Adding Authentication (Level 1-2) to your Node.js Web App using Javascript

We will learn how to add authentication ( level 1 – 2) to the Javascript web app through this tutorial. In many projects, programmers have to provide an authentication feature so that users’ info remains specific to that user only. No one else can use that data without the user’s password and username.

If you don’t know how to –

  1. Register users with username and password (Level 1),
  2. Implement database encryption (Level 2).

Then this tutorial is for you.

1. Registering users with username and password (Level 1 Auth) – Node.js

This includes just the verification of the user’s password and username with input values. If that matches, then only the user signs in.

Following is the implementation of level 1 authentication:

Add these lines to your completed web app project-

const userSchema = { 
    email: String, 
    password: String 
}; 
const User = new mongoose.model("user", userSchema); //in the web app register page post route add the following code

app.post("/register", function(req, res){ //here user registers when visiting page for the first time. 
    const newUser = new User({ 
        email: req.body.username, 
        password: req.body.password }); 
        newUser.save(function(err){ // user details gets saved to database 
            if(err){ console.log(err); 
            } else { 
                res.render("intropage"); //the page which will appear after successful registration of user 
            } 
        }); 
    }); // now here we verify if the user registration is succesful by logging in the user details in login page route 
   
 app.post("/login", function(req, res){ 
        const username = req.body.username; 
        const password = req.body.password; 
        User.findOne({email: username}, function(err, foundUser){ 
            if(err){ 
                console.log(err); } 
                else{ if(foundUser){ 
                    if(foundUser.password===password){ 
                        res.render("intropage"); //the page user would see after succesful login 
                    } 
                } } 
            }); 
        });

 

The cons of using level 1 authentication are that any hacker or anyone can easily get to your web app account by looking into your web app server database.

So to improve on the above cons, just by small level, we use level 2 authentication- database encryption.

2. Implementing database encryption (Level 2 Auth)- Node.js

In this authentication method, scrambling of password characters is done internally in code, which follows some predefined pattern. We’ll be using a key in addition to our password to encrypt.

Adding Authentication (Level 1-2) to your Node.js Web App using Javascript

npm package used for this is “mongoose-encryption.”

Add the following line to the beginning of your app.js file.

const encrypt = require("mongoose-encryption");

Then level 2 authentication can be achieved by adding some lines in the above level 1 code.

const userSchema = { 
    email: String, 
    password: String 
}; 

const secret = "this is my secret"; //this key can be anything and it is highly recommendable to put this key in .env file.
userSchema.plugin(encrypt, {secret: secret, encryptedFields: ["password"]}); //you can add more than one encrypted
     
                                                                            //field also by specifying that 
                                                                            // value in array

const User = new mongoose.model("user", userSchema); //in the web app register page post route add the following code

app.post("/register", function(req, res){ //here user registers when visiting page for the first time. 
    const newUser = new User({ 
        email: req.body.username, 
        password: req.body.password }); 
        newUser.save(function(err){ // user details gets saved to database 
            if(err){ console.log(err); 
            } else { 
                res.render("intropage"); //the page which will appear after successful registration of user 
            } 
        }); 
    }); // now here we verify if the user registration is succesful by logging in the user details in login page route 
   
    app.post("/login", function(req, res){ 
        const username = req.body.username; 
        const password = req.body.password; 
        User.findOne({email: username}, function(err, foundUser){ 
            if(err){ 
                console.log(err); } 
                else{ if(foundUser){ 
                    if(foundUser.password===password){ 
                        res.render("intropage"); //the page user would see after succesful login 
                    } 
                } } 
            }); 
        });

Leave a Reply

Your email address will not be published.