DEV Community: muhammed Lotfy The latest articles on DEV Community by muhammed Lotfy (@mhmdlotfy96). https://dev.to/mhmdlotfy96 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F461580%2F4e4aa07b-3673-416d-84e5-2ffc81a1039f.jpeg DEV Community: muhammed Lotfy https://dev.to/mhmdlotfy96 en Testing NodeJs/Express API with Jest and Super test ๐Ÿง๐Ÿง muhammed Lotfy Mon, 21 Dec 2020 22:35:30 +0000 https://dev.to/mhmdlotfy96/testing-nodejs-express-api-with-jest-and-supertest-1bk0 https://dev.to/mhmdlotfy96/testing-nodejs-express-api-with-jest-and-supertest-1bk0 <h1> Table Of Contents </h1> <ul> <li>About Testing!</li> <li>Jest and SuperTest Intro ! </li> <li> Who apply testing? </li> <li>Conclusion</li> </ul> <h3> <strong>Testing</strong> one of the most important skills you can known as a developer, It's something a lot of people don't teach or focus on but if you known testing, So I had to try and figure it out here in <strong>part(2)</strong>. you can read more in article <a href="https://dev.to/mhmdlotfy96/testing-a-rest-api-in-node-js-with-express-using-mocha-and-chai-1258"> Testing part(1) in Node JS with Express using Mocha and Chai</a> </h3> <h1> About Testing! <a></a> </h1> <p><strong>Unit Testing</strong><br> Tests a single fully isolated unity of the application.</p> <p><strong>Integration Testing</strong><br> Tests the interaction of a unit along with its dependencies. e.g. A function that calls another function meaning that the test results are also depending on the function being called within the parent function.</p> <p><strong>End-2-End Testing</strong><br> Full flow tests. From the front-end button click to the API endpoint consuming.</p> <h1> Jest and SuperTest Introduction <a></a> </h1> <h3> About Jest </h3> <ul> <li>Jest is a wonderful testing library created by <strong>Facebook</strong> to help test JavaScript code, Express APIs, React components, and much more.</li> <li>What's great about Jest is it <strong>not only has a similar syntax</strong> to other testing/assertion libraries like <strong>Jasmine and Chai</strong>.</li> <li>And with Jest your tests <strong>run in parallel</strong> so they are executed <strong>much faster</strong> than other testing frameworks.</li> </ul> <h3> About SuperTest </h3> <p>SuperTest is an HTTP assertions library that allows you to test your <strong>Node.js HTTP servers</strong>. <br> It is built on top of SuperAgent library, which is an HTTP client for Node.js.</p> <h1> Who apply testing ?! <a></a> </h1> <p><strong>(1) Getting Started</strong><br> So, in this article we're going to use the blog REST API I built using Express and Mongoose<br> which you can fetch <a href="https://github.com/mohamedlotfe/unit-testing-api-nodejs-jest" rel="noopener noreferrer">Github repo here</a></p> <ul> <li>To use jest globally we can install it with </li> </ul> <p><code>$ npm install -g --save-dev jest supertest</code></p> <ul> <li>Once the packages are installed, we need to setup a test command in our <code>package.json file</code> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="p">{</span> <span class="c1">// ...</span> <span class="dl">"</span><span class="s2">scripts</span><span class="dl">"</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">test</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">jest</span><span class="dl">"</span> <span class="p">}</span> <span class="c1">// ...</span> <span class="p">}</span> </code></pre> </div> <p><strong>(2) Test preparation</strong></p> <ul> <li>Writing your first test (You can make the test pass by expecting 1 === 1). ```javascript </li> </ul> <p>// This passes because 1 === 1<br> it('Testing to see if Jest works', () =&gt; {<br> expect(1).toBe(1)<br> })</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>**(3) Testing Endpoints** - Before you can test endpoints, you need to setup the server so Supertest can use it in your tests. - Most tutorials teach you to listen to the Express app in the server file, like this: ```javascript const express = require('express') const app = express() // Middlewares... // Routes... app.listen(3000) </code></pre> </div> <ul> <li>This <strong>doesnโ€™t work</strong> because it starts listening to one port. If you try to write many test files, you will get an error <strong>port in use</strong>.</li> <li>So you want to allow each test file to start a server on their own. To do this, you need to <strong>export app without listening</strong> to it.</li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="kd">const</span> <span class="nx">express</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">express</span><span class="dl">'</span><span class="p">)</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="nf">express</span><span class="p">()</span> <span class="c1">// Middlewares...</span> <span class="c1">// Routes...</span> <span class="nx">module</span><span class="p">.</span><span class="nx">exports</span> <span class="o">=</span> <span class="nx">app</span> </code></pre> </div> <ul> <li>For development or production purposes, you can listen to your app like normal in a different file like index.js. ```javascript </li> </ul> <p>const app = require("./server");<br> app.listen(5000, () =&gt; {<br> console.log("Server has started!");<br> });</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>**(4) Using Supertest** - To use Supertest, you require your app and supertest in the test file. ```javascript const app = require("../server"); const mongoose = require("mongoose"); const supertest = require("supertest"); beforeEach((done) =&gt; { mongoose.connect("mongodb://localhost:27017/JestDB", { useNewUrlParser: true, useUnifiedTopology: true }, () =&gt; done()); }); afterEach((done) =&gt; { mongoose.connection.db.dropDatabase(() =&gt; { mongoose.connection.close(() =&gt; done()) }); }); </code></pre> </div> <ul> <li>Those are functions that will be invoked <strong>before and after every single test cases</strong>. This allows us to connect to MongoDB and remove all the data once a test case is finished</li> <li> <p><strong>In Jest</strong>, these are done using <strong>four different</strong> functions:</p> <ul> <li> <strong>beforeAll</strong> - called once before all tests.