DEV Community: Darshan Somashekar The latest articles on DEV Community by Darshan Somashekar (@darshanbib). https://dev.to/darshanbib https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F327369%2F39693244-2802-41e7-8ce5-3858df8387ff.jpeg DEV Community: Darshan Somashekar https://dev.to/darshanbib en Automated deploys with CodePipeline & Elastic Beanstalk Darshan Somashekar Sun, 25 Apr 2021 14:40:15 +0000 https://dev.to/darshanbib/automated-deploys-with-codepipeline-elastic-beanstalk-24d6 https://dev.to/darshanbib/automated-deploys-with-codepipeline-elastic-beanstalk-24d6 <p>When I launched my <a href="https://spider-solitaire-challenge.com">site</a>, I created a pretty minimal node app (the main game is all client-side, which is not a topic for this post).</p> <p>In the beginning, I simply used a cheap $5 Digital Ocean server, and some homemade scripts to push new code from Github to the server. This worked because I didn't have a need for a super mature workflow.</p> <p>Fast forward a few months, I wanted to launch a new site that focused on Sudoku. Thinking through the architecture, I realized that this site, <a href="https://sudokucraze.com">Sudoku Craze</a>, would have a very similar backend as my original one.</p> <p>However, by this point I had discovered the shortcomings of my initial setup:</p> <ul> <li>Things were brittle. When things didn't work, it was hard to debug.</li> <li>There was a lot of manual setup required to get this pipeline going.</li> </ul> <p>So I began researching how to automate my deployment pipeline. My main goal was to <strong>deploy updates to the site with a single push to the GitHub main branch.</strong></p> <p>To do this, I landed on AWS CodePipeline and AWS Elastic Beanstalk.</p> <p>I'll walk you through how to get this done.</p> <h2> Create the Elastic Beanstalk environment </h2> <p>-This is easy enough. Log into AWS and navigate to <a href="https://console.aws.amazon.com/elasticbeanstalk/home">Elastic Beanstalk</a>.</p> <ul> <li>Click <em>Create a new environment</em>.</li> <li>Now you'll have to configure your environment. In most cases, you will be building a Web server environment. Select that option. <ul> <li>Fill out your application details. First fill out the name. Stick with the Managed image, and then choose the Platform (for me that's <em>Node on 64-bit Amazon Linux 2</em>, latest version).</li> </ul> </li> <li>Next, choose <em>Sample Application</em>. In the next section, we'll demonstrate how to update this.</li> </ul> <p>There are additional, advanced configuration options - like being part of a VPC, having a load-balanced app, etc. If you know what you're doing here you should go ahead and select the correct options. For our purposes, we'll just click <em>Create Environment</em> and keep going.</p> <h2> Set up CodePipeline </h2> <p>Now we'll set up the fun part - automated CI/CD deployments.</p> <ul> <li>Navigate to <a href="https://console.aws.amazon.com/codesuite/codepipeline/home">AWS CodePipeline</a> Click Create Pipeline</li> <li>Name the pipeline. Everything else, keep as default. Click <em>Next</em>.</li> <li>In the next step, you tell CodePipeline where your code is. For me, that's Github. Select <em>Github (Version 2)</em>, and then go through the authentication flow so Github is connected to the pipeline.</li> <li>Then choose your repository and branch that you want CodePipeline to observe. Whenever something is pushed to that repo/branch, CodePipeline will deploy.</li> <li>Everything else, keep as default.</li> <li>For Build Provider, choose <em>CodeBuild</em>.</li> <li>You'll need to create a new project (follow the steps to do so - other than name keep everything else as default).</li> <li>Skip the remaining fields and click <em>Next</em>.</li> <li>Now you'll be at the Deploy stage. This is easy - choose <em>Elastic Beanstalk</em> and then the environment you created in the first section of this article.</li> <li>Once you're done here, review your pipeline and then create it.</li> </ul> <h2> Try it </h2> <p>To see if it works, commit something to your repo. Go to the pipeline in CodePipeline, and you should see the pipeline running. Once it finishes deployment, you should now see the app in your Elastic Beanstalk environment.</p> <p>That's it! This simple set up allowed me to create a lot of easy to use CI/CD pipelines, for Spider, Sudoku, and now <a href="https://mahjong-challenge.com">Mahjong</a>. Thanks for reading!</p> aws node devops User management for Node.js & MySQL using Sequelize and PassportJS Darshan Somashekar Mon, 03 Feb 2020 19:43:33 +0000 https://dev.to/darshanbib/user-management-for-node-js-mysql-using-sequelize-and-passportjs-44kj https://dev.to/darshanbib/user-management-for-node-js-mysql-using-sequelize-and-passportjs-44kj <p>If you come from the Symfony or Django world, you might be surprised that there isn't a major NodeJS framework that comes bundled with a full-stack user authentication and management system. That shouldn't be a surprise, and common frameworks like Express and NextJS are explicitly lightweight, avoiding some of the downsides of having a fat, opinionated framework (bloat, over-configuration, steep learning curve).