I. Introduction
In most back-end application systems, authentication and user authorization are required. For example, when creating a website, of course you need to build the registration feature, login, decentralize admin, mod, member … There are some techniques to help you build this feature, for example: using Sessions , or newer is JWT.
Through this article, we will together build an example Node.js + MongoDB application supporting User Authentication (registration, login) and Authorization by JSONWebToken (JWT).
II. Differences “Authentication” and “Authorization”
Do these two terms sound the same? However, they are a bit different. I will not go into detail about their performance. In this section, I just want to highlight the features so that you can distinguish Authentication and Authorization.
1.1. Authentication
Authentication is the process in which the system checks and determines the identity of a user or another system that is accessing the current system.
Understandably, the Authentication process finds an answer to the question: “Who are you?”
The Authentication process is very popular, most CMS related to content management and user interaction do. Currently, authentication is mainly based on two information: username and password.
1.2. Authorization
Similarly, the authorization process answers the question: “What are you allowed to do?”.
Technically, authorization is usually done after authentication is over. That is, after knowing who you are, the next step determines what you are allowed to do in the system.
III. Token Based Authentication
Compared to Session-based authentication, you need to store the Session in Cookies. The biggest advantage of Token-base authentication is to store JSON Web Token (JWT) on the client such as: Local Storage on Browser, Keychain in iOS app or SharedPreferences in Android application, etc.
Therefore, we do not need to build a satellite project or an additional authentication module to support non-browser applications (eg Android mobile applications, iOS …)
Below is a diagram of JWT’s activity flow.
There are 3 important components of JWT:
- Header
- Payload
- Signature
They are combined together to form a standard structure:
1 2 | header <span class="token punctuation">.</span> payload <span class="token punctuation">.</span> signature |
Client application often attaches JWTs to the header with the Bearer prefix:
1 2 | Authorization <span class="token punctuation">:</span> Bearer <span class="token punctuation">[</span> header <span class="token punctuation">]</span> <span class="token punctuation">.</span> <span class="token punctuation">[</span> payload <span class="token punctuation">]</span> <span class="token punctuation">.</span> <span class="token punctuation">[</span> signature <span class="token punctuation">]</span> |
Or just add an x-access-token field in the header
1 2 | x <span class="token operator">-</span> access <span class="token operator">-</span> token <span class="token punctuation">:</span> <span class="token punctuation">[</span> header <span class="token punctuation">]</span> <span class="token punctuation">.</span> <span class="token punctuation">[</span> payload <span class="token punctuation">]</span> <span class="token punctuation">.</span> <span class="token punctuation">[</span> signature <span class="token punctuation">]</span> |
IV. Practice Node.js & MongoDB User Authentication
After learning about the theory, now is the time to get started. We will build a Node.js + Express application with user authentication + authorization, in which:
- Users can register a new account or login if they already have an account.
- Decentralize user accounts by role (admin, moderator, user). For each role, users have different rights to access resources.
Here is a list of the essential APIs:
V. Flow program for Signup & Login feature
Below is a diagram that describes the process a Node.js application will perform for the Authentication (User Registration, User Login) and Authorization features.
A valid JWT to access system resources must have an x-access-token field in the HTTP Header.
BECAUSE. Node.js Express Architecture for Authentication & Authorization
The figure below shows an overview of the application architecture using Node.js + Express for authentication & authorization.
Through Express, HTTP requests that are valid and correct with the designated route (see Table 3.1 for the list of APIs used in the app) will be checked by CORS Middleware before entering the Security layer.
Security layer includes:
- JWT Authentication Middleware: is responsible for verifying SignUp, token chain.
- Authorization Middleware: Checks the role of the login user with the information stored in the database.
If there is any error during the whole process above, it will immediately respond to the client as an HTTP response (error code).
The techniques used for this example (version may differ in the future but should not be a problem):
- Express 4.17.1
- bcryptjs 2.4.3
- jsonwebtoken 8.5.1
- mongoose 5.9.1
- MongoDB
For your development environment, you will need to install the following software in advance:
- Nodejs: Detailed instruction to install Node + Npm
- MongoDB: this is the database management software.
- Download and install Visual code or Sublime Text 3: to write code faster
VII. Project directory structure
Below is the project’s source directory structure in this article:
VIII. Create a NodeJS project
To get started, we need to create a new NodeJS project. In this section, I will not guide again, you can refer to how to do details here: Create a NodeJS project
When creating a new project, you need to create the necessary libraries: express, cors, body-parser, mongoose, jsonwebtoken, and bcryptjs.
Using npm to install them, type the following command:
1 2 | npm install express mongoose body <span class="token operator">-</span> parser cors jsonwebtoken bcryptjs <span class="token operator">--</span> save |
The package.json content of the project is as follows:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 | <span class="token punctuation">{</span> <span class="token double-quoted-string string">"name"</span> <span class="token punctuation">:</span> <span class="token double-quoted-string string">"authentication-authorization-nodejs-jwt-mongodb"</span> <span class="token punctuation">,</span> <span class="token double-quoted-string string">"version"</span> <span class="token punctuation">:</span> <span class="token double-quoted-string string">"1.0.0"</span> <span class="token punctuation">,</span> <span class="token double-quoted-string string">"description"</span> <span class="token punctuation">:</span> <span class="token double-quoted-string string">"Node.js + MongoDB: JWT Authentication & Authorization"</span> <span class="token punctuation">,</span> <span class="token double-quoted-string string">"main"</span> <span class="token punctuation">:</span> <span class="token double-quoted-string string">"server.js"</span> <span class="token punctuation">,</span> <span class="token double-quoted-string string">"scripts"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span> <span class="token double-quoted-string string">"test"</span> <span class="token punctuation">:</span> <span class="token double-quoted-string string">"echo "Error: no test specified" && exit 1"</span> <span class="token punctuation">}</span> <span class="token punctuation">,</span> <span class="token double-quoted-string string">"keywords"</span> <span class="token punctuation">:</span> <span class="token punctuation">[</span> <span class="token double-quoted-string string">"node.js"</span> <span class="token punctuation">,</span> <span class="token double-quoted-string string">"express"</span> <span class="token punctuation">,</span> <span class="token double-quoted-string string">"jwt"</span> <span class="token punctuation">,</span> <span class="token double-quoted-string string">"authentication"</span> <span class="token punctuation">,</span> <span class="token double-quoted-string string">"mongodb"</span> <span class="token punctuation">]</span> <span class="token punctuation">,</span> <span class="token double-quoted-string string">"author"</span> <span class="token punctuation">:</span> <span class="token double-quoted-string string">"bezkoder.com"</span> <span class="token punctuation">,</span> <span class="token double-quoted-string string">"license"</span> <span class="token punctuation">:</span> <span class="token double-quoted-string string">"ISC"</span> <span class="token punctuation">,</span> <span class="token double-quoted-string string">"dependencies"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span> <span class="token double-quoted-string string">"bcryptjs"</span> <span class="token punctuation">:</span> <span class="token double-quoted-string string">"^2.4.3"</span> <span class="token punctuation">,</span> <span class="token double-quoted-string string">"body-parser"</span> <span class="token punctuation">:</span> <span class="token double-quoted-string string">"^1.19.0"</span> <span class="token punctuation">,</span> <span class="token double-quoted-string string">"cors"</span> <span class="token punctuation">:</span> <span class="token double-quoted-string string">"^2.8.5"</span> <span class="token punctuation">,</span> <span class="token double-quoted-string string">"express"</span> <span class="token punctuation">:</span> <span class="token double-quoted-string string">"^4.17.1"</span> <span class="token punctuation">,</span> <span class="token double-quoted-string string">"jsonwebtoken"</span> <span class="token punctuation">:</span> <span class="token double-quoted-string string">"^8.5.1"</span> <span class="token punctuation">,</span> <span class="token double-quoted-string string">"mongoose"</span> <span class="token punctuation">:</span> <span class="token double-quoted-string string">"^5.9.1"</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span> |