</li> <li> <strong>beforeEach</strong> - called before each of these tests (before every test function).</li> <li> <strong>afterEach</strong> - called after each of these tests (after every test function).</li> <li> <strong>afterAll</strong> - called once after all tests.</li> </ul> </li> </ul> <p><strong>(5) Using routes</strong></p> <ul> <li>We also want to initialize our Express server in app variable which will be accessible from our test case. Let's create <strong>a new test</strong> case called <code>GET /api/posts</code>. ```javascript </li> </ul> <p>test("GET /api/posts", async () =&gt; {<br> const post = await Post.create({ title: "Post 1", content: "Lorem ipsum" });</p> <p>await supertest(app).get("/api/posts")<br> .expect(200)<br> .then((response) =&gt; {<br> // Check type and length<br> expect(Array.isArray(response.body)).toBeTruthy();<br> expect(response.body.length).toEqual(1);</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> // Check data expect(response.body[0]._id).toBe(post.id); expect(response.body[0].title).toBe(post.title); expect(response.body[0].content).toBe(post.content); }); </code></pre> </div> <p>});</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>* Here, we're adding a <strong>new document</strong> to our database so that we won't get an empty response. Then, we send a GET request using SuperTest to the <code>/api/posts</code> endpoint and expect the <strong>response status</strong> to be <strong>200</strong> <ul> <li>which means success. Finally, we check if the response matches the data in the database.</li> </ul> <h3> We can now run our tests by running <code>npm test</code> </h3> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fraimy3in7xtqklrg35uy.PNG" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fraimy3in7xtqklrg35uy.PNG" alt="Alt Text"></a></p> <h2> Matchers </h2> <p><strong>Jest</strong> has quite a few functions used for assertions/expectations. You can see a full list <a href="https://jestjs.io/docs/en/expect.html" rel="noopener noreferrer">here</a>, but these are some common ones.</p> <ul> <li><strong>toBeDefined</strong></li> <li><strong>toBeGreaterThan / toBeLessThan</strong></li> <li> <strong>toBe</strong> (uses === to compare)</li> <li> <strong>toEqual</strong> (for deep object comparison)</li> <li> <strong>toContain</strong> (see if a value is inside of a collection)</li> </ul> <h2> Now, let's test the get single post . </h2> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="nf">test</span><span class="p">(</span><span class="dl">"</span><span class="s2">GET /api/posts/:id</span><span class="dl">"</span><span class="p">,</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&amp;</span><span class="nx">gt</span><span class="p">;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">post</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">Post</span><span class="p">.</span><span class="nf">create</span><span class="p">({</span> <span class="na">title</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Post 1</span><span class="dl">"</span><span class="p">,</span> <span class="na">content</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Lorem ipsum</span><span class="dl">"</span> <span class="p">});</span> <span class="k">await</span> <span class="nf">supertest</span><span class="p">(</span><span class="nx">app</span><span class="p">).</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">/api/posts/</span><span class="dl">"</span> <span class="o">+</span> <span class="nx">post</span><span class="p">.</span><span class="nx">id</span><span class="p">)</span> <span class="p">.</span><span class="nf">expect</span><span class="p">(</span><span class="mi">200</span><span class="p">)</span> <span class="p">.</span><span class="nf">then</span><span class="p">((</span><span class="nx">response</span><span class="p">)</span> <span class="o">=&amp;</span><span class="nx">gt</span><span class="p">;</span> <span class="p">{</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nx">body</span><span class="p">.</span><span class="nx">_id</span><span class="p">).</span><span class="nf">toBe</span><span class="p">(</span><span class="nx">post</span><span class="p">.</span><span class="nx">id</span><span class="p">);</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nx">body</span><span class="p">.</span><span class="nx">title</span><span class="p">).</span><span class="nf">toBe</span><span class="p">(</span><span class="nx">post</span><span class="p">.</span><span class="nx">title</span><span class="p">);</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nx">body</span><span class="p">.</span><span class="nx">content</span><span class="p">).</span><span class="nf">toBe</span><span class="p">(</span><span class="nx">post</span><span class="p">.</span><span class="nx">content</span><span class="p">);</span> <span class="p">});</span> <span class="p">});</span> <span class="o">&lt;</span><span class="sr">/code&gt;&lt;/</span><span class="nx">pre</span><span class="o">&gt;&lt;</span><span class="sr">/div&gt;&lt;h3</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">a</span> <span class="nx">name</span><span class="o">=</span><span class="dl">"</span><span class="s2">we-can-now-run-our-tests-again-by-running-raw-npm-test-endraw-</span><span class="dl">"</span> <span class="nx">href</span><span class="o">=</span><span class="dl">"</span><span class="s2">#we-can-now-run-our-tests-again-by-running-raw-npm-test-endraw-</span><span class="dl">"</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="sr">/a</span><span class="err">&gt; </span> <span class="nx">We</span> <span class="nx">can</span> <span class="nx">now</span> <span class="nx">run</span> <span class="nx">our</span> <span class="nx">tests</span> <span class="nx">again</span> <span class="nx">by</span> <span class="nx">running</span> <span class="o">&lt;</span><span class="nx">code</span><span class="o">&gt;</span><span class="nx">npm</span> <span class="nx">test</span><span class="o">&lt;</span><span class="sr">/code</span><span class="err">&gt; </span><span class="o">&lt;</span><span class="sr">/h3</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">p</span><span