DEV Community: Shubham Shukla The latest articles on DEV Community by Shubham Shukla (@shubham_shukla_e7d7ffa221). https://dev.to/shubham_shukla_e7d7ffa221 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3658192%2F51deef4a-6cdf-40f7-adc6-f21db4a2adb6.jpg DEV Community: Shubham Shukla https://dev.to/shubham_shukla_e7d7ffa221 en Why 90% Node.js Backends Die at Scale (And How to Fix Yours) Shubham Shukla Wed, 17 Dec 2025 13:29:44 +0000 https://dev.to/shubham_shukla_e7d7ffa221/why-90-nodejs-backends-die-at-scale-and-how-to-fix-yours-371g https://dev.to/shubham_shukla_e7d7ffa221/why-90-nodejs-backends-die-at-scale-and-how-to-fix-yours-371g <p>Node.js has become a popular choice for developing backend services due to its non-blocking I/O model and the ability to handle concurrent connections efficiently. However, many Node.js backends face significant challenges as they scale. Approximately 90% of them encounter difficulties that can lead to poor performance, system crashes, or scalability issues if not properly managed. Here, we'll explore why these problems occur and how you can prevent them in your projects.</p> <h3> <strong>Why Node.js Backends Face Problems at Scale</strong> </h3> <ol> <li><p><strong>Single-threaded Nature</strong>: Although this can be an advantage because it simplifies development and reduces overhead from context switching, it also means that CPU-bound tasks can block the event loop, leading to performance bottlenecks.</p></li> <li><p><strong>Improper Handling of Asynchronous Operations</strong>: Node.js relies heavily on asynchronous operations. If these aren't managed correctly (e.g., callback hell), it can lead to unmanageable code that’s hard to debug and optimize.</p></li> <li><p><strong>Memory Limitations</strong>: Node.js has a default memory limit (about 1.5 GB on 64-bit machines) that can be quickly reached under load, especially if not monitored and managed correctly, leading to crashes and downtime.</p></li> <li><p><strong>Over-reliance on Third-Party Modules</strong>: The Node ecosystem is rich with modules, but over-reliance on poorly understood or maintained third-party modules can introduce performance bottlenecks and security vulnerabilities.</p></li> <li><p><strong>Failure to Leverage Caching and Load Balancing</strong>: As applications scale, the inability to effectively distribute load or cache frequent requests leads to inefficiencies and increased response times.</p></li> </ol> <h3> <strong>Strategies to Fix and Scale Your Node.js Backend</strong> </h3> <h4> <strong>Optimize Code and Manage Asynchronous Operations</strong> </h4> <ul> <li> <strong>Refactor Callbacks to Promises/Async-Await</strong>: This not only cleans up the code but also makes it easier to handle errors and perform more complex asynchronous operations.</li> <li> <strong>Utilize Profiling Tools</strong>: Tools like Node.js built-in profiler or community tools such as Clinic.js can help identify CPU-intensive operations that block the event loop.</li> </ul> <h4> <strong>Implement Caching Mechanisms</strong> </h4> <ul> <li> <strong>In-memory Caches</strong>: Implement caching mechanisms like Redis to store frequently accessed data, reducing the need to fetch data from slower databases.</li> <li> <strong>Content Delivery Networks (CDN)</strong>: Use CDNs to cache and deliver content closer to users, decreasing load times.</li> </ul> <h4> <strong>Scale Vertically and Horizontally</strong> </h4> <ul> <li> <strong>Vertical Scaling (Scaling Up)</strong>: Increase the system resources (CPU, RAM) where the Node.js application is hosted. This can provide a temporary relief from performance bottlenecks.</li> <li> <strong>Horizontal Scaling (Scaling Out)</strong>: Expand the application across multiple machines or instances. Utilize load balancers to distribute incoming requests across several servers.</li> </ul> <h4> <strong>Utilize Clustering</strong> </h4> <ul> <li> <strong>Node’s Cluster Module</strong>: It allows you to create child processes that all share server ports. By spreading the load across multiple process forks, the application can handle more tasks in parallel.</li> </ul> <h4> <strong>Memory Management</strong> </h4> <ul> <li> <strong>Increase the Memory Limit</strong>: You can increase Node.js’s default memory limit using the <code>--max-old-space-size</code> parameter, but this should be done cautiously.</li> <li> <strong>Leaks Detection</strong>: Employ tools like <code>memwatch</code> or <code>node-memwatch</code> to detect and fix memory leaks in your application.</li> </ul> <h4> <strong>Strong Logging and Monitoring</strong> </h4> <ul> <li> <strong>Implement Robust Logging</strong>: Use logging tools (like Winston or Bunyan) to capture and analyze logs to quickly identify and react to issues.</li> <li> <strong>Monitoring</strong>: Tools like PM2, New Relic, or Datadog can track application performance and help spot trends that might indicate scalability problems.</li> </ul> <h4> <strong>Database Optimization</strong> </h4> <ul> <li> <strong>Optimize Queries</strong>: Ensure that your database queries are efficient and paginate results to avoid large data transfers.</li> <li> <strong>Connection Pooling</strong>: Use connection pooling to reduce the overhead of establishing connections to the database repeatedly.