like you have just have done here in your solution.

What did I do wrong?

Well to start with you should NEVER return the user data like the password hash, this is a terribly bad thing to do from any perspective you may look into it, plus returning the _id is also not advisable.

Some other things are not quite ok as well, but I let that as an exercise for you to figure out. To help you with that I recommend you to read the OWASP API Security Top 10, and afterwards I hope that you will see that you are incurring in some of the top 10 security risks.

Collapse
 
corelhas profile image
Carlos Orelhas

That's a good example of an Authentication with nodejs and mongoDB, I just use bcrypt to encrypt the password, this way, you don't work with a plain password but only with encrypted passwords.

Collapse
 
exadra37 profile image
Info Comment hidden by post author - thread only accessible via permalink
Paulo Renato

Please read my reply to see why you shouldn't roll your own Authentication, and why this is not a good example of doing it.

Collapse
 
abinash393 profile image
Abinash Panda

Can i know your icon and color theme

Collapse
 
dev_tycodez profile image
Adeeyo adewale temitayo

Hello αвιηαѕн, I use Webstorm IDE (WebStorm Material Theme)

Collapse
 
abinash393 profile image
Abinash Panda

I also use Webstorm but how can I find that icon theme and editor theme?

Thread Thread
 
dev_tycodez profile image
Adeeyo adewale temitayo

install Material Theme

Collapse
 
sarah_chima profile image
Sarah Chima

Hi Adeeyo, thanks for the post. It will help if you can use code blocks instead of images for your code. This will make it easier for people to copy the code if they want to do so.

Collapse
 
dev_tycodez profile image
Adeeyo adewale temitayo

Hi, Sarah thanks for your feedback, Noted.

Some comments have been hidden by the post's author - find out more