IX. Set up Express web server
In the root of the project, create a server.js file with the following content:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 | <span class="token keyword">const</span> express <span class="token operator">=</span> <span class="token keyword">require</span> <span class="token punctuation">(</span> <span class="token double-quoted-string string">"express"</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token keyword">const</span> bodyParser <span class="token operator">=</span> <span class="token keyword">require</span> <span class="token punctuation">(</span> <span class="token double-quoted-string string">"body-parser"</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token keyword">const</span> cors <span class="token operator">=</span> <span class="token keyword">require</span> <span class="token punctuation">(</span> <span class="token double-quoted-string string">"cors"</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token keyword">const</span> app <span class="token operator">=</span> <span class="token function">express</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token keyword">var</span> corsOptions <span class="token operator">=</span> <span class="token punctuation">{</span> origin <span class="token punctuation">:</span> <span class="token double-quoted-string string">"http://localhost:8081"</span> <span class="token punctuation">}</span> <span class="token punctuation">;</span> app <span class="token punctuation">.</span> <span class="token keyword">use</span> <span class="token punctuation">(</span> <span class="token function">cors</span> <span class="token punctuation">(</span> corsOptions <span class="token punctuation">)</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token comment">// parse requests of content-type - application/json</span> app <span class="token punctuation">.</span> <span class="token keyword">use</span> <span class="token punctuation">(</span> bodyParser <span class="token punctuation">.</span> <span class="token function">json</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token comment">// parse requests of content-type - application/x-www-form-urlencoded</span> app <span class="token punctuation">.</span> <span class="token keyword">use</span> <span class="token punctuation">(</span> bodyParser <span class="token punctuation">.</span> <span class="token function">urlencoded</span> <span class="token punctuation">(</span> <span class="token punctuation">{</span> extended <span class="token punctuation">:</span> <span class="token boolean constant">true</span> <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token comment">// simple route</span> app <span class="token punctuation">.</span> <span class="token function">get</span> <span class="token punctuation">(</span> <span class="token double-quoted-string string">"/"</span> <span class="token punctuation">,</span> <span class="token punctuation">(</span> req <span class="token punctuation">,</span> res <span class="token punctuation">)</span> <span class="token operator">=</span> <span class="token operator">></span> <span class="token punctuation">{</span> res <span class="token punctuation">.</span> <span class="token function">json</span> <span class="token punctuation">(</span> <span class="token punctuation">{</span> message <span class="token punctuation">:</span> <span class="token double-quoted-string string">"Welcome to VNTALKING application."</span> <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token comment">// set port, listen for requests</span> <span class="token keyword">const</span> <span class="token constant">PORT</span> <span class="token operator">=</span> process <span class="token punctuation">.</span> env <span class="token punctuation">.</span> <span class="token constant">PORT</span> <span class="token operator">||</span> <span class="token number">8080</span> <span class="token punctuation">;</span> app <span class="token punctuation">.</span> <span class="token function">listen</span> <span class="token punctuation">(</span> <span class="token constant">PORT</span> <span class="token punctuation">,</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token operator">=</span> <span class="token operator">></span> <span class="token punctuation">{</span> console <span class="token punctuation">.</span> <span class="token function">log</span> <span class="token punctuation">(</span> `Server is running on port <span class="token variable">$</span> <span class="token punctuation">{</span> <span class="token constant">PORT</span> <span class="token punctuation">}</span> <span class="token punctuation">.</span> ` <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> |
I will explain a little bit about the code in server.js:
- We import Express to create REST API
- The body-parser library is used to parse requests into the body object.
- Import cors library providing Express middleware used to enable CORS feature
Finally, you can test the application with the command: npm start
Access the browser from the path: http: // localhost: 8080 /
X. Configure MongoDB connection
In your app directory, create a new directory and name it config. This directory will contain all the files related to the application configuration.
In the config directory, create the db.config.js file to add the MongoDB database setting information to the application:
1 2 3 4 5 | module <span class="token punctuation">.</span> exports <span class="token operator">=</span> <span class="token punctuation">{</span> <span class="token constant">HOST</span> <span class="token punctuation">:</span> <span class="token double-quoted-string string">"localhost"</span> <span class="token punctuation">,</span> <span class="token constant">PORT</span> <span class="token punctuation">:</span> <span class="token number">27017</span> <span class="token punctuation">,</span> <span class="token constant">DB</span> <span class="token punctuation">:</span> <span class="token double-quoted-string string">"vntalking_db"</span> |
XI. Mongoose Model definition
In the model directory, create the User and Role model as follows:
models / role.model.js
1 2 3 4 5 6 7 8 9 | <span class="token keyword">const</span> mongoose <span class="token operator">=</span> <span class="token keyword">require</span> <span class="token punctuation">(</span> <span class="token double-quoted-string string">"mongoose"</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token keyword">const</span> Role <span class="token operator">=</span> mongoose <span class="token punctuation">.</span> <span class="token function">model</span> <span class="token punctuation">(</span> <span class="token double-quoted-string string">"Role"</span> <span class="token punctuation">,</span> <span class="token keyword">new</span> <span class="token class-name">mongoose <span class="token punctuation">.</span> Schema</span> <span class="token punctuation">(</span> <span class="token punctuation">{</span> name <span class="token punctuation">:</span> String <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> module <span class="token punctuation">.</span> exports <span class="token operator">=</span> Role <span class="token punctuation">;</span> |
models / user.model.js
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | <span class="token keyword">const</span> mongoose <span class="token operator">=</span> <span class="token keyword">require</span> <span class="token punctuation">(</span> <span class="token double-quoted-string string">"mongoose"</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token keyword">const</span> User <span class="token operator">=</span> mongoose <span class="token punctuation">.</span> <span class="token function">model</span> <span class="token punctuation">(</span> <span class="token double-quoted-string string">"User"</span> <span class="token punctuation">,</span> <span class="token keyword">new</span> <span class="token class-name">mongoose <span class="token punctuation">.</span> Schema</span> <span class="token punctuation">(</span> <span class="token punctuation">{</span> username <span class="token punctuation">:</span> String <span class="token punctuation">,</span> email <span class="token punctuation">:</span> String <span class="token punctuation">,</span> password <span class="token punctuation">:</span> String <span class="token punctuation">,</span> roles <span class="token punctuation">:</span> <span class="token punctuation">[</span> <span class="token punctuation">{</span> type <span class="token punctuation">:</span> mongoose <span class="token punctuation">.</span> Schema <span class="token punctuation">.</span> Types <span class="token punctuation">.</span> ObjectId <span class="token punctuation">,</span> ref <span class="token punctuation">:</span> <span class="token double-quoted-string string">"Role"</span> <span class="token punctuation">}</span> <span class="token punctuation">]</span> <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> module <span class="token punctuation">.</span> exports <span class="token operator">=</span> User <span class="token punctuation">;</span> |
These Mongoose Models will represent the collection created in MongoDB. When you run the program, Mongoose will automatically create two collections named: users and roles.