class="o">&gt;&lt;</span><span class="nx">img</span> <span class="nx">src</span><span class="o">=</span><span class="dl">"</span><span class="s2">https://dev-to-uploads.s3.amazonaws.com/i/1mvul58a5uawa4esdljw.PNG</span><span class="dl">"</span> <span class="nx">alt</span><span class="o">=</span><span class="dl">"</span><span class="s2">Alt Text</span><span class="dl">"</span><span class="o">&gt;&lt;</span><span class="sr">/p</span><span class="err">&gt; </span><span class="o">&lt;</span><span class="nx">h1</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">a</span> <span class="nx">name</span><span class="o">=</span><span class="dl">"</span><span class="s2">conclusion</span><span class="dl">"</span> <span class="nx">href</span><span class="o">=</span><span class="dl">"</span><span class="s2">#conclusion</span><span class="dl">"</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="sr">/a</span><span class="err">&gt; </span> <span class="nx">Conclusion</span><span class="o">!</span> <span class="o">&lt;</span><span class="nx">a</span> <span class="nx">name</span><span class="o">=</span><span class="dl">"</span><span class="s2">chapter-4</span><span class="dl">"</span><span class="o">&gt;&lt;</span><span class="sr">/a</span><span class="err">&gt; </span><span class="o">&lt;</span><span class="sr">/h1</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">p</span><span class="o">&gt;</span><span class="nx">I</span> <span class="nx">played</span> <span class="nx">around</span> <span class="kd">with</span> <span class="nx">testing</span> <span class="nx">lately</span><span class="p">.</span> <span class="nx">One</span> <span class="nx">thing</span> <span class="nx">I</span> <span class="nx">tried</span> <span class="nx">to</span> <span class="k">do</span> <span class="nx">was</span> <span class="nx">to</span> <span class="nx">test</span> <span class="nx">the</span> <span class="nx">endpoints</span> <span class="k">of</span> <span class="nx">my</span> <span class="nx">Express</span> <span class="nx">application</span><span class="p">.</span><span class="o">&lt;</span><span class="sr">/p</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">p</span><span class="o">&gt;</span><span class="nx">If</span> <span class="nx">you</span> <span class="nx">enjoyed</span> <span class="k">this</span> <span class="nx">article</span><span class="p">,</span> <span class="nx">please</span> <span class="nx">tell</span> <span class="nx">a</span> <span class="nx">friend</span> <span class="nx">about</span> <span class="nx">it</span><span class="o">!&lt;</span><span class="nx">br</span><span class="o">&gt;</span> <span class="nx">Share</span> <span class="nx">it</span> <span class="nx">on</span> <span class="nx">Twitter</span><span class="p">.</span> <span class="nx">If</span> <span class="nx">you</span> <span class="nx">spot</span> <span class="nx">a</span> <span class="nx">typo</span><span class="p">,</span> <span class="nx">I</span><span class="err">โ€™</span><span class="nx">d</span> <span class="nx">appreciate</span> <span class="k">if</span> <span class="nx">you</span> <span class="nx">can</span> <span class="nx">correct</span> <span class="nx">it</span> <span class="nx">on</span> <span class="o">&lt;</span><span class="nx">a</span> <span class="nx">href</span><span class="o">=</span><span class="dl">"</span><span class="s2">https://github.com/mohamedlotfe/unit-testing-api-nodejs-jest</span><span class="dl">"</span><span class="o">&gt;</span><span class="nx">GitHub</span><span class="o">&lt;</span><span class="sr">/a&gt;.&lt;br</span><span class="err">&gt; </span><span class="nx">You</span> <span class="nx">can</span> <span class="nx">contact</span> <span class="nx">me</span> <span class="nx">through</span><span class="p">:</span><span class="o">&lt;</span><span class="sr">/p</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">p</span><span class="o">&gt;</span><span class="nx">Gmail</span><span class="p">:</span> <span class="o">&lt;</span><span class="nx">a</span> <span class="nx">href</span><span class="o">=</span><span class="dl">"</span><span class="s2">mailto:mhmdlotfy9@gmail.com</span><span class="dl">"</span><span class="o">&gt;</span><span class="nx">mhmdlotfy9</span><span class="p">@</span><span class="nd">gmail</span><span class="p">.</span><span class="nx">com</span><span class="o">&lt;</span><span class="sr">/a&gt;&lt;br</span><span class="err">&gt; </span><span class="nx">or</span> <span class="o">&lt;</span><span class="nx">a</span> <span class="nx">href</span><span class="o">=</span><span class="dl">"</span><span class="s2">https://www.linkedin.com/in/mohamedlotfybasher/</span><span class="dl">"</span><span class="o">&gt;</span><span class="nx">Linkedin</span><span class="o">&lt;</span><span class="sr">/a&gt;&lt;br</span><span class="err">&gt; </span><span class="nx">Thank</span> <span class="nx">you</span><span class="o">&lt;</span><span class="sr">/p</span><span class="err">&gt; </span></code></pre> </div></code></pre> </div> testdev javascript webdev discuss Authentication and Authorization Using JWT in Node JS with Express muhammed Lotfy Sat, 12 Dec 2020 22:01:32 +0000 https://dev.to/mhmdlotfy96/authentication-and-authorization-using-jwt-in-node-js-with-express-5bo6 https://dev.to/mhmdlotfy96/authentication-and-authorization-using-jwt-in-node-js-with-express-5bo6 <h1> Table Of Contents </h1> <ul> <li>What is authentication &amp; authorization ?!</li> <li>What is (JWT)JSON Web Token? </li> <li> Why using Authentication &amp; Authorization ? </li> <li> How apply Authentication ? </li> <li> How apply Authorization ? </li> <li>Conclusion</li> </ul> <h1> Introduction </h1> <p>User authentication &amp; authorization is one of the important part of any web application. <br> There are several kinds of way to handle authentication, we can rely on third party service like Passport. <br> But in this article we will use very simple &amp; self developed approach, which will help us to understand core part of authentication.