</li> </ul> node coding programming Building a To-Do App Using Node.js, Drizzle, and Sequelize Shubham Shukla Sat, 13 Dec 2025 10:56:58 +0000 https://dev.to/shubham_shukla_e7d7ffa221/building-a-to-do-app-using-nodejs-drizzle-and-sequelize-27o8 https://dev.to/shubham_shukla_e7d7ffa221/building-a-to-do-app-using-nodejs-drizzle-and-sequelize-27o8 <h1> Building a To-Do App Using Node.js, Drizzle, and Sequelize </h1> <p>In the realm of creating to-do lists, it seems developers have an uncanny obsession. Maybe it's because it gives us the illusion that we, too, can be <em>organized</em> by merely coding our way there. Today, we shall embark on a journey to build yet another to-do app using Node.js, but this time with a sprinkle of Drizzle for that sleek frontend, and Sequelize to interact with our database like we're chatting up an old friend.</p> <h2> Prerequisites </h2> <p>Before we start, let's ensure you've got the necessary tools in your developer toolbox:</p> <ul> <li>Node.js installed (preferably the version that doesn’t scream at you with deprecation warnings).</li> <li>Basic understanding of how to use npm or yarn without causing a dependency apocalypse.</li> <li>A fresh cup of coffee or your choice of a productivity potion.</li> </ul> <p>Let’s break down the app into manageable chunks:</p> <h3> 1. Setting Up the Backend </h3> <h4> <strong>Initialize Node Project</strong> </h4> <p>Open your terminal and run these magical incantations:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">mkdir </span>todo-drizzle <span class="nb">cd </span>todo-drizzle npm init <span class="nt">-y</span> npm <span class="nb">install </span>express sequelize sqlite3 body-parser </code></pre> </div> <p>Here, <code>express</code> is our trusty server, <code>sequelize</code> is our ORM to manage database interactions, and <code>sqlite3</code> is our lightweight DB friend, perfect for development phases.</p> <h4> <strong>Setup Sequelize</strong> </h4> <p>Create a new folder called <code>models</code>, and inside, create a file called <code>task.js</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="p">{</span> <span class="nx">Sequelize</span><span class="p">,</span> <span class="nx">DataTypes</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">sequelize</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">sequelize</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Sequelize</span><span class="p">({</span> <span class="na">dialect</span><span class="p">:</span> <span class="dl">'</span><span class="s1">sqlite</span><span class="dl">'</span><span class="p">,</span> <span class="na">storage</span><span class="p">:</span> <span class="dl">'</span><span class="s1">database.sqlite</span><span class="dl">'</span><span class="p">,</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">Task</span> <span class="o">=</span> <span class="nx">sequelize</span><span class="p">.</span><span class="nf">define</span><span class="p">(</span><span class="dl">'</span><span class="s1">Task</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">description</span><span class="p">:</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="nx">DataTypes</span><span class="p">.</span><span class="nx">STRING</span><span class="p">,</span> <span class="na">allowNull</span><span class="p">:</span> <span class="kc">false</span> <span class="p">},</span> <span class="na">completed</span><span class="p">:</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="nx">DataTypes</span><span class="p">.</span><span class="nx">BOOLEAN</span><span class="p">,</span> <span class="na">defaultValue</span><span class="p">:</span> <span class="kc">false</span> <span class="p">}</span> <span class="p">});</span> <span class="nx">module</span><span class="p">.</span><span class="nx">exports</span> <span class="o">=</span> <span class="p">{</span> <span class="nx">sequelize</span><span class="p">,</span> <span class="nx">Task</span> <span class="p">};</span> </code></pre> </div> <h4> <strong>Build Express Server</strong> </h4> <p>Create a new file called <code>server.js</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">express</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">express</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">bodyParser</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">body-parser</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">sequelize</span><span class="p">,</span> <span class="nx">Task</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">./models/task</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="nf">express</span><span class="p">();</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nx">bodyParser</span><span class="p">.</span><span class="nf">json</span><span class="p">());</span> <span class="nx">app</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">'</span><span class="s1">/tasks</span><span class="dl">'</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">description</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">;</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">task</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">Task</span><span class="p">.</span><span class="nf">create</span><span class="p">({</span> <span class="nx">description</span> <span class="p">});</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">201</span><span class="p">).