Once you have declared it, you do not need to create CRUD (database read and write) functions because Mongoose already supports it. For example:
- Create a new User: with function object.save ()
- Find a User by Id: Use User.findById (id)
- Find User by email: User.findOne ({email:…})
- Finds all roles: Role.find ({…})
These functions will be used by us in Controllers. Just calm down.
XII. Initialize Mongoose
Now we create app / models / index.js with the following content:
1 2 3 4 5 6 7 8 9 | <span class="token keyword">const</span> mongoose <span class="token operator">=</span> <span class="token keyword">require</span> <span class="token punctuation">(</span> <span class="token single-quoted-string string">'mongoose'</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> mongoose <span class="token punctuation">.</span> Promise <span class="token operator">=</span> <span class="token keyword">global</span> <span class="token punctuation">.</span> Promise <span class="token punctuation">;</span> <span class="token keyword">const</span> db <span class="token operator">=</span> <span class="token punctuation">{</span> <span class="token punctuation">}</span> <span class="token punctuation">;</span> db <span class="token punctuation">.</span> mongoose <span class="token operator">=</span> mongoose <span class="token punctuation">;</span> db <span class="token punctuation">.</span> user <span class="token operator">=</span> <span class="token keyword">require</span> <span class="token punctuation">(</span> <span class="token double-quoted-string string">"./user.model"</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> db <span class="token punctuation">.</span> role <span class="token operator">=</span> <span class="token keyword">require</span> <span class="token punctuation">(</span> <span class="token double-quoted-string string">"./role.model"</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> db <span class="token punctuation">.</span> <span class="token constant">ROLES</span> <span class="token operator">=</span> <span class="token punctuation">[</span> <span class="token double-quoted-string string">"user"</span> <span class="token punctuation">,</span> <span class="token double-quoted-string string">"admin"</span> <span class="token punctuation">,</span> <span class="token double-quoted-string string">"moderator"</span> <span class="token punctuation">]</span> <span class="token punctuation">;</span> module <span class="token punctuation">.</span> exports <span class="token operator">=</span> db <span class="token punctuation">;</span> |
Reopen the server.js file to add the following code to open the Mongoose connection to the MongoDB database.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 | <span class="token punctuation">.</span> <span class="token punctuation">.</span> <span class="token punctuation">.</span> <span class="token keyword">const</span> app <span class="token operator">=</span> <span class="token function">express</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> app <span class="token punctuation">.</span> <span class="token keyword">use</span> <span class="token punctuation">(</span> <span class="token punctuation">.</span> <span class="token punctuation">.</span> <span class="token punctuation">.</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token keyword">const</span> db <span class="token operator">=</span> <span class="token keyword">require</span> <span class="token punctuation">(</span> <span class="token double-quoted-string string">"./app/models"</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token keyword">const</span> Role <span class="token operator">=</span> db <span class="token punctuation">.</span> role <span class="token punctuation">;</span> db <span class="token punctuation">.</span> mongoose <span class="token punctuation">.</span> <span class="token function">connect</span> <span class="token punctuation">(</span> `mongodb <span class="token punctuation">:</span> <span class="token comment">//${dbConfig.HOST}:${dbConfig.PORT}/${dbConfig.DB}`, {</span> useNewUrlParser <span class="token punctuation">:</span> <span class="token boolean constant">true</span> <span class="token punctuation">,</span> useUnifiedTopology <span class="token punctuation">:</span> <span class="token boolean constant">true</span> <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">then</span> <span class="token punctuation">(</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token operator">=</span> <span class="token operator">></span> <span class="token punctuation">{</span> console <span class="token punctuation">.</span> <span class="token function">log</span> <span class="token punctuation">(</span> <span class="token double-quoted-string string">"Successfully connect to MongoDB."</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token function">initial</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token keyword">catch</span> <span class="token punctuation">(</span> err <span class="token operator">=</span> <span class="token operator">></span> <span class="token punctuation">{</span> console <span class="token punctuation">.</span> <span class="token function">error</span> <span class="token punctuation">(</span> <span class="token double-quoted-string string">"Connection error"</span> <span class="token punctuation">,</span> err <span class="token punctuation">)</span> <span class="token punctuation">;</span> process <span class="token punctuation">.</span> <span class="token keyword">exit</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token punctuation">.</span> <span class="token punctuation">.</span> <span class="token punctuation">.</span> <span class="token keyword">function</span> <span class="token function">initial</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> Role <span class="token punctuation">.</span> <span class="token function">estimatedDocumentCount</span> <span class="token punctuation">(</span> <span class="token punctuation">(</span> err <span class="token punctuation">,</span> count <span class="token punctuation">)</span> <span class="token operator">=</span> <span class="token operator">></span> <span class="token punctuation">{</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> <span class="token operator">!</span> err <span class="token operator">&&</span> count <span class="token operator">===</span> <span class="token number">0</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">new</span> <span class="token class-name">Role</span> <span class="token punctuation">(</span> <span class="token punctuation">{</span> name <span class="token punctuation">:</span> <span class="token double-quoted-string string">"user"</span> <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">save</span> <span class="token punctuation">(</span> err <span class="token operator">=</span> <span class="token operator">></span> <span class="token punctuation">{</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> err <span class="token punctuation">)</span> <span class="token punctuation">{</span> console <span class="token punctuation">.</span> <span class="token function">log</span> <span class="token punctuation">(</span> <span class="token double-quoted-string string">"error"</span> <span class="token punctuation">,</span> err <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> console <span class="token punctuation">.</span> <span class="token function">log</span> <span class="token punctuation">(</span> <span class="token double-quoted-string string">"added 'user' to roles collection"</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token keyword">new</span> <span class="token class-name">Role</span> <span class="token punctuation">(</span> <span class="token punctuation">{</span> name <span class="token punctuation">:</span> <span class="token double-quoted-string string">"moderator"</span> <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">save</span> <span class="token punctuation">(</span> err <span class="token operator">=</span> <span class="token operator">></span> <span class="token punctuation">{</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> err <span class="token punctuation">)</span> <span class="token punctuation">{</span> console <span class="token punctuation">.</span> <span class="token function">log</span> <span class="token punctuation">(</span> <span class="token double-quoted-string string">"error"</span> <span class="token punctuation">,</span> err <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> console <span class="token punctuation">.</span> <span class="token function">log</span> <span class="token punctuation">(</span> <span class="token double-quoted-string string">"added 'moderator' to roles collection"</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token keyword">new</span> <span class="token class-name">Role</span> <span class="token punctuation">(</span> <span class="token punctuation">{</span> name <span class="token punctuation">:</span> <span class="token double-quoted-string string">"admin"</span> <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">save</span> <span class="token punctuation">(</span> err <span class="token operator">=</span> <span class="token operator">></span> <span class="token punctuation">{</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> err <span class="token punctuation">)</span> <span class="token punctuation">{</span> console <span class="token punctuation">.</span> <span class="token function">log</span> <span class="token punctuation">(</span> <span class="token double-quoted-string string">"error"</span> <span class="token punctuation">,</span> err <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> console <span class="token punctuation">.</span> <span class="token function">log</span> <span class="token punctuation">(</span> <span class="token double-quoted-string string">"added 'admin' to roles collection"</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> |
The initial () function allows us to add 3 roles data to the database, if it exists in the database, then ignore it.