</p> <h2> Technology Used </h2> <p>Token: JWT<br> Password Hash: bcryptjs<br> Database: MongoDB</p> <h1> What is authentication &amp; authorization ?! <a></a> </h1> <p>In simple words, <strong>Authentication</strong> is the process of verifying who a user is (who you are), and <br> <strong>Authorization</strong> is the process of verifying what they have access to (what you are allowed to do).</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Faahzykknaja797kdgp5u.gif" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Faahzykknaja797kdgp5u.gif" alt="haa" width="390" height="293"></a></p> <h1> What is (JWT)JSON Web Token ?! <a></a> </h1> <p><strong>JWTs</strong> are a good way of <strong>securely transmitting information between parties</strong> because they can be signed (Information Exchange). Even though we can use JWT with any type of communication method, today JWT is very popular for handling authentication and authorization via HTTP.</p> <h3> Here is the diagram of how JWT works: </h3> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F9vlykphw826cpsnfue7b.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F9vlykphw826cpsnfue7b.png" alt="Alt Text" width="800" height="298"></a></p> <h1> Structure of a JWT :- </h1> <ol> <li><p>The <strong>first section</strong> of the JWT is the <strong>header</strong>, which is a Base64-encoded string. <br> which contains the hashing algorithm, which was used to generate the sign and the type of the token.<br> If you decoded the header it would look something similar to this:<br> <code>{ "alg": "HS256", "typ": "JWT"}</code></p></li> <li><p>The <strong>second sectio</strong>n is <strong>the payload that contains the JSON object of user data</strong> like (id or id_type) that was sent back to the user.<br> Since this is only Base64-encoded, it can easily be decoded by anyone.</p></li> </ol> <p><code>{"sub": "1234567890", "name": "John Doe", "userId": "1516239022", "user_type_id":1 }</code></p> <ol> <li>The <strong>final section</strong> is the <strong>signature of the token</strong> using the algorithm that is mentioned in the header section</li> </ol> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fz1ju9v1pwi7b3gskr2ot.PNG" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fz1ju9v1pwi7b3gskr2ot.PNG" alt="Structure of a JWT" width="800" height="380"></a></p> <h1> Why using Authentication &amp; Authorization ?! <a></a> </h1> <p>To <strong>protect the data</strong> in a security system, administrators should be able to, among other things, implement detailed user <strong>access privileges</strong>, select the information that can be shared internally with partners and authorities, and <strong>control</strong> how long data is kept.</p> <p><strong>A common example</strong> is entering a username and password when you log in to a website.<br> Entering the correct login information lets the website know </p> <p>1) Who you are and<br> 2) That it is actually you accessing the website.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbhhxjqity4gzok36ztm1.gif" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbhhxjqity4gzok36ztm1.gif" alt="Let's Start" width="480" height="270"></a></p> <h2> There will be two <strong>types of users</strong> (admin &amp; user) </h2> <p><strong>Authentication</strong> that all user need to login and register first , <br> <strong>Authorization</strong> that administrators and the regular user. Administrators will be able to view special events <br> whereas the regular user will be able to view ordinary events </p> <p>To get <strong>started</strong> in this trip, I have REST APIs already created (including <strong>4 Routes</strong>) <a href="https://github.com/mohamedlotfe/Auth-Using-JWT-with-Express/tree/main" rel="noopener noreferrer">GitHub repo</a></p> <p>1- POST login route ( everyone has access)<br> 2- POST register route ( everyone has access)<br> 3- GET events array (only regular user has access)<br> 4- GET special events array (only admin user has access)</p> <h1> How apply Authentication ?! <a></a> </h1> <h3> Step (1) </h3> <ol> <li><p>To get started, in your terminal initialize an empty Node.js project with default settings:<br> <code>$ npm init -y</code></p></li> <li><p>Then, let's install the Express framework, JWT, bcryptjs and mongoose:<br> <code>$ npm install --save express jsonwebtoken bcryptjs</code> </p></li> <li><p>Then To create basic structure for different kind of endpoints like registration or login we will use express as router. And we will create a folder for routers (routers/index.js)</p></li> <li><p>Then, let's create a file called <code>(middleware/auth.js)</code>, which will be our authentication service and create a file called <code>(controllers/user)</code>, which will be our controller for user functions</p></li> <li><p>Now, let's create our Server and use these modules and configure them in the Express app (server.js):<br> </p></li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">express</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">express</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="nf">express</span><span class="p">();</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nx">express</span><span class="p">.</span><span class="nf">json</span><span class="p">());</span> <span class="c1">// Import Routes</span> <span class="kd">const</span> <span class="nx">authRoute</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">./routes/index</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// Route Middlewares</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api</span><span class="dl">'</span><span class="p">,</span> <span class="nx">authRoute</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">port</span> <span class="o">=</span> <span class="mi">3000</span><span class="p">;</span> <span class="nx">app</span><span class="p">.</span><span class="nf">listen</span><span class="p">(</span><span class="nx">port</span><span class="p">,</span> <span class="kd">function</span><span class="p">(){</span><span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">Server running on localhost:</span><span class="dl">"</span> <span class="o">+</span> <span class="nx">port</span><span class="p">);});</span> </code></pre> </div> <h3> Step (2) </h3> <ol> <li>Now go for folder for routers <code>(routers/index.js)</code> to configure express Router import userController </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">router</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">express</span><span class="dl">'</span><span class="p">).