In this article, I'll walk through the process of setting up user authentication using Express, MongoDB, and JSON Web Tokens (JWT). This will allow you to implement user signup, login, and protect routes that require authentication.
Let's Dive Right In 😁😁
Prerequisites
Make sure you have Node.js installed on your machine. Additionally, create a new directory for your project and initialize it with the following dependencies:
npm init -y
npm install express mongoose dotenv jsonwebtoken bcrypt
This process should look like this:
Create your main entry file, .env and .gitignore if you wish to push your code
touch index.js .env .gitignore
Project Setup
- We'll import our packages into
index.js
and setup our express server.
const express = require('express');
const dotenv = require('dotenv');
dotenv.config();
const app = express();
const PORT = process.env.PORT || 3000;
app.use(express.json());
app.listen(PORT, () => {
console.log(`Server is running on port ${PORT}`);
});
Make sure your script is set in your package.json. Now when I do
npm run dev
on my terminal I should haveServer is running on port 5500
And do not forget to also declare your PORT in the .env file.
- I would quickly 😋😋 add a root entry file > Now my code looks like this
const express = require('express');
const dotenv = require('dotenv');
dotenv.config();
const app = express();
const PORT = process.env.PORT || 3000;
app.use(express.json());
app.get('/', (req, res)=> {
res.send('Welcome to Nodejs Authentication Tutorial')
})
app.listen(PORT, () => {
console.log(`Server is running on port ${PORT}`);
});
- I'll create a folder called
config
to hold my database file which I would calldatabase.js
> Now I would configure my database, mydatabase.js
folder would look like this:
const mongoose = require('mongoose');
exports.connectDb = async () => {
try {
await mongoose.connect(process.env.MONGODB_URI);
console.log("MongoDB connection Established...");
} catch (error) {
console.error(error.message);
}
}
- I would import the database function into the
index.js
file and fire it. > Your index.js file should look like this now
const express = require("express");
const dotenv = require("dotenv");
const { connectDb } = require("./config/database");
dotenv.config();
const app = express();
const PORT = process.env.PORT || 3000;
// Iinitialized Database Configuration
connectDb();
app.use(express.json());
// Root Entry
app.get("/", (req, res) => {
res.send("Welcome to Nodejs Authentication Tutorial");
});
// Listened to the PORT
app.listen(PORT, () => {
console.log(`Server is running on port ${PORT}`);
});
- Let's define our user Schema For Mongodb, we'll be accepting just two fields
username and password
> We'll create a folder calledmodels
and a file calleduserModels.js
> MyuserModels.js
file looks like this now
const mongoose = require('mongoose');
const userSchema = new mongoose.Schema({
username: { type: String, required: true },
password: { type: String, required: true }
});
const User = mongoose.model('User', userSchema);
module.exports = User;
- Now let's create a folder called
controller
and a file calleduserController.js
> Now YouruserController.js
should look like this
const bcrypt = require("bcrypt");
const jwt = require("jsonwebtoken");
const User = require("../models/userModels");
exports.signUp = async (req, res) => {
try {
const { username, password } = req.body;
// Check If The Input Fields are Valid
if (!username || !password) {
return res
.status(400)
.json({ message: "Please Input Username and Password" });
}
// Check If User Exists In The Database
const existingUser = await User.findOne({ username });
if (existingUser) {
return res.status(400).json({ message: "User Already Exists" });
}
// Hash The User's Password
const saltRounds = 10;
const hashedPassword = await bcrypt.hash(password, saltRounds);
// Save The User To The Database
const newUser = new User({
username,
password: hashedPassword,
});
await newUser.save();
return res
.status(201)
.json({ message: "User Created Successfully", newUser });
} catch (error) {
console.log(error.message);
return res.status(500).json({ message: "Error creating user" });
}
};
- Now we create our
routes
folder anduser.Routes.js
file > Now theuser.Routes.js
file should look like this;
const express = require('express');
const { signUp } = require('../controller/userController');
const router = express.Router();
router.post('/signup', signUp);
module.exports = router;
- We'll import our Router into the
index.js
file > We'll add these two lines of code to ourindex.js