XIII. Configure Auth Key
The jsonwebtoken functions such as: verify (), sign () will need a secret key to encode or decode the token string.
In the app / config directory, create auth.config.js with the following content:
1 2 3 4 | module <span class="token punctuation">.</span> exports <span class="token operator">=</span> <span class="token punctuation">{</span> secret <span class="token punctuation">:</span> <span class="token double-quoted-string string">"vntalking-secret-key"</span> <span class="token punctuation">}</span> <span class="token punctuation">;</span> |
In it, you can create any banana secret for your own.
XIV. Create middleware functions
In order to verify an action in SignUp, we need to do 2 things:
Check if the username and email are duplicated in DB or not? Check if the registered role is valid or not? middlewares / verifySignUp.js
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 | <span class="token keyword">const</span> db <span class="token operator">=</span> <span class="token keyword">require</span> <span class="token punctuation">(</span> <span class="token double-quoted-string string">"../models"</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token keyword">const</span> <span class="token constant">ROLES</span> <span class="token operator">=</span> db <span class="token punctuation">.</span> <span class="token constant">ROLES</span> <span class="token punctuation">;</span> <span class="token keyword">const</span> User <span class="token operator">=</span> db <span class="token punctuation">.</span> user <span class="token punctuation">;</span> checkDuplicateUsernameOrEmail <span class="token operator">=</span> <span class="token punctuation">(</span> req <span class="token punctuation">,</span> res <span class="token punctuation">,</span> next <span class="token punctuation">)</span> <span class="token operator">=</span> <span class="token operator">></span> <span class="token punctuation">{</span> <span class="token comment">// Username</span> User <span class="token punctuation">.</span> <span class="token function">findOne</span> <span class="token punctuation">(</span> <span class="token punctuation">{</span> username <span class="token punctuation">:</span> req <span class="token punctuation">.</span> body <span class="token punctuation">.</span> username <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">exec</span> <span class="token punctuation">(</span> <span class="token punctuation">(</span> err <span class="token punctuation">,</span> user <span class="token punctuation">)</span> <span class="token operator">=</span> <span class="token operator">></span> <span class="token punctuation">{</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> err <span class="token punctuation">)</span> <span class="token punctuation">{</span> res <span class="token punctuation">.</span> <span class="token function">status</span> <span class="token punctuation">(</span> <span class="token number">500</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">send</span> <span class="token punctuation">(</span> <span class="token punctuation">{</span> message <span class="token punctuation">:</span> err <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token keyword">return</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> user <span class="token punctuation">)</span> <span class="token punctuation">{</span> res <span class="token punctuation">.</span> <span class="token function">status</span> <span class="token punctuation">(</span> <span class="token number">400</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">send</span> <span class="token punctuation">(</span> <span class="token punctuation">{</span> message <span class="token punctuation">:</span> <span class="token double-quoted-string string">"Failed! Username is already in use!"</span> <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token keyword">return</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token comment">// Email</span> User <span class="token punctuation">.</span> <span class="token function">findOne</span> <span class="token punctuation">(</span> <span class="token punctuation">{</span> email <span class="token punctuation">:</span> req <span class="token punctuation">.</span> body <span class="token punctuation">.</span> email <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">exec</span> <span class="token punctuation">(</span> <span class="token punctuation">(</span> err <span class="token punctuation">,</span> user <span class="token punctuation">)</span> <span class="token operator">=</span> <span class="token operator">></span> <span class="token punctuation">{</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> err <span class="token punctuation">)</span> <span class="token punctuation">{</span> res <span class="token punctuation">.</span> <span class="token function">status</span> <span class="token punctuation">(</span> <span class="token number">500</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">send</span> <span class="token punctuation">(</span> <span class="token punctuation">{</span> message <span class="token punctuation">:</span> err <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token keyword">return</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> user <span class="token punctuation">)</span> <span class="token punctuation">{</span> res <span class="token punctuation">.</span> <span class="token function">status</span> <span class="token punctuation">(</span> <span class="token number">400</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">send</span> <span class="token punctuation">(</span> <span class="token punctuation">{</span> message <span class="token punctuation">:</span> <span class="token double-quoted-string string">"Failed! Email is already in use!"</span> <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token keyword">return</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token function">next</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">;</span> checkRolesExisted <span class="token operator">=</span> <span class="token punctuation">(</span> req <span class="token punctuation">,</span> res <span class="token punctuation">,</span> next <span class="token punctuation">)</span> <span class="token operator">=</span> <span class="token operator">></span> <span class="token punctuation">{</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> req <span class="token punctuation">.</span> body <span class="token punctuation">.</span> roles <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">for</span> <span class="token punctuation">(</span> let i <span class="token operator">=</span> <span class="token number">0</span> <span class="token punctuation">;</span> i <span class="token operator"><</span> req <span class="token punctuation">.</span> body <span class="token punctuation">.</span> roles <span class="token punctuation">.</span> length <span class="token punctuation">;</span> i <span class="token operator">++</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> <span class="token operator">!</span> <span class="token constant">ROLES</span> <span class="token punctuation">.</span> <span class="token function">includes</span> <span class="token punctuation">(</span> req <span class="token punctuation">.</span> body <span class="token punctuation">.</span> roles <span class="token punctuation">[</span> i <span class="token punctuation">]</span> <span class="token punctuation">)</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> res <span class="token punctuation">.</span> <span class="token function">status</span> <span class="token punctuation">(</span> <span class="token number">400</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">send</span> <span class="token punctuation">(</span> <span class="token punctuation">{</span> message <span class="token punctuation">:</span> `Failed <span class="token operator">!</span> Role <span class="token variable">$</span> <span class="token punctuation">{</span> req <span class="token punctuation">.</span> body <span class="token punctuation">.</span> roles <span class="token punctuation">[</span> i <span class="token punctuation">]</span> <span class="token punctuation">}</span> does not exist <span class="token operator">!</span> ` <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token keyword">return</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span> <span class="token function">next</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">;</span> <span class="token keyword">const</span> verifySignUp <span class="token operator">=</span> <span class="token punctuation">{</span> checkDuplicateUsernameOrEmail <span class="token punctuation">,</span> checkRolesExisted <span class="token punctuation">}</span> <span class="token punctuation">;</span> module <span class="token punctuation">.</span> exports <span class="token operator">=</span> verifySignUp <span class="token punctuation">;</span> |
To handle Authentication & Authorization, we need to create the following functions:
- Check the token is valid or not? We can get the token information in the x-access-token field of the HTTP Header, then pass it to the verify () function for processing.