</span><span class="nf">send</span><span class="p">(</span><span class="nx">task</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">500</span><span class="p">).</span><span class="nf">send</span><span class="p">(</span><span class="nx">error</span><span class="p">.</span><span class="nx">message</span><span class="p">);</span> <span class="p">}</span> <span class="p">});</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/tasks</span><span class="dl">'</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">tasks</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">Task</span><span class="p">.</span><span class="nf">findAll</span><span class="p">();</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">200</span><span class="p">).</span><span class="nf">send</span><span class="p">(</span><span class="nx">tasks</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">500</span><span class="p">).</span><span class="nf">send</span><span class="p">(</span><span class="nx">error</span><span class="p">.</span><span class="nx">message</span><span class="p">);</span> <span class="p">}</span> <span class="p">});</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">assertDatabaseConnectionOk</span><span class="p">()</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`Checking database connection...`</span><span class="p">);</span> <span class="k">try</span> <span class="p">{</span> <span class="k">await</span> <span class="nx">sequelize</span><span class="p">.</span><span class="nf">authenticate</span><span class="p">();</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">Database connection OK!</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">Unable to connect to the database:</span><span class="dl">'</span><span class="p">);</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">error</span><span class="p">.</span><span class="nx">message</span><span class="p">);</span> <span class="nx">process</span><span class="p">.</span><span class="nf">exit</span><span class="p">(</span><span class="mi">1</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">init</span><span class="p">()</span> <span class="p">{</span> <span class="k">await</span> <span class="nf">assertDatabaseConnectionOk</span><span class="p">();</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`Starting Sequelize + Express example on port 3000...`</span><span class="p">);</span> <span class="nx">app</span><span class="p">.</span><span class="nf">listen</span><span class="p">(</span><span class="mi">3000</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`Server up and running on http://localhost:3000/`</span><span class="p">);</span> <span class="p">});</span> <span class="p">}</span> <span class="nf">init</span><span class="p">();</span> </code></pre> </div> <h3> 2. Setting Up the Frontend with Drizzle </h3> <p>For this guide, let’s assume Drizzle magically does all the frontend work. (Just kidding, you'd need something like React and <code>react-drizzle</code>, but that's a story for another day).</p> <p>However, let’s keep it simple here, as frontend setup can be quite extensive.</p> <h3> Common Mistakes and Misconceptions </h3> <ul> <li> <strong>Ignoring Async/Await</strong>: Remember that interacting with databases is asynchronous. Manage those promises well, or face the wrath of unresolved promises!</li> <li> <strong>Mutating State Directly</strong>: In your actual React/Drizzle frontend, never mutate state directly. Always use setters, or face potentially hours of debugging fun.</li> </ul> <h2> Conclusion </h2> <p>Building a to-do app with Node.js, Sequelize, and a dash of Drizzle (or its frontend equivalent) is a fantastic project to sharpen your full-stack prowess. Start simple, iterate, and remember—every to-do app you craft brings you closer to mastering the art of organizing not just tasks, but also your code.</p> <p>Happy coding, and may your coffee be strong and your bugs few!</p> Mastering JWT Authentication in Node.js: A Comprehensive Guide Shubham Shukla Fri, 12 Dec 2025 12:23:11 +0000 https://dev.to/shubham_shukla_e7d7ffa221/mastering-jwt-authentication-in-nodejs-a-comprehensive-guide-3ghe https://dev.to/shubham_shukla_e7d7ffa221/mastering-jwt-authentication-in-nodejs-a-comprehensive-guide-3ghe <p>Mastering JWT Authentication in Node.js: A Comprehensive Guide</p> <p>In the vast expanse of web development, securing your application is akin to safeguarding the One Ring. It's crucial, powerful, and if not handled correctly, can lead to catastrophic outcomes. Among the myriad of methods to achieve this, JWT (JSON Web Tokens) stands out as a beacon of hope, offering a compact and self-contained way for securely transmitting information between parties. When it comes to Node.js applications, implementing JWT authentication is akin to finding a secret passage that not only enhances security but also streamlines the user experience. So, let's embark on this adventure and master the art of JWT authentication in Node.js.</p> <h2> A Brief Primer on JWT </h2> <p>Before we dive into the deep end, let's quickly skim the surface. JWT, or JSON Web Token, is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA or ECDSA.</p> <p><strong>Why JWT?</strong> Well, because it's like having a Swiss Army knife in the realm of authentication. It's lightweight, easy to transport (can be passed in URLs, POST requests, or HTTP headers), and doesn’t require a trip to the server to validate each request, which makes it a perfect fit for scalable applications, especially those of the Single Page Application (SPA) variety.