Auth in Practice
Objectives
- Understand different Node packages separately
- Incorporate multiple packages into a working authentication setup
- Use flash messages for one-time user notifications
Note
This codealong relies heavily on an app that's been scaffolded with signup and login routes. Once we're done, you should have a starting point for your project. Due to this, we won't be forking the repo, but instead cloning the repo and performing the following:
- Removing the
.git
folder - Reinitializing your git repo by running
git init
and adding your project's remote to the repo - Renaming the databases from
express_auth
toyourprojectname
- Renaming the
package.json
file to include your project name - Changing the
README.md
to reflect your project
Repo Link: https://github.com/wdi-sg/express-authentication-mongoose
Getting Started
We have provided a starting scaffold with the following routes.
GET /
- home pageGET /profile
- a page we should show only to logged in users (but is currently visible)GET /auth/login
- a login formGET /auth/signup
- a user signup form
Dependencies such as express, ejs, and mongoose are included in this app. Follow the instructions provided in order to setup the application.
Test-Driven Development
This project is also setup with tests for the authentication functionality we'll be implementing. We'll go one step at a time and make all the tests pass.
- Run
npm test
to run all tests - Run
NODE_ENV=test node_modules/mocha/bin/mocha tests/fileName.js
to run a specific file
Laundry List
- Create a user model to store the user's name, email, and password, complete with validations
- Create functions to hash the user's password, validate the password, and protect the password
- Add functionality to have users sign up for an account
- Check if e-mail already registered
- Creates new user if not registered
- Redirects back to the signup page if errors occur
- Check if e-mail already registered
- Set up sessions middleware, so we can remember that users are logged in
- Add functionality to have users log in
- Setup Passport configuration
- Retrieving and saving users
- Verifying if a user's email and password are correct
- Setup Passport configuration
- Add functionality to have users log out
- Create middleware for protecting pages
- Add flash messages as Bootstrap alerts