Topic: “Implementing Authentication with JWT”
Description: How to implement authentication and authorization using JSON Web Tokens (JWT).
Content:
1. Introduction to JWT
What is JWT: Explain JSON Web Tokens and their structure.
Why JWT: Discuss the benefits of using JWT for authentication.
2. Setting Up JWT
Install Dependencies:
npm install jsonwebtoken bcryptjs
Configure JWT:
const jwt = require(‘jsonwebtoken’);
const bcrypt = require(‘bcryptjs’);
“`
3. User Model and Registration
Define User Schema:
const userSchema = new mongoose.Schema({
username: { type: String, required: true, unique: true },
password: { type: String, required: true }
});
userSchema.pre(‘save‘, async function(next) {
if (this.isModified(‘password‘)) {
this.password = await bcrypt.hash(this.password, 10);
}
next();
});
const User = mongoose.model(‘User‘, userSchema);
User Registration Endpoint:
app.post(‘/register‘, async (req, res) => {
const user = new User(req.body);
try {
await user.save();
res.status(201).json(user);
} catch (err) {
res.status(400).json({ error: err.message });
}
});
4. User Login and Token Generation
Login Endpoint:
app.post(‘/login‘, async (req, res) => {
const { username, password } = req.body;
try {
const user = await User.findOne({ username });
if (user && await bcrypt.compare(password, user.password)) {
const token = jwt.sign({ id: user._id, username: user.username }, secret, { expiresIn: ‘1h‘ });
res.json({ token });
} else {
res.status(401).send(‘Invalid credentials‘);
}
} catch (err) {
res.status(500).json({ error: err.message });
}
});
5. Protecting Routes with Middleware
Authentication Middleware:
const authMiddleware = (req, res, next) => {
const token = req.header(‘Authorization‘).replace(‘Bearer ‘, ”);
if (!token) {
return res.status(401).send(‘Access denied‘);
}
try {
const decoded = jwt.verify(token, secret);
req.user = decoded;
next();
} catch (err) {
res.status(400).send(‘Invalid token‘);
}
};
Protecting an Endpoint:
app.get(‘/profile‘, authMiddleware, async (req, res) => {
try {
const user = await User.findById(req.user.id);
res.json(user);
} catch (err) {
res.status(500).json({ error: err.message });
}
});
6. Testing Authentication
Using Postman: Demonstrate how to register a user, log in to receive a JWT, and use the JWT to access protected routes.
Example Workflow:
Register a new user at /register.
Log in with the new user at /login to get a token.
Access the protected /profile route using the token in the Authorization header.
This detailed breakdown for weeks 7 to 10 includes explanations and hands-on code examples to provide a comprehensive learning experience.
