DEV Community

Cover image for JWT authentication in Expresswebjs
Chukwuemeka Igbokwe
Chukwuemeka Igbokwe

Posted on

JWT authentication in Expresswebjs

With the rising popularity of single page applications, mobile applications, and RESTful API services, the way web developers write back-end code has changed significantly. We now use expresswebjs to build APIs that our front-end applications consume. ExpressWebJs strives to give you the tools you need to implement authentication quickly, securely, and easily. Since ExpressWebJs does not support session state, incoming requests that you wish to authenticate will be authenticated via a stateless mechanism such as API tokens.

In this article, we will look at using JWT to secure our ExpressWebJs APIs.

What is a JSON Web Token?

JSON Web Token (JWT) is an open standard that allows two parties to securely send data and information as JSON objects. This information can be verified and trusted because it is digitally signed.

JWT authentication has aided the wider adoption of stateless API services. It makes it convenient to authorise and verify clients accessing API resources. It is a critical part of the authentication system in javascript powered applications.

Getting Started

The first thing we are going to do is create a new expresswebjs application.To start your new project, you can open your terminal or CLI and type npx expresswebcli new command, followed by your project name. Example:

  npx expresswebcli new jwtApp
Enter fullscreen mode Exit fullscreen mode

Once that is done, cd into your project like so cd jwtApp and run npm install to install your packages.

When that is done, you can now create your .env file:

   cp example.env .env
Enter fullscreen mode Exit fullscreen mode

In our .env we can now configure our database. ExpressWebJs supports SQL and NOSQL database. In this tutorial, we will be using Mysql which is an SQL database.

APP_KEY=base64:Mk9TtGvMu3Kfp9wdahuownbdgsI3VTx2MXTQjN/6CFBadI=
APP_NAME=ExpressWebJs
APP_ENV=local
APP_HOST=127.0.0.1
APP_PORT=5000
APP_TRANSFER_PROTOCOL=http

DB_SHOULD_CONNECT=true
DB_CONNECTION=mysql
DB_HOST=localhost
DB_PORT=3306
DB_USER=
DB_PASSWORD=
DB_DATABASE=network-provider
DB_USENEWURLPARSER=true
DB_USEUNIFIEDTOPOLOGY=true
DB_USECREATEINDEX=true
Enter fullscreen mode Exit fullscreen mode

Note: Don't forget to set your APP_KEY.

run npm run dev to start your app

To generate our authentication files, we will now run auth Maker command to setup our auth routes

  node maker make-auth
Enter fullscreen mode Exit fullscreen mode

Our auth routes will be generated in Routes/authRoute/index.js file.

"use strict";
const Route = require("@routerManager");

/*
|-------------------------------------------------------------
| Authentication Route File   
|-------------------------------------------------------------
|
| This route handles both login and registration.
| 
*/

Route.post("/register", "Auth/RegisterController@register");

Route.post("/login", "Auth/LoginController@login");

module.exports = Route.exec;
Enter fullscreen mode Exit fullscreen mode

Next, uncomment the auth middleware inside the App/Http/kernel.js file routeMiddleware section:

  /*
  |-----------------------------------------------------------
  | Route Middleware
  |-----------------------------------------------------------
  |
  | Route middleware is a key/value object to conditionally 
  | add middleware on
  | specific routes or assigned to group of routes.
  |
  */
  routeMiddleware: {
    auth: "App/Http/Middleware/Auth",
  },
Enter fullscreen mode Exit fullscreen mode

At this point we need to setup and run our migration schema for our user model. Head over to Database/Migrations/20201209124747_user.js file.

/**
 * Migration layout file.
 * Assign your table name to the tableName variable.
 * Remember, it's always in plural
 */
let tableName = "users";
exports.up = function (knex) {
  return knex.schema.createTable(tableName, (table) => {
    table.increments("id");
    table.string("username").notNullable();
    table.string("email").unique().notNullable();
    table.string("password", 255).notNullable();
    table.timestamps(true, true);
  });
};

exports.down = function (knex) {
  return knex.schema.dropTable(tableName);
};
Enter fullscreen mode Exit fullscreen mode

we can now run our migration with the following command:

   node maker run-sql-migration
Enter fullscreen mode Exit fullscreen mode

To view our authentication config, head over to App/Config/auth.js file.

  module.exports = {
  /*
  |-----------------------------------------------------------
  | Authenticator
  |-----------------------------------------------------------
  |
  | ExpressWebJs does not support session state, incoming 
  | requests that 
  | you wish to authenticate must be authenticated via a 
  | stateless mechanism such as API tokens.
  |
  */
  authenticator: "jwt",

  /*
  |-----------------------------------------------------------
  | Jwt
  |-----------------------------------------------------------
  |
  | The jwt authenticator works by passing a jwt token on each 
  | HTTP request
  | via HTTP `Authorization` header.
  |
  */
  jwt: {
    model: "User_model",
    driver: "jwt",
    uid: "email",
    password: "password",
    secret: process.env.APP_KEY,
    options: {
      expiresIn: 86400, //default is 86400 (24 hrs)
    },
  },
};
Enter fullscreen mode Exit fullscreen mode

To read more about authentication config, visit ExpressWebJs Authentication.

Route Authentication

We can now authenticate our routes like so:

  Route.get('/user', 'UserController@index',['auth']);
Enter fullscreen mode Exit fullscreen mode

You can also authenticate your route groups like so:

  Route.group('/user',['auth'],()=>{
    Route.get('/', 'UserController@index');
    Route.get('/:id', 'UserController@show');
    Route.post('/save', 'UserController@save');
    Route.patch('/update', 'UserController@update');
    Route.delete('/delete', 'UserController@destroy');
});
Enter fullscreen mode Exit fullscreen mode

READ developing-rest-apis-with-expresswebjs-v2.

In your PostMan, access the register endpoint using a post method 127.0.0.1:5000/api/register and input your username, email and password.

Conclusion

Well done! You have learned how to secure your API routes with ExpressWebjs. Need to use ExpressWebjs to build your API or micro-service? I'd bet on ExpressWebjs as the tool of choice for speed and ease of use.

I will be discussing on ExpressWebjs Data Validation in my next article.
You can follow me on twitter @EmekaIgbokwe
You can follow ExpressWebJs on twitter @expresswebjs
and don't forget to star on github ExpressWebJs

Please, let me know if you have any questions in the comment section. 😊

Top comments (0)