</p> <p>This tutorial covers how to build a user management framework in Node. I had to write this code when building my card game site, but I extracted &amp; generalized it here for easier consumption. If you want to see how it works, feel free to <a href="https://solitaired.com" rel="noopener noreferrer">check it out</a>.</p> <h2> Main libraries used: </h2> <ul> <li>Node JS (latest)</li> <li>Sequelize ORM</li> <li>MySQL</li> <li>PassportJS</li> </ul> <h2> Steps in this tutorial: </h2> <ol> <li>Install packages](#Install-packages)</li> <li>Set up database</li> <li>Set up app.js</li> <li>Set up registration functionality</li> <li>Set up login functionality</li> </ol> <h2> Install packages </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install</span> <span class="nt">--save</span> sequelize sequelize-cli mysql passport passport-local express-session express mysql-session crypto </code></pre> </div> <p>I'll detail the main libraries here.</p> <ul> <li> <code>sequelize</code>: We use <a href="https://sequelize.org/" rel="noopener noreferrer">Sequelize</a> as the ORM that makes working with MySQL easier. If you use PostGres or MSSQL, this tutorial should work for you too. <code>sequelize-cli</code> is a handy CLI module to run database migrations.</li> <li> <code>passport</code>: This is for <a href="http://www.passportjs.org/" rel="noopener noreferrer">PassportJS</a>, which is a popular node authentication middleware. You should browse its documentation to see how the middleware works. We leverage the <code>passport-local</code> authentication strategy to connect to the backend.</li> <li> <code>express-session</code>, <code>mysql</code>, &amp; <code>express-mysql-session</code>: Session handling for user authentication, as well as the library that connects express session to MySQL directly (<code>express-session</code> doesn't use <code>sequelize</code>, so there's a bit of redundancy here we have to deal with).</li> <li> <code>crypto</code>: For salting and encrypting passwords.</li> </ul> <h2> Set up database </h2> <p>You'll need two tables: one for your user data and one for your session data.</p> <p>First set up <code>sequelize</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>sequelize init </code></pre> </div> <p>This will generate a number of folders in your app, including <code>/config</code>, <code>/migrations</code>, <code>/models</code>, and <code>/seeders</code>. To learn more about these read the <a href="https://sequelize.org/master/manual/migrations.html" rel="noopener noreferrer">sequelize CLI documentation</a>.</p> <p>This also creates a config file. In your config file, update the <code>development</code> block with the credentials to your local mysql database server:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"development"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"username"</span><span class="p">:</span><span class="w"> </span><span class="s2">""</span><span class="p">,</span><span class="w"> </span><span class="nl">"password"</span><span class="p">:</span><span class="w"> </span><span class="s2">"..."</span><span class="p">,</span><span class="w"> </span><span class="nl">"database"</span><span class="p">:</span><span class="w"> </span><span class="s2">"..."</span><span class="p">,</span><span class="w"> </span><span class="nl">"host"</span><span class="p">:</span><span class="w"> </span><span class="s2">"..."</span><span class="p">,</span><span class="w"> </span><span class="nl">"dialect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"mysql"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"test"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">...</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"production"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">...</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h3> Create Users table </h3> <p>Run the following command:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>sequelize model:create <span class="nt">--name</span> User <span class="nt">--attributes</span> first_name:string,last_name:string,email:string,role:enum:<span class="se">\{</span>admin,user<span class="se">\}</span>,salt:string,password:string,last_login:date </code></pre> </div> <p>This generates a migration in <code>/migrations/</code>, and a model, in <code>/models/user.js</code>, for the Users table.</p> <p>To create the database table, you must now run the migration.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>sequelize db:migrate </code></pre> </div> <p>(<em>Note: if you ever want to undo this migration, you can run <code>sequelize db:migrate:undo</code> and it runs the commands listed in the <code>down</code> section of the migration file.</em>)</p> <p>In your MySQL client, you should see a table named <strong>Users</strong> in your development database:<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fzz1i2dqdjchei8vfvxgm.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fzz1i2dqdjchei8vfvxgm.png" alt="User table data"></a></p> <p>You'll see that most of the fields there have been defined in <code>sequelize</code> command above.</p> <p>There are also a few fields (<code>id</code>, <code>createdAt</code>, <code>updatedAt</code>) that are fields that Sequelize uses when managing data. Leave these there.