DEV Community

Cover image for Building Secure User Registration and Authentication in Node.js
Aneeqa Khan
Aneeqa Khan

Posted on • Edited on

Building Secure User Registration and Authentication in Node.js

Table of Contents

For this series, I'm following an excellent video tutorial from Traversy Media

Introduction

To get started with user registration and authentication, we'll begin by installing the necessary dependencies. Specifically, we'll use the bcryptjs library to securely store user passwords as hashes, and the jsonwebtoken library to generate JSON Web Tokens (JWT) for user authentication.

Install Dependencies

Firstly, let's install the required libraries:



npm i bcryptjs
npm i jsonwebtoken


Enter fullscreen mode Exit fullscreen mode

Generate JWT Token

In this step, we are creating a function to generate a JWT token to use later. Write this function in userController.js file.



const jwt = require("jsonwebtoken");
const bcrypt = require("bcryptjs");
const asyncHandler = require("express-async-handler");
const User = require("../models/userModel");

// Generate JWT
const generateToken = (id) => {
  return jwt.sign({ id }, process.env.JWT_SECRET, { expiresIn: "30d" });
};


Enter fullscreen mode Exit fullscreen mode

Don't forget to initialize the JWT_SECRET variable in your .env file. You can choose any suitable value for it.

Register User

Now, we'll write down the logic for registering a user in userController.js file.



const registerUser = asyncHandler(async (req, res) => {
  const { name, email, password } = req.body;

  if (!name || !email || !password) {
    res.status(400);
    throw new Error("Please add all fields");
  }

  // check if user exists
  const userExists = await User.findOne({ email });
  if (userExists) {
    res.status(400);
    throw new Error("User already exists");
  }

  // create hash password
  const salt = await bcrypt.genSalt(10);
  const hashedPassword = await bcrypt.hash(password, salt);

  // create user
  const user = await User.create({
    name,
    email,
    password: hashedPassword,
  });

  if (user) {
    res.status(201).json({
      _id: user.id,
      name: user.name,
      email: user.email,
      token: generateToken(user._id),
    });
  } else {
    res.status(400);
    throw new Error("Invalid user data");
  }
});


Enter fullscreen mode Exit fullscreen mode

Let's test the registration process using Postman and ensure everything works as expected.

register user postman

And it'll show an error if you try to add the same user again.

register user error

Authenticate User

To enable authentication for a registered user, we will implement a 'Login User' function within the userController file, which will involve verifying the user's identity by comparing their provided email and password.



const loginUser = asyncHandler(async (req, res) => {
  const { email, password } = req.body;

  if (!email || !password) {
    res.status(400);
    throw new Error("Please add all fields");
  }

  // Check for user email
  const user = await User.findOne({ email });

  if (user && (await bcrypt.compare(password, user.password))) {
    res.json({
      _id: user.id,
      name: user.name,
      email: user.email,
      token: generateToken(user._id),
    });
  } else {
    res.status(400);
    throw new Error("Invalid credentials");
  }
});


Enter fullscreen mode Exit fullscreen mode

Let's test the login process with correct and incorrect credentials.

login postman

login error postman

In the next article, we'll work on Authentication Middleware and also create a new API to get logged-in user data.

Connect with me

Top comments (8)

Collapse
 
nazimboudeffa profile image
Nazim Boudeffa

Thank you for sharing this is what I am goign to use for my project
Do you know how to add a middleware to routes ?

Collapse
 
aneeqakhan profile image
Aneeqa Khan

I'm glad that it is helpful for you.
I am going to write about middleware in my next blog but you can also check this video.

Collapse
 
nazimboudeffa profile image
Nazim Boudeffa • Edited

Thank you very much for the video link it was helpful because I was stuck on how to use the token
I know Traversy Media from Packt Publishing site, Brad is a very good tutor
So I have been able to finish a first version of a project API
You can find it on my GitHub
I am thinking about writing a tutorial on how I am coding it, it was inspired by Medusajs early versions

Thread Thread
 
aneeqakhan profile image
Aneeqa Khan

Certainly, it's a great idea to explore that topic in writing.

Collapse
 
hasanelsherbiny profile image
Hasan Elsherbiny

good job 👏👏

Collapse
 
teaganga profile image
teaganga

Nice series of tutorial. I'm adding this here as an intro, about how to secure APIs in node, using Basic Authentication, API Keys and JWT tokens. JWT tokens are definitely the best, especially for jam-stack apps.

Collapse
 
samir419 profile image
Samir

What database do you use

Collapse
 
aneeqakhan profile image
Aneeqa Khan

For this series, I used MongoDB.