</p> <h2> Setting the Stage: The Node.js Environment </h2> <p>Imagine you're building a fortress (your Node.js app) in the realm of Mordor (the internet). The first thing you want is a secure gate (authentication mechanism). Here's how you start:</p> <p><strong>1. Initialize Your Node.js App</strong></p> <p>If you haven't already, create your Node.js application by initializing a new npm project:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">mkdir </span>my_jwt_auth_app <span class="nb">cd </span>my_jwt_auth_app npm init <span class="nt">-y</span> </code></pre> </div> <p><strong>2. Install Dependencies</strong></p> <p>For this guide, we'll use <code>express</code> as our web server, <code>jsonwebtoken</code> for generating and verifying JWTs, and <code>bcrypt</code> for hashing passwords. To install these, run:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install </span>express jsonwebtoken bcrypt dotenv </code></pre> </div> <p><code>dotenv</code> is our secret keeper, allowing us to load environment variables from a <code>.env</code> file into <code>process.env</code>, keeping our sensitive information, like the JWT secret, out of our source code.</p> <h2> Crafting the Authentication Mechanism </h2> <p>Now, let's get to the heart of it. Creating a JWT authentication system involves several stages: user registration, user login, verifying the token, and protecting routes.</p> <h3> 1. User Registration </h3> <p>First, we need a way to register new users. In your fortress, this is akin to enlisting new guardians. Let's set up a simple user registration route:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// app.js</span> <span class="kd">const</span> <span class="nx">express</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">express</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">bcrypt</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">bcrypt</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">jwt</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">jsonwebtoken</span><span class="dl">'</span><span class="p">);</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">dotenv</span><span class="dl">'</span><span class="p">).</span><span class="nf">config</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="nf">express</span><span class="p">();</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nx">express</span><span class="p">.</span><span class="nf">json</span><span class="p">());</span> <span class="kd">const</span> <span class="nx">users</span> <span class="o">=</span> <span class="p">[];</span> <span class="c1">// In a real application, you'd use a database</span> <span class="nx">app</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">'</span><span class="s1">/register</span><span class="dl">'</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">username</span><span class="p">,</span> <span class="nx">password</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">hashedPassword</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">bcrypt</span><span class="p">.</span><span class="nf">hash</span><span class="p">(</span><span class="nx">password</span><span class="p">,</span> <span class="mi">10</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="p">{</span> <span class="nx">username</span><span class="p">,</span> <span class="na">password</span><span class="p">:</span> <span class="nx">hashedPassword</span> <span class="p">};</span> <span class="nx">users</span><span class="p">.</span><span class="nf">push</span><span class="p">(</span><span class="nx">user</span><span class="p">);</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">201</span><span class="p">).</span><span class="nf">send</span><span class="p">(</span><span class="dl">'</span><span class="s1">User registered</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">500</span><span class="p">).</span><span class="nf">send</span><span class="p">(</span><span class="dl">'</span><span class="s1">Error registering new user</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="p">});</span> <span class="c1">// More routes will go here</span> <span class="kd">const</span> <span class="nx">PORT</span> <span class="o">=</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">PORT</span> <span class="o">||</span> <span class="mi">3000</span><span class="p">;</span> <span class="nx">app</span><span class="p">.</span><span class="nf">listen</span><span class="p">(</span><span class="nx">PORT</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`Server running on port </span><span class="p">${</span><span class="nx">PORT</span><span class="p">}</span><span class="s2">`</span><span class="p">));</span> </code></pre> </div> <h3> 2. User Login and Token Generation </h3> <p>Upon successful login, a JWT should be generated and sent back to the user. This token serves as a key to the gates of your fortress, granting access to its protected resources.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">app</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">'</span><span class="s1">/login</span><span class="dl">'</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">username</span><span class="p">,</span> <span class="nx">password</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="nx">users</span><span class="p">.