Node Guide

Menu
Menu

Adding User Authentication to the Web Application

With the CMS set up next we'll add user authenticatio. The goal is to password protect the CMS and allow only authenticated users to access its CRUDing functionality.

Create the User Model

First, let's create a user model that represents the user document in MongoDB. We'll be using Mongoose for this purpose.

Create a new file called src/models/User.ts and add the following code:

src/models/User.ts

In the above code, we define the IUser interface that represents the structure of a user document. It includes the following fields:

The userSchema variable defines the schema using the Mongoose Schema class. We provide the IUser interface as a type parameter to ensure that the schema adheres to its structure.

Review the Field Settings

Let's dive deeper into the field settings used in the user schema:

By setting these field options, we ensure that the email field is required, unique, and follows a valid email format. Similarly, the password field is required.

Setting up the controller and the createUser method

As we did with the CMS we'll create a separate controller file to help manage our application. Create a typescript file of src/conntroller/logincontroller.ts. This file will contain methods to register and login the user.

Add the following code to the controller:

src/conntroller/logincontroller.ts

In the above code, we define a createUser function that handles the user registration process. Here's a breakdown of the steps involved:

Hashing with bcrypt

In the createUser method, we utilize the bcrypt library to hash the user's password before storing it in the database. Hashing passwords adds an extra layer of security by ensuring that the original password cannot be easily retrieved even if the database is compromised.

Note: You will need to install bcrypt npm.

npm install bcrypt

Here's how the password hashing process works:

By using bcrypt, we can securely store user passwords in the database.

Setting up the Register/login Routes

Like with the controllers let's keep the routes separate. Setup the login routes with a file of src/routes/loginroutes.ts.

src/routes/loginroutes.ts

In the above code, we define the login routes using the Express Router.

Explaining the Route Setup

The route setup allows us to handle different HTTP requests for specific routes. Let's understand each part of the code:

By separating routes into their own file, we ensure better organization and maintainability in our application.

Registering the Login Routes in the Main Application File

To use the login routes, we need to register them in the entry index.ts application file.

Import the loginroutes.ts file by adding the following code:

SNIPPET: src/index.ts

By using app.use(), we instruct Express to use the loginRoutes for requests starting with the root path '/'. This ensures that the routes defined in loginroutes.ts are accessible in your application.

Building the Register View

Create a EJS view to allow user's to register at src/views/register.ejs.

src/views/register.ejs

You should now be able to register a using by visiting localhost:3000/register

Create a user and check the MongoDb collection to see if a user has been created successfully.

User in MongoDb Atlas

Note: The password is encrypted via Bcrypt. This one way encryption meaning that even with database access we cannot know the password set by the user, although we can check it against values tried at login.

Now we have a user register, we'll build the login next.

Next: User Login