- Check whether the registered role has a role or is empty?
middlewares / authJwt.js
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 | <span class="token keyword">const</span> jwt <span class="token operator">=</span> <span class="token keyword">require</span> <span class="token punctuation">(</span> <span class="token double-quoted-string string">"jsonwebtoken"</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token keyword">const</span> config <span class="token operator">=</span> <span class="token keyword">require</span> <span class="token punctuation">(</span> <span class="token double-quoted-string string">"../config/auth.config.js"</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token keyword">const</span> db <span class="token operator">=</span> <span class="token keyword">require</span> <span class="token punctuation">(</span> <span class="token double-quoted-string string">"../models"</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token keyword">const</span> User <span class="token operator">=</span> db <span class="token punctuation">.</span> user <span class="token punctuation">;</span> <span class="token keyword">const</span> Role <span class="token operator">=</span> db <span class="token punctuation">.</span> role <span class="token punctuation">;</span> verifyToken <span class="token operator">=</span> <span class="token punctuation">(</span> req <span class="token punctuation">,</span> res <span class="token punctuation">,</span> next <span class="token punctuation">)</span> <span class="token operator">=</span> <span class="token operator">></span> <span class="token punctuation">{</span> let token <span class="token operator">=</span> req <span class="token punctuation">.</span> headers <span class="token punctuation">[</span> <span class="token double-quoted-string string">"x-access-token"</span> <span class="token punctuation">]</span> <span class="token punctuation">;</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> <span class="token operator">!</span> token <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">return</span> res <span class="token punctuation">.</span> <span class="token function">status</span> <span class="token punctuation">(</span> <span class="token number">403</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">send</span> <span class="token punctuation">(</span> <span class="token punctuation">{</span> message <span class="token punctuation">:</span> <span class="token double-quoted-string string">"No token provided!"</span> <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> jwt <span class="token punctuation">.</span> <span class="token function">verify</span> <span class="token punctuation">(</span> token <span class="token punctuation">,</span> config <span class="token punctuation">.</span> secret <span class="token punctuation">,</span> <span class="token punctuation">(</span> err <span class="token punctuation">,</span> decoded <span class="token punctuation">)</span> <span class="token operator">=</span> <span class="token operator">></span> <span class="token punctuation">{</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> err <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">return</span> res <span class="token punctuation">.</span> <span class="token function">status</span> <span class="token punctuation">(</span> <span class="token number">401</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">send</span> <span class="token punctuation">(</span> <span class="token punctuation">{</span> message <span class="token punctuation">:</span> <span class="token double-quoted-string string">"Unauthorized!"</span> <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> req <span class="token punctuation">.</span> userId <span class="token operator">=</span> decoded <span class="token punctuation">.</span> id <span class="token punctuation">;</span> <span class="token function">next</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">;</span> isAdmin <span class="token operator">=</span> <span class="token punctuation">(</span> req <span class="token punctuation">,</span> res <span class="token punctuation">,</span> next <span class="token punctuation">)</span> <span class="token operator">=</span> <span class="token operator">></span> <span class="token punctuation">{</span> User <span class="token punctuation">.</span> <span class="token function">findById</span> <span class="token punctuation">(</span> req <span class="token punctuation">.</span> userId <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">exec</span> <span class="token punctuation">(</span> <span class="token punctuation">(</span> err <span class="token punctuation">,</span> user <span class="token punctuation">)</span> <span class="token operator">=</span> <span class="token operator">></span> <span class="token punctuation">{</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> err <span class="token punctuation">)</span> <span class="token punctuation">{</span> res <span class="token punctuation">.</span> <span class="token function">status</span> <span class="token punctuation">(</span> <span class="token number">500</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">send</span> <span class="token punctuation">(</span> <span class="token punctuation">{</span> message <span class="token punctuation">:</span> err <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token keyword">return</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> Role <span class="token punctuation">.</span> <span class="token function">find</span> <span class="token punctuation">(</span> <span class="token punctuation">{</span> _id <span class="token punctuation">:</span> <span class="token punctuation">{</span> <span class="token variable">$in</span> <span class="token punctuation">:</span> user <span class="token punctuation">.</span> roles <span class="token punctuation">}</span> <span class="token punctuation">}</span> <span class="token punctuation">,</span> <span class="token punctuation">(</span> err <span class="token punctuation">,</span> roles <span class="token punctuation">)</span> <span class="token operator">=</span> <span class="token operator">></span> <span class="token punctuation">{</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> err <span class="token punctuation">)</span> <span class="token punctuation">{</span> res <span class="token punctuation">.</span> <span class="token function">status</span> <span class="token punctuation">(</span> <span class="token number">500</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">send</span> <span class="token punctuation">(</span> <span class="token punctuation">{</span> message <span class="token punctuation">:</span> err <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token keyword">return</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token keyword">for</span> <span class="token punctuation">(</span> let i <span class="token operator">=</span> <span class="token number">0</span> <span class="token punctuation">;</span> i <span class="token operator"><</span> roles <span class="token punctuation">.</span> length <span class="token punctuation">;</span> i <span class="token operator">++</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> roles <span class="token punctuation">[</span> i <span class="token punctuation">]</span> <span class="token punctuation">.</span> name <span class="token operator">===</span> <span class="token double-quoted-string string">"admin"</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token function">next</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token keyword">return</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span> res <span class="token punctuation">.</span> <span class="token function">status</span> <span class="token punctuation">(</span> <span class="token number">403</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">send</span> <span class="token punctuation">(</span> <span class="token punctuation">{</span> message <span class="token punctuation">:</span> <span class="token double-quoted-string string">"Require Admin Role!"</span> <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token keyword">return</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">;</span> isModerator <span class="token operator">=</span> <span class="token punctuation">(</span> req <span class="token punctuation">,</span> res <span class="token punctuation">,</span> next <span class="token punctuation">)</span> <span class="token operator">=</span> <span class="token operator">></span> <span class="token punctuation">{</span> User <span class="token punctuation">.</span> <span class="token function">findById</span> <span class="token punctuation">(</span> req <span class="token punctuation">.</span> userId <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">exec</span> <span class="token punctuation">(</span> <span class="token punctuation">(</span> err <span class="token punctuation">,</span> user <span class="token punctuation">)</span> <span class="token operator">=</span> <span class="token operator">></span> <span class="token punctuation">{</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> err <span class="token punctuation">)</span> <span class="token punctuation">{</span> res <span class="token punctuation">.</span> <span class="token function">status</span> <span class="token punctuation">(</span> <span class="token number">500</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">send</span> <span class="token punctuation">(</span> <span class="token punctuation">{</span> message <span class="token punctuation">:</span> err <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token keyword">return</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> Role <span class="token punctuation">.