</span><span class="nc">Router</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">userController</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">../controllers/user</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// Register a new User</span> <span class="nx">router</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">'</span><span class="s1">/register</span><span class="dl">'</span><span class="p">,</span> <span class="nx">userController</span><span class="p">.</span><span class="nx">register</span><span class="p">);</span> <span class="c1">// Login</span> <span class="nx">router</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">'</span><span class="s1">/login</span><span class="dl">'</span><span class="p">,</span> <span class="nx">userController</span><span class="p">.</span><span class="nx">login</span><span class="p">);</span> <span class="nx">module</span><span class="p">.</span><span class="nx">exports</span> <span class="o">=</span> <span class="nx">router</span><span class="p">;</span> </code></pre> </div> <h3> Step (3) </h3> <p>Now go for folder for routers <code>(controllers/user)</code> to add userController functions<br> 1.Connect to DB<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">mongoose</span><span class="p">.</span><span class="nf">connect</span><span class="p">(</span><span class="nx">db</span><span class="p">,</span> <span class="kd">function</span><span class="p">(</span><span class="nx">err</span><span class="p">){</span> <span class="k">if</span><span class="p">(</span><span class="nx">err</span><span class="p">){</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Error! </span><span class="dl">'</span> <span class="o">+</span> <span class="nx">err</span><span class="p">)</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">Connected to mongodb</span><span class="dl">'</span><span class="p">)</span> <span class="p">}</span> <span class="p">});</span> </code></pre> </div> <ol> <li>Create register function <ul> <li>Hash password using bcrypt module</li> <li>Create an user object</li> <li>Save User in the database</li> <li>Create payload then Generate an access token (if you ask about what is payload go for Structure of a JWT section) </li> </ul> </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">exports</span><span class="p">.</span><span class="nx">register</span> <span class="o">=</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">//Hash password</span> <span class="kd">const</span> <span class="nx">salt</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">bcrypt</span><span class="p">.</span><span class="nf">genSalt</span><span class="p">(</span><span class="mi">10</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">hasPassword</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">bcrypt</span><span class="p">.</span><span class="nf">hash</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">.</span><span class="nx">password</span><span class="p">,</span> <span class="nx">salt</span><span class="p">);</span> <span class="c1">// Create an user object</span> <span class="kd">let</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">User</span><span class="p">({</span> <span class="na">email</span><span class="p">:</span> <span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">.</span><span class="nx">email</span><span class="p">,</span> <span class="na">name</span><span class="p">:</span> <span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">.</span><span class="nx">name</span><span class="p">,</span> <span class="na">password</span><span class="p">:</span> <span class="nx">hasPassword</span><span class="p">,</span> <span class="na">user_type_id</span><span class="p">:</span> <span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">.</span><span class="nx">user_type_id</span> <span class="p">})</span> <span class="c1">// Save User in the database</span> <span class="nx">user</span><span class="p">.</span><span class="nf">save</span><span class="p">((</span><span class="nx">err</span><span class="p">,</span> <span class="nx">registeredUser</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="c1">// create payload then Generate an access token</span> <span class="kd">let</span> <span class="nx">payload</span> <span class="o">=</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="nx">registeredUser</span><span class="p">.</span><span class="nx">_id</span><span class="p">,</span> <span class="na">user_type_id</span><span class="p">:</span> <span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">.</span><span class="nx">user_type_id</span> <span class="o">||</span> <span class="mi">0</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="nx">jwt</span><span class="p">.</span><span class="nf">sign</span><span class="p">(</span><span class="nx">payload</span><span class="p">,</span> <span class="nx">config</span><span class="p">.</span><span class="nx">TOKEN_SECRET</span><span class="p">);</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">200</span><span class="p">).</span><span class="nf">send</span><span class="p">({</span> <span class="nx">token</span> <span class="p">})</span> <span class="p">}</span> <span class="p">})</span> <span class="p">}</span> </code></pre> </div> <h2> After the authentication service is up and <strong>running</strong>, let's send a POST request and see if registration works or not. </h2> <ul> <li>I will be using the rest-client <strong>Postman</strong> to do this. Feel free to use any rest-client you prefer or something like Insomnia to do this. <ul> <li>Let's send a post request to the <code>http://localhost:3000/api/register</code> endpoint with the following JSON: <code>{ "email":"d@a.hh", "name" : "lotfy", "password": "123456", "user_type_id":1 }</code> </li> <li>You should get the access token as the response: <code>{ "Token": "eyJhbGciOiJIUz..." }</code> </li> </ul> </li> </ul> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fv6yq8kntfebsesnztos7.PNG" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fv6yq8kntfebsesnztos7.PNG" alt="Alt Text" width="800" height="372"></a></p> <h3> Step (4) </h3> <p>Now we register for new user and token receive token as response<br> we need to login with user credentials </p> <ol> <li>create login function <ul> <li>compare Hashed password with credentials</li> <li>create payload then Generate an access token and return token in headers </li> </ul> </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">exports</span><span class="p">.