</p> <h3> Create Sessions table </h3> <p>PassportJS and 'express-session' support non-persistent sessions out of the box. However, in reality you probably want persistent sessions, so we're going to describe how to do that here. If you don't want persistent sessions you can skip this section.</p> <p>Since <code>express-session</code> is agnostic, you need to pick a backend. As we're using MySQL here, we'll go with <code>express-mysql-session</code>. <code>express-mysql-session</code> works directly with MySQL (not Sequelize) so we have to create the sessions table directly.</p> <p>In your MySQL client, run the following query:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">TABLE</span> <span class="nv">`sessions`</span> <span class="p">(</span> <span class="nv">`session_id`</span> <span class="nb">varchar</span><span class="p">(</span><span class="mi">128</span><span class="p">)</span> <span class="nb">CHARACTER</span> <span class="k">SET</span> <span class="n">utf8mb4</span> <span class="k">COLLATE</span> <span class="n">utf8mb4_bin</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="nv">`expires`</span> <span class="nb">int</span><span class="p">(</span><span class="mi">11</span><span class="p">)</span> <span class="nb">unsigned</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="nv">`data`</span> <span class="nb">text</span> <span class="nb">CHARACTER</span> <span class="k">SET</span> <span class="n">utf8mb4</span> <span class="k">COLLATE</span> <span class="n">utf8mb4_bin</span><span class="p">,</span> <span class="k">PRIMARY</span> <span class="k">KEY</span> <span class="p">(</span><span class="nv">`session_id`</span><span class="p">)</span> <span class="p">)</span> <span class="n">ENGINE</span><span class="o">=</span><span class="n">InnoDB</span> <span class="k">DEFAULT</span> <span class="n">CHARSET</span><span class="o">=</span><span class="n">utf8mb4</span> <span class="k">COLLATE</span><span class="o">=</span><span class="n">utf8mb4_0900_ai_ci</span><span class="p">;</span> </code></pre> </div> <h2> Set up app.js </h2> <p>Add the necessary modules to app.js:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">var</span> <span class="nx">crypto</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">crypto</span><span class="dl">'</span><span class="p">);</span> <span class="kd">var</span> <span class="nx">mysql</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">mysql</span><span class="dl">'</span><span class="p">);</span> <span class="kd">var</span> <span class="nx">session</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">"</span><span class="s2">express-session</span><span class="dl">"</span><span class="p">);</span> <span class="kd">var</span> <span class="nx">MySQLStore</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">express-mysql-session</span><span class="dl">'</span><span class="p">)(</span><span class="nx">session</span><span class="p">);</span> <span class="kd">var</span> <span class="nx">passport</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">passport</span><span class="dl">'</span><span class="p">)</span> <span class="p">,</span> <span class="nx">LocalStrategy</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">passport-local</span><span class="dl">'</span><span class="p">).</span><span class="nx">Strategy</span><span class="p">;</span> </code></pre> </div> <p>Create a MySQL connection here and instantiate the session store.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">var</span> <span class="nx">connection</span> <span class="o">=</span> <span class="nx">mysql</span><span class="p">.</span><span class="nf">createConnection</span><span class="p">({</span> <span class="na">host</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">SESSIONSDB_HOST</span><span class="p">,</span> <span class="na">port</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">SESSIONSDB_PORT</span><span class="p">,</span> <span class="na">user</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">SESSIONSDB_USER</span><span class="p">,</span> <span class="na">password</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">SESSIONSDB_PASS</span><span class="p">,</span> <span class="na">database</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">SESSIONSDB_DB</span> <span class="p">});</span> <span class="kd">var</span> <span class="nx">sessionStore</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">MySQLStore</span><span class="p">({</span> <span class="na">checkExpirationInterval</span><span class="p">:</span> <span class="nf">parseInt</span><span class="p">(</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">SESSIONSDB_CHECK_EXP_INTERVAL</span><span class="p">,</span> <span class="mi">10</span><span class="p">),</span> <span class="na">expiration</span><span class="p">:</span> <span class="nf">parseInt</span><span class="p">(</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">SESSIONSDB_EXPIRATION</span><span class="p">,</span> <span class="mi">10</span><span class="p">)</span> <span class="p">},</span> <span class="nx">connection</span><span class="p">);</span> </code></pre> </div> <p>Set up the session middleware:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="cm">/* Create a cookie that expires in 1 day */</span> <span class="kd">var</span> <span class="nx">expireDate</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Date</span><span class="p">();</span> <span class="nx">expireDate</span><span class="p">.