</span> <span class="token function">find</span> <span class="token punctuation">(</span> <span class="token punctuation">{</span> _id <span class="token punctuation">:</span> <span class="token punctuation">{</span> <span class="token variable">$in</span> <span class="token punctuation">:</span> user <span class="token punctuation">.</span> roles <span class="token punctuation">}</span> <span class="token punctuation">}</span> <span class="token punctuation">,</span> <span class="token punctuation">(</span> err <span class="token punctuation">,</span> roles <span class="token punctuation">)</span> <span class="token operator">=</span> <span class="token operator">></span> <span class="token punctuation">{</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> err <span class="token punctuation">)</span> <span class="token punctuation">{</span> res <span class="token punctuation">.</span> <span class="token function">status</span> <span class="token punctuation">(</span> <span class="token number">500</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">send</span> <span class="token punctuation">(</span> <span class="token punctuation">{</span> message <span class="token punctuation">:</span> err <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token keyword">return</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token keyword">for</span> <span class="token punctuation">(</span> let i <span class="token operator">=</span> <span class="token number">0</span> <span class="token punctuation">;</span> i <span class="token operator"><</span> roles <span class="token punctuation">.</span> length <span class="token punctuation">;</span> i <span class="token operator">++</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> roles <span class="token punctuation">[</span> i <span class="token punctuation">]</span> <span class="token punctuation">.</span> name <span class="token operator">===</span> <span class="token double-quoted-string string">"moderator"</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token function">next</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token keyword">return</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span> res <span class="token punctuation">.</span> <span class="token function">status</span> <span class="token punctuation">(</span> <span class="token number">403</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">send</span> <span class="token punctuation">(</span> <span class="token punctuation">{</span> message <span class="token punctuation">:</span> <span class="token double-quoted-string string">"Require Moderator Role!"</span> <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token keyword">return</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">;</span> <span class="token keyword">const</span> authJwt <span class="token operator">=</span> <span class="token punctuation">{</span> verifyToken <span class="token punctuation">,</span> isAdmin <span class="token punctuation">,</span> isModerator <span class="token punctuation">}</span> <span class="token punctuation">;</span> module <span class="token punctuation">.</span> exports <span class="token operator">=</span> authJwt <span class="token punctuation">;</span> |
Finally, create the index.js file in the middlewares directory to export them:
1 2 3 4 5 6 7 | <span class="token keyword">const</span> authJwt <span class="token operator">=</span> <span class="token keyword">require</span> <span class="token punctuation">(</span> <span class="token double-quoted-string string">"./authJwt"</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token keyword">const</span> verifySignUp <span class="token operator">=</span> <span class="token keyword">require</span> <span class="token punctuation">(</span> <span class="token double-quoted-string string">"./verifySignUp"</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> module <span class="token punctuation">.</span> exports <span class="token operator">=</span> <span class="token punctuation">{</span> authJwt <span class="token punctuation">,</span> verifySignUp <span class="token punctuation">}</span> <span class="token punctuation">;</span> |
XV. Create Controllers
We will in turn create controllers for 2 parts: Authentication and Authorization.
Controller for Authentication With this section, we have two main jobs for the authentication feature:
- Register: create a new user and save it in the database (default role is User if not specified before registration).
- Login: the login process consists of 4 steps:
- Find username in the database,
- If username exists, compare the password with the password in the usage database. If the password matches, create a token with jsonwebtoken and then return the client with User information with access-Token The principle is that, now the source code:
controllers / auth.controller.js
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 | <span class="token keyword">const</span> config <span class="token operator">=</span> <span class="token keyword">require</span> <span class="token punctuation">(</span> <span class="token double-quoted-string string">"../config/auth.config"</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token keyword">const</span> db <span class="token operator">=</span> <span class="token keyword">require</span> <span class="token punctuation">(</span> <span class="token double-quoted-string string">"../models"</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token keyword">const</span> User <span class="token operator">=</span> db <span class="token punctuation">.</span> user <span class="token punctuation">;</span> <span class="token keyword">const</span> Role <span class="token operator">=</span> db <span class="token punctuation">.</span> role <span class="token punctuation">;</span> <span class="token keyword">var</span> jwt <span class="token operator">=</span> <span class="token keyword">require</span> <span class="token punctuation">(</span> <span class="token double-quoted-string string">"jsonwebtoken"</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token keyword">var</span> bcrypt <span class="token operator">=</span> <span class="token keyword">require</span> <span class="token punctuation">(</span> <span class="token double-quoted-string string">"bcryptjs"</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> exports <span class="token punctuation">.</span> signup <span class="token operator">=</span> <span class="token punctuation">(</span> req <span class="token punctuation">,</span> res <span class="token punctuation">)</span> <span class="token operator">=</span> <span class="token operator">></span> <span class="token punctuation">{</span> <span class="token keyword">const</span> user <span class="token operator">=</span> <span class="token keyword">new</span> <span class="token class-name">User</span> <span class="token punctuation">(</span> <span class="token punctuation">{</span> username <span class="token punctuation">:</span> req <span class="token punctuation">.</span> body <span class="token punctuation">.</span> username <span class="token punctuation">,</span> email <span class="token punctuation">:</span> req <span class="token punctuation">.</span> body <span class="token punctuation">.</span> email <span class="token punctuation">,</span> password <span class="token punctuation">:</span> bcrypt <span class="token punctuation">.</span> <span class="token function">hashSync</span> <span class="token punctuation">(</span> req <span class="token punctuation">.</span> body <span class="token punctuation">.</span> password <span class="token punctuation">,</span> <span class="token number">8</span> <span class="token punctuation">)</span> <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> user <span class="token punctuation">.</span> <span class="token function">save</span> <span class="token punctuation">(</span> <span class="token punctuation">(</span> err <span class="token punctuation">,</span> user <span class="token punctuation">)</span> <span class="token operator">=</span> <span class="token operator">></span> <span class="token punctuation">{</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> err <span class="token punctuation">)</span> <span class="token punctuation">{</span> res <span class="token punctuation">.</span> <span class="token function">status</span> <span class="token punctuation">(</span> <span class="token number">500</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">send</span> <span class="token punctuation">(</span> <span class="token punctuation">{</span> message <span class="token punctuation">:</span> err <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token keyword">return</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> req <span class="token punctuation">.</span> body <span class="token punctuation">.</span> roles <span class="token punctuation">)</span> <span class="token punctuation">{</span> Role <span class="token punctuation">.</span> <span class="token function">find</span> <span class="token punctuation">(</span> <span class="token punctuation">{</span> name <span class="token punctuation">:</span> <span class="token punctuation">{</span> <span class="token variable">$in</span> <span class="token punctuation">:</span> req <span class="token punctuation">.</span> body <span class="token punctuation">.</span> roles <span class="token punctuation">}</span> <span class="token punctuation">}</span> <span class="token punctuation">,</span> <span class="token punctuation">(</span> err <span class="token punctuation">,</span> roles <span class="token punctuation">)</span> <span class="token operator">=</span> <span class="token operator">></span> <span class="token punctuation">{</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> err <span class="token punctuation">)</span> <span class="token punctuation">{</span> res <span class="token punctuation">.