</span><span class="nx">login</span> <span class="o">=</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">User</span><span class="p">.</span><span class="nf">findOne</span><span class="p">({</span> <span class="na">email</span><span class="p">:</span> <span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">.</span><span class="nx">email</span> <span class="p">},</span> <span class="k">async </span><span class="p">(</span><span class="nx">err</span><span class="p">,</span> <span class="nx">user</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">user</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">validPass</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">bcrypt</span><span class="p">.</span><span class="nf">compare</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">.</span><span class="nx">password</span><span class="p">,</span> <span class="nx">user</span><span class="p">.</span><span class="nx">password</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">validPass</span><span class="p">)</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">401</span><span class="p">).</span><span class="nf">send</span><span class="p">(</span><span class="dl">"</span><span class="s2">Mobile/Email or Password is wrong</span><span class="dl">"</span><span class="p">);</span> <span class="c1">// Create and assign token</span> <span class="kd">let</span> <span class="nx">payload</span> <span class="o">=</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="nx">user</span><span class="p">.</span><span class="nx">_id</span><span class="p">,</span> <span class="na">user_type_id</span><span class="p">:</span> <span class="nx">user</span><span class="p">.</span><span class="nx">user_type_id</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="nx">jwt</span><span class="p">.</span><span class="nf">sign</span><span class="p">(</span><span class="nx">payload</span><span class="p">,</span> <span class="nx">config</span><span class="p">.</span><span class="nx">TOKEN_SECRET</span><span class="p">);</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">200</span><span class="p">).</span><span class="nf">header</span><span class="p">(</span><span class="dl">"</span><span class="s2">auth-token</span><span class="dl">"</span><span class="p">,</span> <span class="nx">token</span><span class="p">).</span><span class="nf">send</span><span class="p">({</span> <span class="dl">"</span><span class="s2">token</span><span class="dl">"</span><span class="p">:</span> <span class="nx">token</span> <span class="p">});</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">401</span><span class="p">).</span><span class="nf">send</span><span class="p">(</span><span class="dl">'</span><span class="s1">Invalid mobile</span><span class="dl">'</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> <span class="p">})</span> <span class="p">}</span> </code></pre> </div> <h2> let's send a POST request and see if Login works or not. </h2> <ul> <li>Let's send a post request to the <code>http://localhost:3000/api/login</code> endpoint with the following JSON: <code>{ "email":"d@a.hh", "password": "123456" }</code> </li> <li>You should get the sucess with 200 code and access token in the header of response: <code> "auth-token": "eyJhbGciOiJIUz..." </code> <img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fymbqaz4ee3vybuiexepu.PNG" alt="Login" width="800" height="342"> </li> </ul> <h1> How apply Authorization ?! <a></a> </h1> <p>As we mentioned in Authentication steps (register/login) <br> We added property called "user_type_id" which is identifier for type of user is request this data</p> <h3> Step (1) </h3> <p>Now we need if the request for logged in user or some hack my APIs<br> let's move to our auth file in <code>(middleware/auth.js)</code></p> <ul> <li>Check if request have an access token</li> <li>Remove Bearer from string which added in header of request</li> <li>Verify User Token with my token <code>secretKey</code> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">exports</span><span class="p">.</span><span class="nx">verifyUserToken</span> <span class="o">=</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">,</span> <span class="nx">next</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">let</span> <span class="nx">token</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">headers</span><span class="p">.</span><span class="nx">authorization</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">token</span><span class="p">)</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">401</span><span class="p">).</span><span class="nf">send</span><span class="p">(</span><span class="dl">"</span><span class="s2">Access Denied / Unauthorized request</span><span class="dl">"</span><span class="p">);</span> <span class="k">try</span> <span class="p">{</span> <span class="nx">token</span> <span class="o">=</span> <span class="nx">token</span><span class="p">.</span><span class="nf">split</span><span class="p">(</span><span class="dl">'</span><span class="s1"> </span><span class="dl">'</span><span class="p">)[</span><span class="mi">1</span><span class="p">]</span> <span class="c1">// Remove Bearer from string</span> <span class="k">if </span><span class="p">(</span><span class="nx">token</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">null</span><span class="dl">'</span> <span class="o">||</span> <span class="o">!</span><span class="nx">token</span><span class="p">)</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">401</span><span class="p">).