</span><span class="nf">setDate</span><span class="p">(</span><span class="nx">expireDate</span><span class="p">.</span><span class="nf">getDate</span><span class="p">()</span> <span class="o">+</span> <span class="mi">1</span><span class="p">);</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nf">session</span><span class="p">({</span> <span class="na">resave</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">saveUninitialized</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">secret</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">SESSIONSDB_SECRET</span><span class="p">,</span> <span class="na">store</span><span class="p">:</span> <span class="nx">sessionStore</span><span class="p">,</span> <span class="na">cookie</span><span class="p">:</span> <span class="p">{</span> <span class="na">expires</span><span class="p">:</span> <span class="nx">expireDate</span> <span class="p">}</span> <span class="p">}));</span> </code></pre> </div> <p>Initialize the PassportJS library:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nx">passport</span><span class="p">.</span><span class="nf">initialize</span><span class="p">());</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nx">passport</span><span class="p">.</span><span class="nf">session</span><span class="p">());</span> </code></pre> </div> <h2> Set up the registration route </h2> <p>Now that we're all set up, let's get cooking.</p> <h3> Create a user.js file </h3> <p>First create a <code>user.js</code> file in your <code>routes</code> folder. In addition to requiring the express and router boilerplate, include the following modules:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">var</span> <span class="nx">crypto</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">crypto</span><span class="dl">'</span><span class="p">);</span> <span class="kd">var</span> <span class="nx">passport</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">passport</span><span class="dl">'</span><span class="p">)</span> <span class="p">,</span> <span class="nx">LocalStrategy</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">passport-local</span><span class="dl">'</span><span class="p">).</span><span class="nx">Strategy</span><span class="p">;</span> <span class="kd">var</span> <span class="nx">User</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">../models</span><span class="dl">'</span><span class="p">).</span><span class="nx">User</span><span class="p">;</span> </code></pre> </div> <p>Instantiate the Passport LocalStrategy middleware:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">passport</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="k">new</span> <span class="nc">LocalStrategy</span><span class="p">({</span> <span class="na">usernameField</span><span class="p">:</span> <span class="dl">'</span><span class="s1">email</span><span class="dl">'</span><span class="p">,</span> <span class="na">passwordField</span><span class="p">:</span> <span class="dl">'</span><span class="s1">password</span><span class="dl">'</span> <span class="p">},</span> <span class="k">async</span> <span class="kd">function</span><span class="p">(</span><span class="nx">email</span><span class="p">,</span> <span class="nx">password</span><span class="p">,</span> <span class="nx">done</span><span class="p">)</span> <span class="p">{</span> <span class="kd">var</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">User</span><span class="p">.</span><span class="nf">findOne</span><span class="p">(</span> <span class="p">{</span> <span class="na">where</span><span class="p">:</span> <span class="p">{</span> <span class="na">email</span><span class="p">:</span> <span class="nx">email</span> <span class="p">}</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="nx">user</span> <span class="o">==</span> <span class="kc">null</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nf">done</span><span class="p">(</span><span class="kc">null</span><span class="p">,</span> <span class="kc">false</span><span class="p">,</span> <span class="p">{</span> <span class="na">message</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Incorrect email.</span><span class="dl">'</span> <span class="p">});</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">user</span><span class="p">.</span><span class="nf">validPassword</span><span class="p">(</span><span class="nx">password</span><span class="p">))</span> <span class="p">{</span> <span class="k">return</span> <span class="nf">done</span><span class="p">(</span><span class="kc">null</span><span class="p">,</span> <span class="kc">false</span><span class="p">,</span> <span class="p">{</span> <span class="na">message</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Incorrect password.</span><span class="dl">'</span> <span class="p">});</span> <span class="p">}</span> <span class="k">return</span> <span class="nf">done</span><span class="p">(</span><span class="kc">null</span><span class="p">,</span> <span class="nx">user</span><span class="p">);</span> <span class="p">}</span> <span class="p">));</span> </code></pre> </div> <p>If you're having any issues, you can also check out the <a href="http://www.passportjs.org/packages/passport-local/" rel="noopener noreferrer">PassportJS Local documentation</a>.