file
const userRouter = require("./routes/user.Routes");
app.use("/api/v1/user", userRouter);
Now
index.js
Should look like this
const express = require("express");
const dotenv = require("dotenv");
const { connectDb } = require("./config/database");
const userRouter = require("./routes/user.Routes");
dotenv.config();
const app = express();
const PORT = process.env.PORT || 3000;
// Iinitialized Database Configuration
connectDb();
app.use(express.json());
// Import The User Route
app.use("/api/v1/user", userRouter);
// Root Entry
app.get("/", (req, res) => {
res.send("Welcome to Nodejs Authentication Tutorial");
});
// Listened to the PORT
app.listen(PORT, () => {
console.log(`Server is running on port ${PORT}`);
});
Now Let's Test, I would be using thunder client
You test with this routehttp://localhost:5500/api/v1/user/signup
You can install MongoDB compass to also check
Now We Can Try Login
Right inside your
userController.js
we'll write the lines of code for login. And That Should Look like this
exports.login = async (req, res) => {
try {
const { username, password } = req.body;
// Check If The Input Fields are Valid
if (!username || !password) {
return res
.status(400)
.json({ message: "Please Input Username and Password" });
}
// Check If User Exists In The Database
const user = await User.findOne({ username });
if (!user) {
return res.status(401).json({ message: "Invalid username or password" });
}
// Compare Passwords
const passwordMatch = await bcrypt.compare(password, user.password);
if (!passwordMatch) {
return res.status(401).json({ message: "Invalid username or password" });
}
// Generate JWT Token
const token = jwt.sign(
{ userId: user._id, username: user.username },
process.env.SECRET_KEY || "1234!@#%<{*&)",
{ expiresIn: "1h" }
);
return res
.status(200)
.json({ message: "Login Successful", data: user, token });
} catch (error) {
console.log(error.message);
return res.status(500).json({ message: "Error during login" });
}
};
- We need to add
login
to ouruser.Routes.js
file
const express = require('express');
const { signUp, login } = require('../controller/userController');
const router = express.Router();
router.post('/signup', signUp);
router.post('/login', login);
module.exports = router;
Now we Test Our Login at http://localhost:5500/api/v1/user/login
So we Unhashed the password, logged and Attached Jwt to the User successfully.
Lets Do One Last thing Let's Find all Users But we'll make the Route Protected by Jwt
So we'll add this to the
userController.js
file
exports.getAllUsers = async (req, res) => {
try {
// Retrieve all users from the database
const users = await User.find({}, { password: 0 }); // Exclude the password field from the response
return res.status(200).json({ users });
} catch (error) {
console.log(error.message);
return res.status(500).json({ message: "Error fetching users" });
}
};
We'll add this to the routes
const express = require('express');
const { signUp, login, getAllUsers } = require('../controller/userController');
const router = express.Router();
router.GET('/allusers', getAllUsers);
router.post('/signup', signUp);
router.post('/login', login);
module.exports = router;
When you test on
http://localhost:5500/api/v1/user/allusers
You should get All the users you have in your DatabaseNow can protect this route with our Jwt Token, Let's create a file called
isAuth.js
in ourconfig
folder and it would look like this
const jwt = require("jsonwebtoken");
exports.verifyToken = async (req, res, next) => {
try {
const token = req.headers.authorization.split(" ")[1];
if (!token) {
return res.status(401).json({ error: "Unauthorized" });
}
const decoded = await jwt.verify(token, process.env.SECRET_KEY);
if (!decoded) {
throw new Error();
}
req.user = decoded;
next();
} catch (error) {
console.log(error);
return res.status(500).json({ message: "Error Validating Token" });
}
};
Now we need to import
verifyToken
into our Route
And now our Route looks like this
const express = require('express');
const { signUp, login, getAllUsers } = require('../controller/userController');
const { verifyToken } = require('../config/isAuth');
const router = express.Router();
router.get('/allusers', verifyToken, getAllUsers);
router.post('/signup', signUp);
router.post('/login', login);
module.exports = router;
And We Are Done
Here's a Link To The Github repo for this Project
Please leave a Like And A Comment If This Article Was Helpful And Probably you have any questions. Untill Next Time
Top comments (0)