The latest articles on DEV Community by Kashish2402 (@kashishgupta). https://dev.to/kashishgupta https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F2068386%2Fb91f59e8-1d07-41e4-95e0-c744a26946c5.png https://dev.to/kashishgupta en Kashish2402 Thu, 09 Jan 2025 14:42:53 +0000 https://dev.to/kashishgupta/authentication-system-using-nodejs-23e https://dev.to/kashishgupta/authentication-system-using-nodejs-23e <h2> Introduction </h2> <p>Authentication is a process to identify user's identity and grant them access to the resources provided by application. In backend development, <br> <em>authentication plays a major role to grant or restrict users to access specific resources.</em></p> <p>Authentication can be done in two ways: -</p> <ul> <li><p>Token-Based Authentication.</p></li> <li><p>Session-Based Authentication.</p></li> </ul> <p>Here we'll talk about Token Based Authentication.</p> <h2> Token-Based Authentication </h2> <p>Token-based authentication is a widely used security mechanism to offer robust experience to users without compromising with the security. </p> <p>In the token-based authentication, when user logged in server generates unique token for users. After server generates the token, it will be sent to client and stored on client's system locally. Whenever client makes a request, this token go with each request to verify the identity of user.</p> <h2> Authentication Process </h2> <ol> <li><p><strong>REQUEST</strong>- When user login to the application, browser made a request to server with user credentials.</p></li> <li><p><strong>VERIFICATION</strong> - When request comes to the server it validates the user and generates a secret key known as token and send it to user via HTTP.<br> Generally, the token is sent in a JWT [jsonWebTokens] open standard that consist of a header, payload, signature.</p></li> <li><p><strong>VALIDATE TOKEN</strong> - When user receives the token secret code it saves on client's browser as it helps to verify identity whenever user makes a request. this token is short lived have a life span of 15-60min and this token is also known as access token code. If user unable to use access token code, then it will request for refresh token code which stays in system for 3-4 days.</p></li> <li><p><strong>RESPONSE</strong> - When the validation is done then token grants or restrict user to access specific content.</p></li> </ol> <p><strong>Example</strong><br> Let's take an example, we'll implement token-based authentication using register and login methodology.</p> <p>First, we will create functionality for Register module for a user:-</p> <p><strong>STEP1: -</strong> <em>Register User</em><br> Register uses collects data from user to create account<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>// FIRSTLY, WE'LL SELECT THE REGISTER FORM const form = document.querySelector(".register"); // ADDING EVENT LISTENER TO FORM TO COLLECT THE VALUES FROM USER form.addEventListener("submit", (e) =&gt; { e.preventDefault(); const username = e.target.username.value; const email = e.target.email.value; const password = e.target.password.value; }); </code></pre> </div> <p><strong>STEP2: -</strong> <em>Encrypting the password</em></p> <p>Before saving user's data to database, we first need to encrypt the password for security purpose then save it to database.</p> <p>For encrypting the password, we use <strong>npm package bcrypt</strong>.</p> <p>Firstly, we need to install the package by writing in terminal: -<br> <em><code>npm install bcrypt</code></em></p> <p>Now, we'll hash the password like this<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>// IMPORTING BCRYPT MODULE const bcrypt=require('bcrypt'); // ASSIGNING USERS PASSWORD const plainPassword=userPassword // ENCRYPTING PASSWORD // BASIC SYNTAX // bcrypt.hash(plainTextPassword,salt_rounds) const hashedPassword=bcrypt.hash(plainPassword,10); if(!hashedPassword){ throw new Error('Enable to generate password') } // NOW WE WILL SAVE USER DETAILS AND PASSWORD TO DATABASE console.log('Hashed Password is : ',hashedPassword) </code></pre> </div> <p><em>bcrypt.hash is a function which hashes the password with salt rounds. It generates different hashed key every time weather any of two users have same password.</em></p> <p><strong>Login functionality</strong></p> <p>When any user try to login, it retrieves hashed password from database and compare it with password given by user during login<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>const form = document.querySelector(".login"); form.addEventListener("submit", (e) =&gt; { e.preventDefault(); const username = e.target.username.value; const password = e.target.password.value; }); const hashedPassword= 'retrievePasswordFromDatabase' let result=bcrypt.compare(hashedPassword,userPassword) if(result){ console.log('Login Successfully !!') } else{ console.log('Wrong password or username') } </code></pre> </div> webdev javascript authjs backend Kashish2402 Thu, 09 Jan 2025 14:33:50 +0000 https://dev.to/kashishgupta/usecontext-1l4o https://dev.to/kashishgupta/usecontext-1l4o