</p> <p>Use the following code to make a register route.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="c1">//checks if password has &gt; 8 chars</span> <span class="kd">function</span> <span class="nf">isValidPassword</span><span class="p">(</span><span class="nx">password</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">password</span><span class="p">.</span><span class="nx">length</span> <span class="o">&gt;=</span> <span class="mi">8</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="kc">true</span><span class="p">;</span> <span class="p">}</span> <span class="k">return</span> <span class="kc">false</span><span class="p">;</span> <span class="p">}</span> <span class="c1">//uses a regex to check if email is valid</span> <span class="kd">function</span> <span class="nf">isValidEmail</span><span class="p">(</span><span class="nx">email</span><span class="p">)</span> <span class="p">{</span> <span class="kd">var</span> <span class="nx">re</span> <span class="o">=</span> <span class="sr">/^</span><span class="se">(([^</span><span class="sr">&lt;&gt;()</span><span class="se">\[\]\\</span><span class="sr">.,;:</span><span class="se">\s</span><span class="sr">@"</span><span class="se">]</span><span class="sr">+</span><span class="se">(\.[^</span><span class="sr">&lt;&gt;()</span><span class="se">\[\]\\</span><span class="sr">.,;:</span><span class="se">\s</span><span class="sr">@"</span><span class="se">]</span><span class="sr">+</span><span class="se">)</span><span class="sr">*</span><span class="se">)</span><span class="sr">|</span><span class="se">(</span><span class="sr">".+"</span><span class="se">))</span><span class="sr">@</span><span class="se">((\[[</span><span class="sr">0-9</span><span class="se">]{1,3}\.[</span><span class="sr">0-9</span><span class="se">]{1,3}\.[</span><span class="sr">0-9</span><span class="se">]{1,3}\.[</span><span class="sr">0-9</span><span class="se">]{1,3}\])</span><span class="sr">|</span><span class="se">(([</span><span class="sr">a-zA-Z</span><span class="se">\-</span><span class="sr">0-9</span><span class="se">]</span><span class="sr">+</span><span class="se">\.)</span><span class="sr">+</span><span class="se">[</span><span class="sr">a-zA-Z</span><span class="se">]{2,}))</span><span class="sr">$/</span><span class="p">;</span> <span class="k">return</span> <span class="nx">re</span><span class="p">.</span><span class="nf">test</span><span class="p">(</span><span class="nc">String</span><span class="p">(</span><span class="nx">email</span><span class="p">).</span><span class="nf">toLowerCase</span><span class="p">());</span> <span class="p">}</span> <span class="c1">//renders register view</span> <span class="nx">router</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/register</span><span class="dl">'</span><span class="p">,</span> <span class="kd">function</span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">,</span> <span class="nx">next</span><span class="p">)</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">render</span><span class="p">(</span><span class="dl">'</span><span class="s1">user/register</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="p">});</span> <span class="p">});</span> <span class="c1">//handles register POST</span> <span class="nx">router</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">'</span><span class="s1">/register</span><span class="dl">'</span><span class="p">,</span> <span class="k">async</span> <span class="kd">function</span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">,</span> <span class="nx">next</span><span class="p">)</span> <span class="p">{</span> <span class="kd">var</span> <span class="nx">salt</span> <span class="o">=</span> <span class="nx">crypto</span><span class="p">.</span><span class="nf">randomBytes</span><span class="p">(</span><span class="mi">64</span><span class="p">).</span><span class="nf">toString</span><span class="p">(</span><span class="dl">'</span><span class="s1">hex</span><span class="dl">'</span><span class="p">);</span> <span class="kd">var</span> <span class="nx">password</span> <span class="o">=</span> <span class="nx">crypto</span><span class="p">.</span><span class="nf">pbkdf2Sync</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">.</span><span class="nx">password</span><span class="p">,</span> <span class="nx">salt</span><span class="p">,</span> <span class="mi">10000</span><span class="p">,</span> <span class="mi">64</span><span class="p">,</span> <span class="dl">'</span><span class="s1">sha512</span><span class="dl">'</span><span class="p">).</span><span class="nf">toString</span><span class="p">(</span><span class="dl">'</span><span class="s1">base64</span><span class="dl">'</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nf">isValidPassword</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">.</span><span class="nx">password</span><span class="p">))</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span><span class="na">status</span><span class="p">:</span> <span class="dl">'</span><span class="s1">error</span><span class="dl">'</span><span class="p">,</span> <span class="na">message</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Password must be 8 or more characters.