How to implement user authentication with JSON Web Tokens JWT in an Express.js application
Implementing user authentication with JSON Web Tokens (JWT) in an Express.js application involves several steps. Below is a step-by-step guide to help you set up user authentication using JWT in an Express.js application:
Setup your Express.js application: Make sure you have Node.js installed. Create a new project and install the necessary packages:
bashmkdir express-jwt-auth cd express-jwt-auth npm init -y npm install express mongoose body-parser jsonwebtoken bcryptCreate a MongoDB database: Set up a MongoDB database to store user information. You can use a cloud-based service like MongoDB Atlas or run a local instance of MongoDB.
Create a user model: Create a
models/user.jsfile to define the user schema and model using Mongoose:javascriptconst mongoose = require('mongoose'); const userSchema = new mongoose.Schema({ username: { type: String, unique: true, required: true }, password: { type: String, required: true }, }); const User = mongoose.model('User', userSchema); module.exports = User;Set up Express.js server: Create an
app.jsfile to set up your Express.js server:javascriptconst express = require('express'); const mongoose = require('mongoose'); const bodyParser = require('body-parser'); const jwt = require('jsonwebtoken'); const bcrypt = require('bcrypt'); const User = require('./models/user'); const app = express(); const PORT = 3000; // Connect to MongoDB mongoose.connect('mongodb://localhost:27017/your_database_name', { useNewUrlParser: true, useUnifiedTopology: true, }); // Middleware app.use(bodyParser.json()); // Routes app.post('/register', async (req, res) => { try { const { username, password } = req.body; // Hash the password const hashedPassword = await bcrypt.hash(password, 10); // Create a new user const user = new User({ username, password: hashedPassword, }); // Save the user to the database await user.save(); res.status(201).json({ message: 'User registered successfully' }); } catch (error) { res.status(500).json({ error: 'Internal Server Error' }); } }); // Login route app.post('/login', async (req, res) => { try { const { username, password } = req.body; // Find the user by username const user = await User.findOne({ username }); // Check if the user exists and the password is correct if (user && (await bcrypt.compare(password, user.password))) { // Generate a JWT token const token = jwt.sign({ userId: user._id }, 'your_secret_key', { expiresIn: '1h' }); res.status(200).json({ token }); } else { res.status(401).json({ error: 'Invalid credentials' }); } } catch (error) { res.status(500).json({ error: 'Internal Server Error' }); } }); // Protected route app.get('/profile', (req, res) => { // Verify the JWT token const token = req.headers.authorization.split(' ')[1]; jwt.verify(token, 'your_secret_key', (err, decodedToken) => { if (err) { return res.status(401).json({ error: 'Unauthorized' }); } // Fetch user details from the database using decodedToken.userId // Send user profile information in the response res.status(200).json({ userId: decodedToken.userId, username: 'sample_username' }); }); }); // Start the server app.listen(PORT, () => { console.log(`Server is running on http://localhost:${PORT}`); });Replace
'your_secret_key'with a strong and secret key for signing JWT tokens.Testing: Use tools like Postman or curl to test your authentication routes. Register a user using the
/registerroute and then log in using the/loginroute. The login route will return a JWT token, which you can use to access the protected route/profile. Include the token in the Authorization header as a Bearer token.
Remember to handle errors appropriately and consider using environment variables for sensitive information like database connection strings and secret keys. This example provides a basic structure for implementing JWT authentication in an Express.js application. You can further customize it based on your application requirements.
-
Popular Post
- How to optimize for Google's About This Result feature for local businesses
- How to implement multi-language support in an Express.js application
- How to handle and optimize for changes in mobile search behavior
- How to handle CORS in a Node.js application
- How to use Vue.js with a UI framework (e.g., Vuetify, Element UI)
- How to configure Laravel Telescope for monitoring and profiling API requests
- How to create a command-line tool using the Commander.js library in Node.js
- How to implement code splitting in a React.js application
- How to use the AWS SDK for Node.js to interact with various AWS services
- How to use the Node.js Stream API for efficient data processing
- How to implement a cookie parser middleware in Node.js
- How to implement WebSockets for real-time communication in React
-
Latest Post
- How to implement a dynamic form with dynamic field styling based on user input in Next.js
- How to create a custom hook for handling user interactions with the browser's device motion in Next.js
- How to create a custom hook for handling user interactions with the browser's battery status in Next.js
- How to implement a dynamic form with dynamic field visibility based on user input in Next.js
- How to implement a dynamic form with real-time collaboration features in Next.js
- How to create a custom hook for handling user interactions with the browser's media devices in Next.js
- How to use the useSWRInfinite hook for paginating data with a custom loading indicator in Next.js
- How to create a custom hook for handling user interactions with the browser's network status in Next.js
- How to create a custom hook for handling user interactions with the browser's location in Next.js
- How to implement a dynamic form with multi-language support in Next.js
- How to create a custom hook for handling user interactions with the browser's ambient light sensor in Next.js
- How to use the useHover hook for creating interactive image zoom effects in Next.js