How to Implement ACL with Passport using Node.js ?
Last Updated :
24 Jul, 2024
Nodejs is an asynchronous event-driven JavaScript runtime, Node.js is designed to build scalable network applications.
Passportjs: Passport is authentication middleware for Node.js. Extremely flexible and modular, Passport can be unobtrusively dropped in to any Express-based web application. A comprehensive set of strategies support authentication using a username and password, Facebook, Twitter, and more. It is widely used by developers to create secure and scalable web applications.
Steps to create ACL with passport using Node.js:
1: Create a Folder with a project name in any IDE (I'm using VS Code): See the below-mentioned folder structure.
Step 1: Open the terminal and type "npm init". Keep on pressing enter for the default values since this command is used to set up a new npm package. Upon successful installation, it will create a package.json folder.
Step 2: For installing node dependencies, press "npm i express ejs".
Step 3: For installing dev dependencies, press "npm i --save-dev nodemon dotenv". Nodemon allows you to restart your server automatically every time anything changes and dotenv allows us to have environment variables that will store under .env file that we can load into the server.
Step 4: Make file ".env" and ".gitignore" as given in the below directory structure.
Folder Structure.gitignore contains those files that we don't want to commit to our git repository. Here we have stored .env and node_modules since it contains only the dependencies and .env may contain sensitive information we don't want to share with the world.
add these to your .env fileStep 5: The last thing that we need to do is set up package.json so that we can start the server. Edit the script section as follows:
Update the script as follows:Step 6: Now if you press "npm run devStart" in your terminal it will start the server. You should get something like this in your terminal.
No errors in red, all green!2: Set up our basic express application with the below code in server.js.
JavaScript
// STEP 1: Install all the necessary dependencies
// add the dependencies with the help of require
const express = require('express')
const app = express()
// To run our app on port 3000
app.listen(3000)
But if we run our server after writing this piece of code, we will get the below page on localhost:300
Throws this errorIt shows, Cannot GET/ because we haven't set up any routes for our application yet. Let's resolve this in step 3.
3: Add the above-mentioned code in server.js and make a folder named views with index.ejs in it.
Output on localhost:30004: Install another package using "npm i bcrypt": bcrypt will allow us to hash passwords and compare hashed passwords to make sure that our application is completely secured.
server.js
JavaScript
// Requiring all the necessary dependencies
const express = require('express')
const app = express()
const bcrpyt = require('bcrypt')
const users = []
// In order to use ejs set up view-engine
app.set('view-engine', 'ejs')
app.use(express.urlencoded({ extended: false }))
// Setting up home-page route
app.get('/', (req, res) => {
res.render('index.ejs', { name: 'Janhvi' })
})
// Set up login page route
app.get('/login', (req, res) => {
res.render('login.ejs')
})
// Set up register page route
app.get('/register', (req, res) => {
res.render('register.ejs')
})
app.post('/register', async (req, res) => {
// Using try catch block in order to
// resolve errors
try {
// Hashing password with bcrypt
const hashedPassword =
await bcrpyt.hash(req.body.password, 10)
users.push({
id: Date.now().toString(),
name: req.body.name,
email: req.body.email,
password: hashedPassword
})
res.redirect('/login')
} catch {
res.redirect('/register')
}
console.log(users)
})
// To run our app on port 3000
app.listen(3000)
login.ejs
JavaScript
<!-- login page -->
<h1>Login</h1>
<!-- Make a simple login form with name, email
and password fields make a submit button
at end -->
<form action="/login" method="POST">
<div>
<label for="name">Name</label>
<input type="text" id="name"
name="name" required>
</div>
<div>
<label for="email">Email</label>
<input type="email" id="email"
name="email" required>
</div>
<div>
<label for="password">Password</label>
<input type="password"
id="password" name="password" required>
</div>
<button type="submit">Login</button>
</form>
<a href="/register">Register</a>
register.ejs
JavaScript
<!-- Register page -->
<h1>Register</h1>
<!-- Make a simple register form with
name, email and password fields
make a submit button at end -->
<form action="/register" method="POST">
<div>
<label for="name">Name</label>
<input type="text" id="name"
name="name" required>
</div>
<div>
<label for="email">Email</label>
<input type="email" id="email"
name="email" required>
</div>
<div>
<label for="password">Password</label>
<input type="password" id="password"
name="password" required>
</div>
<button type="submit">Register</button>
</form>
<a href="/login">Login</a>
Desired output on, http://localhost:3000/login
from login.ejshttp://localhost:3000/register
from register.ejsUpon giving an input, the console will look like this with a hashed password
terminal5: Install passportjs using "npm i passport passport-local express-session express-flash"
Make a file "passport-config.js" in which you will store all the passport-related information. Now let's have a look at the final version of all the codes with desired logic.