</span> <span class="token function">status</span> <span class="token punctuation">(</span> <span class="token number">500</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">send</span> <span class="token punctuation">(</span> <span class="token punctuation">{</span> message <span class="token punctuation">:</span> err <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token keyword">return</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> user <span class="token punctuation">.</span> roles <span class="token operator">=</span> roles <span class="token punctuation">.</span> <span class="token function">map</span> <span class="token punctuation">(</span> role <span class="token operator">=</span> <span class="token operator">></span> role <span class="token punctuation">.</span> _id <span class="token punctuation">)</span> <span class="token punctuation">;</span> user <span class="token punctuation">.</span> <span class="token function">save</span> <span class="token punctuation">(</span> err <span class="token operator">=</span> <span class="token operator">></span> <span class="token punctuation">{</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> err <span class="token punctuation">)</span> <span class="token punctuation">{</span> res <span class="token punctuation">.</span> <span class="token function">status</span> <span class="token punctuation">(</span> <span class="token number">500</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">send</span> <span class="token punctuation">(</span> <span class="token punctuation">{</span> message <span class="token punctuation">:</span> err <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token keyword">return</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> res <span class="token punctuation">.</span> <span class="token function">send</span> <span class="token punctuation">(</span> <span class="token punctuation">{</span> message <span class="token punctuation">:</span> <span class="token double-quoted-string string">"User was registered successfully!"</span> <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token keyword">else</span> <span class="token punctuation">{</span> Role <span class="token punctuation">.</span> <span class="token function">findOne</span> <span class="token punctuation">(</span> <span class="token punctuation">{</span> name <span class="token punctuation">:</span> <span class="token double-quoted-string string">"user"</span> <span class="token punctuation">}</span> <span class="token punctuation">,</span> <span class="token punctuation">(</span> err <span class="token punctuation">,</span> role <span class="token punctuation">)</span> <span class="token operator">=</span> <span class="token operator">></span> <span class="token punctuation">{</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> err <span class="token punctuation">)</span> <span class="token punctuation">{</span> res <span class="token punctuation">.</span> <span class="token function">status</span> <span class="token punctuation">(</span> <span class="token number">500</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">send</span> <span class="token punctuation">(</span> <span class="token punctuation">{</span> message <span class="token punctuation">:</span> err <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token keyword">return</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> user <span class="token punctuation">.</span> roles <span class="token operator">=</span> <span class="token punctuation">[</span> role <span class="token punctuation">.</span> _id <span class="token punctuation">]</span> <span class="token punctuation">;</span> user <span class="token punctuation">.</span> <span class="token function">save</span> <span class="token punctuation">(</span> err <span class="token operator">=</span> <span class="token operator">></span> <span class="token punctuation">{</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> err <span class="token punctuation">)</span> <span class="token punctuation">{</span> res <span class="token punctuation">.</span> <span class="token function">status</span> <span class="token punctuation">(</span> <span class="token number">500</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">send</span> <span class="token punctuation">(</span> <span class="token punctuation">{</span> message <span class="token punctuation">:</span> err <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token keyword">return</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> res <span class="token punctuation">.</span> <span class="token function">send</span> <span class="token punctuation">(</span> <span class="token punctuation">{</span> message <span class="token punctuation">:</span> <span class="token double-quoted-string string">"User was registered successfully!"</span> <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">;</span> exports <span class="token punctuation">.</span> signin <span class="token operator">=</span> <span class="token punctuation">(</span> req <span class="token punctuation">,</span> res <span class="token punctuation">)</span> <span class="token operator">=</span> <span class="token operator">></span> <span class="token punctuation">{</span> User <span class="token punctuation">.</span> <span class="token function">findOne</span> <span class="token punctuation">(</span> <span class="token punctuation">{</span> username <span class="token punctuation">:</span> req <span class="token punctuation">.</span> body <span class="token punctuation">.</span> username <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">populate</span> <span class="token punctuation">(</span> <span class="token double-quoted-string string">"roles"</span> <span class="token punctuation">,</span> <span class="token double-quoted-string string">"-__v"</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">exec</span> <span class="token punctuation">(</span> <span class="token punctuation">(</span> err <span class="token punctuation">,</span> user <span class="token punctuation">)</span> <span class="token operator">=</span> <span class="token operator">></span> <span class="token punctuation">{</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> err <span class="token punctuation">)</span> <span class="token punctuation">{</span> res <span class="token punctuation">.</span> <span class="token function">status</span> <span class="token punctuation">(</span> <span class="token number">500</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">send</span> <span class="token punctuation">(</span> <span class="token punctuation">{</span> message <span class="token punctuation">:</span> err <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token keyword">return</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> <span class="token operator">!</span> user <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">return</span> res <span class="token punctuation">.</span> <span class="token function">status</span> <span class="token punctuation">(</span> <span class="token number">404</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">send</span> <span class="token punctuation">(</span> <span class="token punctuation">{</span> message <span class="token punctuation">:</span> <span class="token double-quoted-string string">"User Not found."</span> <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token keyword">var</span> passwordIsValid <span class="token operator">=</span> bcrypt <span class="token punctuation">.</span> <span class="token function">compareSync</span> <span class="token punctuation">(</span> req <span class="token punctuation">.</span> body <span class="token punctuation">.</span> password <span class="token punctuation">,</span> user <span class="token punctuation">.</span> password <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> <span class="token operator">!</span> passwordIsValid <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">return</span> res <span class="token punctuation">.</span> <span class="token function">status</span> <span class="token punctuation">(</span> <span class="token number">401</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">send</span> <span class="token punctuation">(</span> <span class="token punctuation">{</span> accessToken <span class="token punctuation">:</span> <span class="token constant">null</span> <span class="token punctuation">,</span> message <span class="token punctuation">:</span> <span class="token double-quoted-string string">"Invalid Password!"</span> <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token keyword">var</span> token <span class="token operator">=</span> jwt <span class="token punctuation">.</span> <span class="token function">sign</span> <span class="token punctuation">(</span> <span class="token punctuation">{</span> id <span class="token punctuation">:</span> user <span class="token punctuation">.</span> id <span class="token punctuation">}</span> <span class="token punctuation">,</span> config <span class="token punctuation">.</span> secret <span class="token punctuation">,</span> <span class="token punctuation">{</span> expiresIn <span class="token punctuation">:</span> <span class="token number">86400</span> <span class="token comment">// 24 hours</span> <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token keyword">var</span> authorities <span class="token operator">=</span> <span class="token punctuation">[</span> <span class="token punctuation">]</span> <span class="token punctuation">;</span> <span class="token keyword">for</span> <span class="token punctuation">(</span> let i <span class="token operator">=</span> <span class="token number">0</span> <span class="token punctuation">;</span> i <span class="token operator"><</span> user <span class="token punctuation">.</span> roles <span class="token punctuation">.</span> length <span class="token punctuation">;</span> i <span class="token operator">++</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> authorities <span class="token punctuation">.</span> <span class="token function">push</span> <span class="token punctuation">(</span> <span class="token double-quoted-string string">"ROLE_"</span> <span class="token operator">+</span> user <span class="token punctuation">.</span> roles <span class="token punctuation">[</span> i <span class="token punctuation">]</span> <span class="token punctuation">.</span> name <span class="token punctuation">.</span> <span class="token function">toUpperCase</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> res <span class="token punctuation">.</span> <span class="token function">status</span> <span class="token punctuation">(</span> <span class="token number">200</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">send</span> <span class="token punctuation">(</span> <span class="token punctuation">{</span> id <span class="token punctuation">:</span> user <span class="token punctuation">.</span> _id <span class="token punctuation">,</span> username <span class="token punctuation">:</span> user <span class="token punctuation">.</span> username <span class="token punctuation">,</span> email <span class="token punctuation">:</span> user <span class="token punctuation">.</span> email <span class="token punctuation">,</span> roles <span class="token punctuation">:</span> authorities <span class="token punctuation">,</span> accessToken <span class="token punctuation">:</span> token <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">;</span> |
