Here we will make a CRUD with REST API along with its authentication.Express.js is unopinionated means everyone can have their own way of doing things which is quite different from a strict framework.
If you are using VS code and type Cntrl+` to open the terminal and write
npm init -y
It will create a pacakge.json file for you on the left hand side
At first you need to install express and mongoose.
npm install express &&
npm install mongoose
If you go to
package.json file you can see
In our depencies you have got your express and mongoose installed to check whether a package has been installed go package.json. These are pretty basic stuffs but will help a begiiner a lot.
you will create a file called app.js
These are the thigs you will initially write in app.js file here you will initialize express
go to terminal type
Now we can see that the server is initialized on port 5000. The port can be anything 5000,6000,8000.
But the problem is we need to run it each and every single time when there is any change. As a result we need to install
npm install nodemon Then if we go to our package.json file we will see
noe if we want to use nodemon we can use the scripts in package.json file
Now we can go to your terminal and run npm start
Now you dont need to run node app.js nodemon will restart everytime there is a change
Connection with MongoDB through mongoose
If you dont have MongoDb installed on your system please install it first. Here you creating a new database we will use Robo3t here
if you go to Robo 3t you can see
If you click connect you can see
If you have done everything correctly you will see name of the databse you have created on the left
We can use .env files for that we need to install a new package
If everything is alright we can now we can see it running
This is not mandatory but a good practice
Let us get the router fixed we need to create a new file called router.js you can set all routes inside app.js but its better to have a separate route file now if we create router.js
Now we need 2 parts 1 is the model and other is the controller
In Model part there will be the database and controller part will have the logic
Import Post Model on top
Test in Postman
Make sure in headers Content type is set to application/json
Testing post request
We can clearly see its successfull giving us a status code of 200
//Updating a single post
Testing in postman
The same way we get id like shown with getting id of a single post
//Delete a post
Testing in postman
We will get the individual post and delete
While Updating you most likely will get an warning
For resolving the warning go to app.js
API Authentication,authorization with JWT
Now we will do authentication using email and password only. Remember JWT is used for authorization not authentication
Create a new model in model/User.js
In this case
Here we are including email,password and token.
router.post('/signup',AuthController.signup) we need to import AuthController at the top
We need to install a package called bcyrpt
Signup method in Auth.js
Here is signup we need to use bcrypt to hash the password as we all know passwords cant be stored in plain text
Testing in Postman
As we see the password is hashed and status is ok
In signin route after checking credentials a token needs to be generated.Remember Token is for authorization not authentication. We set the secret key on top the secret key can be set in .env file remember the secret key must be secret.
Testing in Postman
We will use a pacakge named express-jwt for installing
npm install express-jwt.
Creating a middleware
A middleware can be termed as something between a request and response.If we want to protect any route that users who only have token can enter those routers.
Route test with middleware
In router.js on top
Route with isSignedIn
res.send("A protected route")
Here we need to go to header part of the token include Authorization in header.In value of authorization header we need to write Bearer give a space before the token and then copy and paste the token
If you go to jwt and test your jwt you will see you get all your info
. Here header is the type which is JWT the signature is the token and payload is the email and id.So that's all for this blog. Hopefully you will be able to grasp the concepts of Node,Express,Jwt,authentication,authorization here.