</span><span class="dl">'</span><span class="p">});</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nf">isValidEmail</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">.</span><span class="nx">email</span><span class="p">))</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span><span class="na">status</span><span class="p">:</span> <span class="dl">'</span><span class="s1">error</span><span class="dl">'</span><span class="p">,</span> <span class="na">message</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Email address not formed correctly.</span><span class="dl">'</span><span class="p">});</span> <span class="p">}</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">var</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">User</span><span class="p">.</span><span class="nf">create</span><span class="p">({</span> <span class="na">first_name</span><span class="p">:</span> <span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">.</span><span class="nx">first_name</span><span class="p">,</span> <span class="na">last_name</span><span class="p">:</span> <span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">.</span><span class="nx">last_name</span><span class="p">,</span> <span class="na">email</span><span class="p">:</span> <span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">.</span><span class="nx">email</span><span class="p">,</span> <span class="na">role</span><span class="p">:</span> <span class="dl">"</span><span class="s2">user</span><span class="dl">"</span><span class="p">,</span> <span class="na">password</span><span class="p">:</span> <span class="nx">password</span><span class="p">,</span> <span class="na">salt</span><span class="p">:</span> <span class="nx">salt</span> <span class="p">});</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span><span class="na">status</span><span class="p">:</span> <span class="dl">'</span><span class="s1">error</span><span class="dl">'</span><span class="p">,</span> <span class="na">message</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Email address already exists.</span><span class="dl">'</span><span class="p">});</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="nx">user</span><span class="p">)</span> <span class="p">{</span> <span class="nx">passport</span><span class="p">.</span><span class="nf">authenticate</span><span class="p">(</span><span class="dl">'</span><span class="s1">local</span><span class="dl">'</span><span class="p">,</span> <span class="kd">function</span><span class="p">(</span><span class="nx">err</span><span class="p">,</span> <span class="nx">user</span><span class="p">,</span> <span class="nx">info</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nf">next</span><span class="p">(</span><span class="nx">err</span><span class="p">);</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">user</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span><span class="na">status</span><span class="p">:</span> <span class="dl">'</span><span class="s1">error</span><span class="dl">'</span><span class="p">,</span> <span class="na">message</span><span class="p">:</span> <span class="nx">info</span><span class="p">.</span><span class="nx">message</span><span class="p">});</span> <span class="p">}</span> <span class="nx">req</span><span class="p">.</span><span class="nf">logIn</span><span class="p">(</span><span class="nx">user</span><span class="p">,</span> <span class="kd">function</span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nf">next</span><span class="p">(</span><span class="nx">err</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span><span class="na">status</span><span class="p">:</span> <span class="dl">'</span><span class="s1">ok</span><span class="dl">'</span><span class="p">});</span> <span class="p">});</span> <span class="p">})(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">,</span> <span class="nx">next</span><span class="p">);</span> <span class="p">}</span> <span class="p">});</span> </code></pre> </div> <p>You'll notice a few things:</p> <ul> <li>We use 64 random bytes for the salt and password, to make a better encrypted string. <strong>However, it may be worth researching a bit more to ensure that this tutorial is up to date with the latest security best practices.</strong> </li> <li>The <code>validPassword</code> function currently just checks for a password of 8 characters or more, but you can add additional validation if you'd like. Ditto for <code>validEmail</code>.</li> <li>You may want to tuck these methods into the User model. Here's a handy way <a href="https://sequelize-guides.netlify.com/instance-and-class-methods/" rel="noopener noreferrer">to add instance methods to a Sequelize model</a>.</li> </ul> <h3> Add this route to <code>app.js</code> </h3> <p>In <code>app.js</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">var</span> <span class="nx">userRouter</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">./routes/user</span><span class="dl">'</span><span class="p">);</span> </code></pre> </div> <p>Further down in app.js where your indexRouter is defined, add:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="dl">'</span><span class="s1">/user</span><span class="dl">'</span><span class="p">,</span> <span class="nx">userRouter</span><span class="p">);</span> </code></pre> </div> <ul> <li>Add view</li> </ul> <p>Create a <code>register.pug</code> view and add your form. The template I use leverages <a href="https://getbootstrap.com/" rel="noopener noreferrer">Bootstrap</a> as the CSS framework, but any will do.