</span><span class="nf">find</span><span class="p">(</span><span class="nx">u</span> <span class="o">=&gt;</span> <span class="nx">u</span><span class="p">.</span><span class="nx">username</span> <span class="o">===</span> <span class="nx">username</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">user</span> <span class="o">&amp;&amp;</span> <span class="k">await</span> <span class="nx">bcrypt</span><span class="p">.</span><span class="nf">compare</span><span class="p">(</span><span class="nx">password</span><span class="p">,</span> <span class="nx">user</span><span class="p">.</span><span class="nx">password</span><span class="p">))</span> <span class="p">{</span> <span class="c1">// User authenticated, generate a token</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="nx">jwt</span><span class="p">.</span><span class="nf">sign</span><span class="p">({</span> <span class="na">username</span><span class="p">:</span> <span class="nx">user</span><span class="p">.</span><span class="nx">username</span> <span class="p">},</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">JWT_SECRET</span><span class="p">,</span> <span class="p">{</span> <span class="na">expiresIn</span><span class="p">:</span> <span class="dl">'</span><span class="s1">2h</span><span class="dl">'</span> <span class="p">});</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span> <span class="nx">token</span> <span class="p">});</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">400</span><span class="p">).</span><span class="nf">send</span><span class="p">(</span><span class="dl">'</span><span class="s1">Invalid Credentials</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="p">});</span> </code></pre> </div> <h3> 3. Verifying the Token </h3> <p>Now that our guardians have their keys, we need a way to verify those keys each time they want to enter the fortress. This is where middleware comes in handy.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nf">authenticateToken</span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">,</span> <span class="nx">next</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">authHeader</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">headers</span><span class="p">[</span><span class="dl">'</span><span class="s1">authorization</span><span class="dl">'</span><span class="p">];</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="nx">authHeader</span> <span class="o">&amp;&amp;</span> <span class="nx">authHeader</span><span class="p">.</span><span class="nf">split</span><span class="p">(</span><span class="dl">'</span><span class="s1"> </span><span class="dl">'</span><span class="p">)[</span><span class="mi">1</span><span class="p">];</span> <span class="k">if </span><span class="p">(</span><span class="nx">token</span> <span class="o">==</span> <span class="kc">null</span><span class="p">)</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">sendStatus</span><span class="p">(</span><span class="mi">401</span><span class="p">);</span> <span class="nx">jwt</span><span class="p">.</span><span class="nf">verify</span><span class="p">(</span><span class="nx">token</span><span class="p">,</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">JWT_SECRET</span><span class="p">,</span> <span class="p">(</span><span class="nx">err</span><span class="p">,</span> <span class="nx">user</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">sendStatus</span><span class="p">(</span><span class="mi">403</span><span class="p">);</span> <span class="nx">req</span><span class="p">.</span><span class="nx">user</span> <span class="o">=</span> <span class="nx">user</span><span class="p">;</span> <span class="nf">next</span><span class="p">();</span> <span class="p">});</span> <span class="p">}</span> </code></pre> </div> <h3> 4. Protecting Routes </h3> <p>With our authentication mechanism in place, we can now protect our routes, ensuring that only those with a valid token can access them.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/protected</span><span class="dl">'</span><span class="p">,</span> <span class="nx">authenticateToken</span><span class="p">,</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span> <span class="na">message</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Welcome to the protected route, brave guardian.</span><span class="dl">"</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <h2> Conclusion: Securing Your Realm </h2> <p>Implementing JWT authentication in your Node.js app is like setting up a series of magical wards and guardians to protect your realm. It ensures that only those with the correct incantations (tokens) can access your most sacred treasures (resources). Remember, while JWT is powerful, it's essential to keep your secret safe, use HTTPS to prevent token theft, and consider token expiration and refresh strategies to maintain security.</p> <p>In the grand scheme of web development, mastering JWT authentication is just one part of building robust and secure applications. Yet, it's a critical step in ensuring that your digital fortress remains impregnable, safeguarding the data and trust of those who dwell within. Happy coding, and may your applications be ever secure!</p> webdev programming node javascript