</span><span class="nf">send</span><span class="p">(</span><span class="dl">'</span><span class="s1">Unauthorized request</span><span class="dl">'</span><span class="p">);</span> <span class="kd">let</span> <span class="nx">verifiedUser</span> <span class="o">=</span> <span class="nx">jwt</span><span class="p">.</span><span class="nf">verify</span><span class="p">(</span><span class="nx">token</span><span class="p">,</span> <span class="nx">config</span><span class="p">.</span><span class="nx">TOKEN_SECRET</span><span class="p">);</span> <span class="c1">// config.TOKEN_SECRET =&gt; 'secretKey'</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">verifiedUser</span><span class="p">)</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">401</span><span class="p">).</span><span class="nf">send</span><span class="p">(</span><span class="dl">'</span><span class="s1">Unauthorized request</span><span class="dl">'</span><span class="p">)</span> <span class="nx">req</span><span class="p">.</span><span class="nx">user</span> <span class="o">=</span> <span class="nx">verifiedUser</span><span class="p">;</span> <span class="c1">// user_id &amp; user_type_id</span> <span class="nf">next</span><span class="p">();</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">400</span><span class="p">).</span><span class="nf">send</span><span class="p">(</span><span class="dl">"</span><span class="s2">Invalid Token</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <ul> <li>Now we need know type for logged-in user </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">exports</span><span class="p">.</span><span class="nx">IsUser</span> <span class="o">=</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">,</span> <span class="nx">next</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nx">user_type_id</span> <span class="o">===</span> <span class="mi">0</span><span class="p">)</span> <span class="p">{</span> <span class="nf">next</span><span class="p">();</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">401</span><span class="p">).</span><span class="nf">send</span><span class="p">(</span><span class="dl">"</span><span class="s2">Unauthorized!</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="nx">exports</span><span class="p">.</span><span class="nx">IsAdmin</span> <span class="o">=</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">,</span> <span class="nx">next</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nx">user_type_id</span> <span class="o">===</span> <span class="mi">1</span><span class="p">)</span> <span class="p">{</span> <span class="nf">next</span><span class="p">();</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">401</span><span class="p">).</span><span class="nf">send</span><span class="p">(</span><span class="dl">"</span><span class="s2">Unauthorized!</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <h3> Step (2) </h3> <p>Now we verified user but need to <strong>know is this route for administrators or regular user</strong><br> with my <strong>authentication middleware</strong> to check routes with user type to file <code>(routers/index.js)</code></p> <ul> <li>If these valid conditions call get user events function </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Auth user only</span> <span class="nx">router</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/events</span><span class="dl">'</span><span class="p">,</span> <span class="nx">verifyUserToken</span><span class="p">,</span> <span class="nx">IsUser</span><span class="p">,</span> <span class="nx">userController</span><span class="p">.</span><span class="nx">userEvent</span><span class="p">);</span> <span class="c1">// Auth Admin only</span> <span class="nx">router</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/special</span><span class="dl">'</span><span class="p">,</span> <span class="nx">verifyUserToken</span><span class="p">,</span> <span class="nx">IsAdmin</span><span class="p">,</span> <span class="nx">userController</span><span class="p">.</span><span class="nx">adminEvent</span><span class="p">);</span> </code></pre> </div> <h3> let's send a request and see if <strong>special route</strong> works for <strong>admin user with user_type_id == 1</strong>. </h3> <ul> <li><p>Let's send a post request to the <code>http://localhost:3000/api/special</code> endpoint with the following authorization header with TYPE <code>Bearer Token</code> and value of token:<code>eyJhbGciOiJIUz...</code></p></li> <li><p>You should get the success with 200 code and the special events array as a response:<br> <code>{ "_id": "1", "name": "Auto Expo Special", <br> "description": "lorem ipsum", "date": "2012-04-23T18:25:43.511Z" } .....<br> </code><br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fr8gm0ijy8f4cra66vrlx.PNG" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fr8gm0ijy8f4cra66vrlx.PNG" alt="special Array" width="800" height="456"></a></p></li> </ul> <h1> Conclusion ?! <a></a> </h1> <p>In this article, we have introduced you to JWT and how to implement JWT with Express. I hope that now you have a piece of good knowledge about how JWT works </p> <p>The end Thank you for going through this tutorial. If you notice any errors please report them to me. If you got stuck on any step, please refer to this <a href="https://github.com/mohamedlotfe/Auth-Using-JWT-with-Express/tree/main" rel="noopener noreferrer">GitHub repo</a>.</p> <p>You can contact me through:</p> <p>Gmail: <a href="mailto:mhmdlotfy9@gmail.com">mhmdlotfy9@gmail.com</a><br> or <a href="https://www.linkedin.com/in/mohamedlotfybasher/" rel="noopener noreferrer">Linkedin</a></p> javascript webdev career beginners Testing a REST API in Node JS with Express using Mocha and Chai ๐Ÿ˜Ž muhammed Lotfy Sun, 06 Dec 2020 21:40:06 +0000 https://dev.to/mhmdlotfy96/testing-a-rest-api-in-node-js-with-express-using-mocha-and-chai-1258 https://dev.to/mhmdlotfy96/testing-a-rest-api-in-node-js-with-express-using-mocha-and-chai-1258 <h1> Table Of Contents </h1> <ul> <li>What is Unit testing</li> <li>Why using Unit testing? </li> <li> Who use Unit testing? </li> <li>Conclusion</li> </ul> <h1> What is Unit testing ?! <a></a> </h1> <p>Is a software testing method by which individual <strong>units of source code</strong> and typically automated tests written and run by software developers to ensure that a section of an application (known as the "unit") meets its design and behaves as intended.