</p> <p><em>Note: while the User table has fields for First name and Last name, they're not in the view below because Solitaired doesn't collect that info. If you would like to add those fields in the view, feel free to.</em><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>extends layout block content div.row div.col div.message.alert.alert-danger(style="display:none;") | #{message} form(onsubmit="return false;") div.form-group label(for="email") Email input.form-control.email(type="email", name="email", aria-describedby="emailHelp", autocomplete="username") small#emailHelp.form-text.text-muted We'll never share your email with anyone else. div.form-group label(for="password") Password input.form-control.password(type="password", name="password", aria-describedby="passwordHelp", autocomplete="current-password") small#passwordHelp.form-text.text-muted Password must be 8 characters or more. div.form-group button.submit.btn.btn-primary(type="button") Register script. $('#registerModal .submit').on('click', function() { $.post('/user/register', { email: $('#registerModal .email').val(), password: $('#registerModal .password').val() }, function(resp) { if (resp.status == 'error') { $('#registerModal .message').text(resp.message).show(); } else { window.alert('success - you should redirect your user'); } } }) }); </code></pre> </div> <h3> Add session serialization code to app.js </h3> <p>This is better explained in the <a href="http://www.passportjs.org/docs/configure/" rel="noopener noreferrer">PassportJS documentation</a>, but to be able to access your user data in your app, you need to leverage Passport's serialize and deserialize methods.</p> <p>Add these methods to <code>app.js</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">passport</span><span class="p">.</span><span class="nf">serializeUser</span><span class="p">(</span><span class="kd">function</span><span class="p">(</span><span class="nx">user</span><span class="p">,</span> <span class="nx">done</span><span class="p">)</span> <span class="p">{</span> <span class="nf">done</span><span class="p">(</span><span class="kc">null</span><span class="p">,</span> <span class="p">{</span><span class="na">id</span><span class="p">:</span> <span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="na">email</span><span class="p">:</span> <span class="nx">user</span><span class="p">.</span><span class="nx">email</span><span class="p">,</span> <span class="na">role</span><span class="p">:</span> <span class="nx">user</span><span class="p">.</span><span class="nx">role</span><span class="p">});</span> <span class="p">});</span> <span class="nx">passport</span><span class="p">.</span><span class="nf">deserializeUser</span><span class="p">(</span><span class="kd">function</span><span class="p">(</span><span class="nx">user</span><span class="p">,</span> <span class="nx">done</span><span class="p">)</span> <span class="p">{</span> <span class="nf">done</span><span class="p">(</span><span class="kc">null</span><span class="p">,</span> <span class="p">{</span><span class="na">id</span><span class="p">:</span> <span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="na">email</span><span class="p">:</span> <span class="nx">user</span><span class="p">.</span><span class="nx">email</span><span class="p">,</span> <span class="na">role</span><span class="p">:</span> <span class="nx">user</span><span class="p">.</span><span class="nx">role</span><span class="p">});</span> <span class="p">});</span> </code></pre> </div> <p>As you can see above, I'm only sharing certain aspects of the user's details. You can add more/less as preferred.</p> <h3> Test </h3> <p>This route should now show up when you go to <a href="http://localhost:3000/user/register" rel="noopener noreferrer">http://localhost:3000/user/register</a> (or replace the URL with your local server URL). You should see the fields listed. When submitting, we use jQuery to register and log the user in.</p> <p>You should also be able to view the data in your database. Your user and your new session should be in there. The expiration date in your session should match what you've listed earlier in <code>app.js</code>.</p> <h2> Set up login route </h2> <p>Now that users can register, let's also let them log in.</p> <p>Add the following code to <code>user.js</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">router</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/login</span><span class="dl">'</span><span class="p">,</span> <span class="kd">function</span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">,</span> <span class="nx">next</span><span class="p">)</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">render</span><span class="p">(</span><span class="dl">'</span><span class="s1">user/login</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="p">});</span> <span class="p">});</span> <span class="nx">router</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">'</span><span class="s1">/login</span><span class="dl">'</span><span class="p">,</span> <span class="kd">function</span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">,</span> <span class="nx">next</span><span class="p">)</span> <span class="p">{</span> <span class="nx">passport</span><span class="p">.</span><span class="nf">authenticate</span><span class="p">(</span><span class="dl">'</span><span class="s1">local</span><span class="dl">'</span><span class="p">,</span> <span class="kd">function</span><span class="p">(</span><span class="nx">err</span><span class="p">,</span> <span class="nx">user</span><span class="p">,</span> <span class="nx">info</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nf">next</span><span class="p">(</span><span class="nx">err</span><span class="p">);</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">user</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span><span class="na">status</span><span class="p">:</span> <span class="dl">'</span><span class="s1">error</span><span class="dl">'</span><span class="p">,</span> <span class="na">message</span><span class="p">:</span> <span class="nx">info</span><span class="p">.</span><span class="nx">message</span><span class="p">});</span> <span class="p">}</span> <span class="nx">req</span><span class="p">.</span><span class="nf">logIn</span><span class="p">(</span><span class="nx">user</span><span class="p">,</span> <span class="kd">function</span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nf">next</span><span class="p">(</span><span class="nx">err</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span><span class="na">status</span><span class="p">:</span> <span class="dl">'</span><span class="s1">ok</span><span class="dl">'</span><span class="p">});</span> <span class="p">});</span> <span class="p">})(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">,</span> <span class="nx">next</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>Add your login view code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> extends layout block content div.row div.col div.message.alert.alert-danger(style="display:none;") | #{message} form(onsubmit="return false;") div.form-group label(for="email") Email input.form-control.email(type="email", name="email", aria-describedby="emailHelp", autocomplete="username") div.form-group label(for="password") Password input.form-control.password(type="password", name="password", autocomplete="current-password") div.form-group button.submit.btn.btn-primary(type="submit") Login script. $('#loginModal .submit').on('click', function() { $.post('/user/login', { email: $('#loginModal .email').val(), password: $('#loginModal .password').val() }, function(resp) { if (resp.status == 'error') { $('#loginModal .message').text(resp.message).show(); } else { window.alert('success - you should redirect your user'); } }) }); </code></pre> </div> <p>Now you have a login route!</p> <p>To test this, go to <em>/user/login</em> in your browser and you should be able to log in.</p> <h2> Set up logout </h2> <p>This one is easy. In your <code>routes/user.js</code> file, add:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">router</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/logout</span><span class="dl">'</span><span class="p">,</span> <span class="kd">function</span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">){</span> <span class="nx">req</span><span class="p">.</span><span class="nf">logout</span><span class="p">();</span> <span class="nx">res</span><span class="p">.</span><span class="nf">redirect</span><span class="p">(</span><span class="dl">'</span><span class="s1">/</span><span class="dl">'</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>You should be able to log out by going to <code>/users/logout</code></p> <h2> Wire this up to your layout </h2> <p>Now you need to update your nav to reflect the state of your application, and give your users a way to register, log in, and log out.</p> <p>Here's one way to do this.</p> <p>In <code>app.js</code>, pass your user variable to the view template:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nf">function </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">,</span> <span class="nx">next</span><span class="p">)</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nx">locals</span><span class="p">.</span><span class="nx">user_id</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">;</span> <span class="nf">next</span><span class="p">();</span> <span class="p">});</span> </code></pre> </div> <p>In your layout template (or the file that contains your nav), do something like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> if user_id li.nav-item a.mr-2(href="/user/logout") Logout else li.nav-item a.mr-2(href="/user/login") Login li.nav-item a.mr-2(href="/user/register") Register </code></pre> </div> <h2> What's next? </h2> <p>Now your users are able to register, log in, and log out. You should be able to see these users in your database and sensitive password data is encrypted.</p> <p>But there's one last thing, which we won't get to in this lesson. Your user management system still needs <strong>Forgot password</strong> functionality. Given that we've covered a lot in this session we'll leave that for next time.</p> node sql