Controller for Authorization We have 4 main APIs for authorization:
- / api / test / all
- / api / test / user
- / api / test / mod
- / api / test / admin
controllers / user.controller.js
1 2 3 4 5 6 7 8 9 10 11 12 13 | exports <span class="token punctuation">.</span> allAccess <span class="token operator">=</span> <span class="token punctuation">(</span> req <span class="token punctuation">,</span> res <span class="token punctuation">)</span> <span class="token operator">=</span> <span class="token operator">></span> <span class="token punctuation">{</span> res <span class="token punctuation">.</span> <span class="token function">status</span> <span class="token punctuation">(</span> <span class="token number">200</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">send</span> <span class="token punctuation">(</span> <span class="token double-quoted-string string">"Public Content."</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">;</span> exports <span class="token punctuation">.</span> userBoard <span class="token operator">=</span> <span class="token punctuation">(</span> req <span class="token punctuation">,</span> res <span class="token punctuation">)</span> <span class="token operator">=</span> <span class="token operator">></span> <span class="token punctuation">{</span> res <span class="token punctuation">.</span> <span class="token function">status</span> <span class="token punctuation">(</span> <span class="token number">200</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">send</span> <span class="token punctuation">(</span> <span class="token double-quoted-string string">"User Content."</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">;</span> exports <span class="token punctuation">.</span> adminBoard <span class="token operator">=</span> <span class="token punctuation">(</span> req <span class="token punctuation">,</span> res <span class="token punctuation">)</span> <span class="token operator">=</span> <span class="token operator">></span> <span class="token punctuation">{</span> res <span class="token punctuation">.</span> <span class="token function">status</span> <span class="token punctuation">(</span> <span class="token number">200</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">send</span> <span class="token punctuation">(</span> <span class="token double-quoted-string string">"Admin Content."</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">;</span> exports <span class="token punctuation">.</span> moderatorBoard <span class="token operator">=</span> <span class="token punctuation">(</span> req <span class="token punctuation">,</span> res <span class="token punctuation">)</span> <span class="token operator">=</span> <span class="token operator">></span> <span class="token punctuation">{</span> res <span class="token punctuation">.</span> <span class="token function">status</span> <span class="token punctuation">(</span> <span class="token number">200</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">send</span> <span class="token punctuation">(</span> <span class="token double-quoted-string string">"Moderator Content."</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">;</span> |
In the next section, we will associate these controllers with middleware. If everyone feels tired, then rest, make a cup of coffee to get strength to continue.
XVI. Routes definition
When a client sends a request to a web server using HTTP (GET, POST, PUT, DELETE), we need to define and determine how the server receives and responds. This is exactly the use of routes.
We divide the routes into two groups: Authentication and Authorization
Authentication:
- POST / api / auth / signup
- POST / api / auth / signin
- routes / auth.routes.js
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 | <span class="token keyword">const</span> <span class="token punctuation">{</span> verifySignUp <span class="token punctuation">}</span> <span class="token operator">=</span> <span class="token keyword">require</span> <span class="token punctuation">(</span> <span class="token double-quoted-string string">"../middlewares"</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token keyword">const</span> controller <span class="token operator">=</span> <span class="token keyword">require</span> <span class="token punctuation">(</span> <span class="token double-quoted-string string">"../controllers/auth.controller"</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> module <span class="token punctuation">.</span> exports <span class="token operator">=</span> <span class="token keyword">function</span> <span class="token punctuation">(</span> app <span class="token punctuation">)</span> <span class="token punctuation">{</span> app <span class="token punctuation">.</span> <span class="token keyword">use</span> <span class="token punctuation">(</span> <span class="token keyword">function</span> <span class="token punctuation">(</span> req <span class="token punctuation">,</span> res <span class="token punctuation">,</span> next <span class="token punctuation">)</span> <span class="token punctuation">{</span> res <span class="token punctuation">.</span> <span class="token function">header</span> <span class="token punctuation">(</span> <span class="token double-quoted-string string">"Access-Control-Allow-Headers"</span> <span class="token punctuation">,</span> <span class="token double-quoted-string string">"x-access-token, Origin, Content-Type, Accept"</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token function">next</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> app <span class="token punctuation">.</span> <span class="token function">post</span> <span class="token punctuation">(</span> <span class="token double-quoted-string string">"/api/auth/signup"</span> <span class="token punctuation">,</span> <span class="token punctuation">[</span> verifySignUp <span class="token punctuation">.</span> checkDuplicateUsernameOrEmail <span class="token punctuation">,</span> verifySignUp <span class="token punctuation">.</span> checkRolesExisted <span class="token punctuation">]</span> <span class="token punctuation">,</span> controller <span class="token punctuation">.</span> signup <span class="token punctuation">)</span> <span class="token punctuation">;</span> app <span class="token punctuation">.</span> <span class="token function">post</span> <span class="token punctuation">(</span> <span class="token double-quoted-string string">"/api/auth/signin"</span> <span class="token punctuation">,</span> controller <span class="token punctuation">.</span> signin <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">;</span> |
Don’t forget to add routes in the server.js file
1 2 3 4 5 6 7 | <span class="token punctuation">.</span> <span class="token punctuation">.</span> <span class="token punctuation">.</span> <span class="token comment">// routes</span> <span class="token keyword">require</span> <span class="token punctuation">(</span> <span class="token single-quoted-string string">'./app/routes/auth.routes'</span> <span class="token punctuation">)</span> <span class="token punctuation">(</span> app <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token keyword">require</span> <span class="token punctuation">(</span> <span class="token single-quoted-string string">'./app/routes/user.routes'</span> <span class="token punctuation">)</span> <span class="token punctuation">(</span> app <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token comment">// set port, listen for requests</span> <span class="token punctuation">.</span> <span class="token punctuation">.</span> <span class="token punctuation">.</span> |
So we have completed the Node.js project with Authentication. You can download the full source code in the article here:
In the next part, we will proceed to run and test the program.
XVII. Run & Test program
To run the program, simply type the command: npm start
After the program runs, they are automatically created and added 3 necessary roles to the DB. Use Robo3T to view data in MongoDB.
There are many applications to test REST API, I often use Postman. Let’s test out the new registration API: POST / api / auth / signup. Other APIs, please try it yourself.
XVIII. In conclusion
This article is the end, we have discovered and done building Node.js application for Authentication and Authorization using JWT (JSONWebToken).
I hope this article will be useful to you. If you have any questions, feel free to leave a comment below.
? Reference sources: