Welcome to our lesson on User Authentication! Today, we'll learn how to add user authentication to our To-Do List application using Express.js
and MongoDB
. This is important because it ensures that only registered users can access their personalized task lists, making our app more secure and user-friendly.
In this lesson, you'll learn:
- What user authentication is and why it's important.
- How to create a user model in
MongoDB
. - How to handle user registration and login using
Express.js
. - How to hash passwords to enhance security.
Now that we know what we're about to learn, let's understand user authentication in more detail.
User authentication is the process of verifying the identity of a user when they access an application. It's like checking someone's ID before allowing them to enter a building.
Imagine your To-Do List app is like a personal diary. You want to make sure that only you can see and add tasks to it. That's where user authentication comes in — it makes sure that only registered users with the correct credentials can access their data.
First, let's set up our environment to handle user authentication. We need to:
- Install necessary libraries (
Express.js
,MongoDB
,bcrypt
). - Connect to the
MongoDB
database. - Set up an
Express.js
server.
Ensure you have Node.js
and MongoDB
installed on your machine.
To install the necessary libraries, run the following commands:
Here's the code to set up the environment:
Potential error: If there is an issue with the database connection, an error message will be logged.
Next, we’ll create a User
model in MongoDB
. This model will define the structure of our user data.
Here, we define a userSchema
with username
and password
fields. Both fields are required, and username
must be unique. This ensures that each user has a unique identifier and a secure password.
Now, let's add functionality to register new users. We’ll create an endpoint /register
that will handle new user registrations. To keep our passwords secure, we'll hash them using bcrypt
before saving them to the database.
Hashing is a process of converting a password into a fixed-length string of characters, which is typically a hash code. It’s important because it enhances security by not storing passwords in plaintext. Hashing functions like bcrypt.hash(password, saltRounds)
take two arguments: the plain-text password and a number of salt rounds (cost factor). For example, bcrypt.hash('mypassword', 10)
hashes the password 'mypassword'
with 10 salt rounds, producing a secure hashed output that cannot be easily reversed.
For instance, the password 'mypassword'
might be hashed to something like $2b$10$CwTycUXWue0Thq9StjUM0uJ8wz6v5FUV5gvTr6GMoXw8s0/Ov9Vi.
.
It's crucial to protect passwords and avoid saving them in non-hashed form because plaintext passwords can be easily stolen and misused in case of a data breach.
We use async
/await
to handle asynchronous operations like password hashing and saving the user to the database. This helps write cleaner and more readable code.
Here's how to use bcrypt
for hashing:
In this code, we hash the user's password using bcrypt
before storing it in the database. We then create a new User
object and attempt to save it to the database. If it succeeds, we return the registered user; otherwise, we return an error message.
Finally, we’ll add functionality for users to log in. We'll create an endpoint /login
that will check if the provided credentials are correct.
When a user tries to log in, we need to:
- Find the user by their
username
. - Compare the provided password with the stored hashed password.
Here’s the code for the login endpoint:
In this code, we look for the user in our database by their username
. If the user exists, we compare the provided password with the stored hashed password using bcrypt
. If they match, the user is successfully logged in; otherwise, we return an error message.
Please note that the try-catch block is specifically used to handle potential errors that might occur during the database query or password comparison, such as when the database connection is lost or the bcrypt.compare
function fails.
In this lesson, we learned what user authentication is and why it’s important. We set up our environment, created a user model, and added functionality for user registration and login. We also learned about password hashing using bcrypt
to enhance security.
Get ready to dive into the exercises and build your skills!
