Treehouse
Free Trial Available
English
2-3 hours worth of material
selfpaced
Overview
Learn how to implement a custom user authentication system that controls users access to web resources using Node.js using Express and MongoDB. The system lets users sign up, log in, and log out, limiting access to password-protected resources. Express is a popular web framework for creating MVC applications and RESTful APIs in Node.js. Express lets developers define routes and middleware for submitting and retrieving data in our database. We will leverage the document based NoSQL database, MongoDB, to store our user data by creating a user model with mongoose. Mongoose is an open source Node package for defining data models for an application and connecting to MongoDB.
What you'll learn
- What is Authentication?
- User Registration
- Pug (formerly Jade) templating engine
- Sessions
- Cookies
- Express Middleware
Syllabus
What is Authentication?
In this stage we will start by showing the finished project in action then walk through the source code of the starter project. Before diving into the code we will first go over what authentication is and why it is important. We will demystify the authentication process and you will gain an understanding of what is going on behind the scenes when you log into a website. After that we will jump into the code of our project and start working with models and routes.
Chevron 6 stepsWhat is User Authentication?
2:14
Authentication and Authorization
3:11
Review: Authentication and Authorization
5 questions
Preview the Project
2:02
Setting Up the Project
4:53
Review: Node, Express and npm
6 questions
User Registration
Let’s continue to develop our project by adding routes and views to our Express application. We will use the default templating engine, Jade, to create a registration form. You will also learn how to tie our application into MongoDB using Mongoose, what hashing and salting are, and how they fit into an authentication process. Finally, we will improve our user model with methods and validation while using the Node bcrypt module.
Chevron 11 stepsDefine User Registration Routes
3:52
Using Nodemon While Developing an Express App
3:20
Creating a Registration Form With Pug (Jade)
7:18
Review: Routes, Nodemon and Pug
5 questions
Setting Up Mongoose and a Mongo Database
4:34
Defining a Mongo Schema with Mongoose
4:44
Adding Data to the Database
9:46
Review: Mongo, Mongoose and Schemas
5 questions
Hashing and Salting
2:53
Storing Passwords Securely
5:54
Review: Passwords, Hashing and Salting
5 questions
Sessions and Cookies
Now that we have the logic in place to create and authenticate users, how do we know if the user is logged in? Well, that is where sessions come in. A way of identifying a user will be stored in the session. We will know who the user is as they navigate through the website. Cookies can be used to store this information, and that is what we will show you how to use in this stage.
Chevron 9 stepsAdding User Login
1:16
Tracking Visits With Sessions and Cookies
2:22
Working with Sessions in Express
3:28
Review: Sessions, Cookies and Express
5 questions
Adding Log In Routes
1:39
Creating a Login Form With Pug (Jade)
2:48
Authenticating the Username and Password
7:28
Creating the Profile Route and Page
3:53
Review: Login Routes
5 questions
Improving the App with Custom Middleware
We are almost done with our authentication system! Now that users can register and login and you have sessions to identify the user we need to think about security. Right now anyone that can access the site can navigate to any of the routes whether they are logged in or not. With middleware we can make sure that doesn’t happen.
Chevron 9 stepsUsing Session Variables to Customize Content
6:33
Adding a Log Out Route
2:00
Review: Custom Content
3 questions
Understanding Express Middleware
3:31
Writing Custom Middleware
5:48
Writing More Middleware
3:27
Using MongoDB as a Session Store
4:48
Next Steps
3:42
Review: User Authentication With Express and Mongo
5 questions
Taught by
Jonathan Foster