</p> <h1> Why using Unit testing <a></a> </h1> <p>Testing is one of those things that people either love or hate. <strong>Usually testing is something that is hated</strong></p> <p><a href="https://i.giphy.com/media/KGSxFwJJHQPsKzzFba/giphy.gif" class="article-body-image-wrapper"><img src="https://i.giphy.com/media/KGSxFwJJHQPsKzzFba/giphy.gif" alt="haa"></a></p> <ul> <li><p>Until you work on a project with good tests and you <strong>realize how amazing</strong> they are.<br> I will talk about the code you need in order to write tests in JavaScript using <strong>chai and mocha</strong>, as well as show you some pitfalls of testing.</p></li> <li> <p>At the end of the article I will breakdown the importance of testing and some <strong>best practices</strong> you can adhere to in order to make your tests amazing.</p> </li> </ul> <h1> Who use Unit testing ?! <a></a> </h1> <p>To get started in this trip, I have simple REST APIs already created (Get, Post, etc.)</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fwcpy6dq0x49jy6rshawn.PNG" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fwcpy6dq0x49jy6rshawn.PNG" alt="Git API"></a></p> <ul> <li><p>And these are very simple server-side Nodejs with Express APIs <a href="https://github.com/mohamedlotfe/unit-testing-api-nodejs/tree/master" rel="noopener noreferrer">GitHub repository link</a><br> in our case we have a route get all tasks which response with a small array of tasks.</p></li> <li><p>As we mentioned at the beginning of this article we gonna talking about testing and how to test on JavaScript and an the easiest way to that in my opinion is to use both library(chai and mocha)</p></li> </ul> <h2> <strong>Chai</strong> is an assertion library for NodeJS and browser with three styles [ should, Expect, Assert] </h2> <h2> <strong>Mocha</strong> is a testing framework for JavaScript, each is an incredibly and well-built testing library for JavaScript </h2> <p><a href="https://i.giphy.com/media/XyaQAnihoZBU3GmFPl/giphy.gif" class="article-body-image-wrapper"><img src="https://i.giphy.com/media/XyaQAnihoZBU3GmFPl/giphy.gif" alt="Lets Start"></a></p> <h3> 1.In order to <strong>start</strong> this all we need to do is to <strong>install</strong> two libraries with </h3> <h4> <code>run npm i mocha chai --save--dev</code> </h4> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F6i237vjxtmtfsy8u8o8x.PNG" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F6i237vjxtmtfsy8u8o8x.PNG" alt="Alt Text"></a></p> <h3> 2.Now that is done downloading we come here where <strong>we have test script</strong> and we can change this by typing in <code>"test": "mocha"</code> </h3> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fldmy6dasv9418zr9ilk3.PNG" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fldmy6dasv9418zr9ilk3.PNG" alt="Alt Text"></a></p> <h3> 3.So to get started creating first test all need to do is <strong>create folder called test</strong> and add <strong>a new file task.js</strong> give it the exact same name as file you want to test in our case we will test </h3> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fsifj5x5n1mzeqtse19al.PNG" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fsifj5x5n1mzeqtse19al.PNG" alt="Alt Text"></a></p> <h3> 4.Now inside this file all need to do to <strong>import routes file (task.js)</strong> including all APIs and in order to write test we need to <strong>import chai then adding Assertion</strong> </h3> <p>'<a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fiz497vd3gvofkfymohbf.PNG" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fiz497vd3gvofkfymohbf.PNG" alt="Alt Text"></a></p> <h3> 5.Now we are able to call our RESTful APIs and in order to use <strong>mocha</strong> describe our test let's call it <code>tasks API</code>, then we define an arrow function so first task to describe Get API let's call it <code>Get-All-Tasks</code> then user <strong>It</strong> to describe what our API do <code>it should Get all the tasks</code> </h3> <h3> 6.Here we use <strong>chai</strong> with <code>chai.request(server)</code> and <strong>test</strong> our Get API <code>.get("/api/tasks")</code> the we <strong>expect</strong> using <code>.end((err, response)</code> which will receive error and response so we <strong>expect</strong> a successful results so response should have <strong>status 200</strong> and <strong>body should be an array with 3 tasks</strong> </h3> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fs9e41twrq2hgm1lsw26h.PNG" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fs9e41twrq2hgm1lsw26h.PNG" alt="Alt Text"></a></p> <h3> 7.finally call <code>Done()</code>, and <strong>run</strong> using <code>npm test</code> and the test run successfully </h3> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fe5luxocqvaet6hhnzqiu.PNG" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fe5luxocqvaet6hhnzqiu.PNG" alt="Alt Text"></a></p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhwfnyr2y5yedqlegin0z.gif" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhwfnyr2y5yedqlegin0z.gif" alt="celebrate"></a></p> <h3> If you need to request wrong route to show API response we make small changes </h3> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fx411l5dlkdi8f1znqi3b.PNG" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fx411l5dlkdi8f1znqi3b.PNG" alt="Alt Text"></a></p> <h3> Test the GET (by Id) route the same steps but we will add task id and in response we will check for returned properties </h3> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fz9o2wk42d0t2tuyj2hos.PNG" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fz9o2wk42d0t2tuyj2hos.PNG" alt="Alt Text"></a></p> <h1> Conclusion <a></a> </h1> <h3> <strong>Testing</strong> one of the most important skills you can known as a developer, It's something a lot of people don't teach or focus on but if you known testing, It's gonna set you apart from every other developers that doesn't known testing and give you extra leg up when you <strong>applying for jobs</strong> </h3> javascript testing webdev