server.js
JavaScript
// The below code is only suitable for
// development not suitable for production
if (process.env.NODE_ENV !== 'production') {
require('dotenv').config()
}
// Requiring all the necessary dependencies
const express = require('express')
const app = express()
const bcrypt = require('bcrypt')
const passport = require('passport')
const flash = require('express-flash')
const session = require('express-session')
const methodOverride = require('method-override')
const initializePassport = require('./passport-config')
initializePassport(
passport,
email => users.find(user => user.email === email),
id => users.find(user => user.id === id)
)
const users = []
// Setting up the view-engine in order
// to use ejs in code further
app.set('view-engine', 'ejs')
app.use(express.urlencoded({ extended: false }))
app.use(flash())
app.use(session({
secret: process.env.SESSION_SECRET,
resave: false,
saveUninitialized: false
}))
app.use(passport.initialize())
app.use(passport.session())
app.use(methodOverride('_method'))
// Setting up route logic for home page
app.get('/', checkAuthenticated, (req, res) => {
res.render('index.ejs', { name: req.user.name })
})
// Setting up route logic for login page
app.get('/login', checkNotAuthenticated, (req, res) => {
res.render('login.ejs')
})
app.post('/login', checkNotAuthenticated,
passport.authenticate('local', {
successRedirect: '/',
failureRedirect: '/login',
failureFlash: true
}))
app.get('/register', checkNotAuthenticated,
(req, res) => {
res.render('register.ejs')
})
// Hashinhg the passwords for each user
// using bcrypt
app.post('/register', checkNotAuthenticated,
async (req, res) => {
try {
const hashedPassword =
await bcrypt.hash(req.body.password, 10)
users.push({
id: Date.now().toString(),
name: req.body.name,
email: req.body.email,
password: hashedPassword
})
res.redirect('/login')
} catch {
res.redirect('/register')
}
})
// To to login page upon pressing the
// logout button
app.delete('/logout', (req, res) => {
req.logOut()
res.redirect('/login')
})
// If user is authenticated redirect to
// next page otherwise redirect to login
// page
function checkAuthenticated(req, res, next) {
if (req.isAuthenticated()) {
return next()
}
res.redirect('/login')
}
function checkNotAuthenticated(req, res, next) {
if (req.isAuthenticated()) {
return res.redirect('/')
}
next()
}
// To run our app on port 3000
app.listen(3000)
passport-config.js
JavaScript
// Requiring all the necessary dependencies
const LocalStrategy = require('passport-local').Strategy
const bcrypt = require('bcrypt')
// Add all the code related to passportjs to
// the main initialize function
function initialize(passport, getUserByEmail, getUserById) {
const authenticateUser = async (email, password, done) => {
const user = getUserByEmail(email)
// If user is null return output
// "no user with that email"
if (user == null) {
return done(null, false,
{ message: 'No user with that email' })
}
// try-catch block to check for correct password
try {
if (await bcrypt.compare(password, user.password)) {
return done(null, user)
} else {
return done(null, false,
{ message: 'Password incorrect' })
}
} catch (e) {
return done(e)
}
}
passport.use(new LocalStrategy(
{ usernameField: 'email' }, authenticateUser))
passport.serializeUser((user, done) => done(null, user.id))
passport.deserializeUser((id, done) => {
return done(null, getUserById(id))
})
}
// Exporting the initialize function
module.exports = initialize
index.ejs
HTML
<!-- Index page which will display
the Hi user_name -->
<h1>Hi <%= name %></h1>
<!-- Setting up a logout button in
order to exit the page -->
<form action="/logout?_method=DELETE" method="POST">
<button type="submit">Log Out</button>
</form>
login.ejs
HTML
<!-- login page -->
<h1>Login</h1>
<!-- Adding embedded javascript code to
check for errors -->
<% if (messages.error) { %>
<%= messages.error %>
<% } %>
<!-- Make a simple login form with
name, email and password fields
make a submit button at the end -->
<form action="/login" method="POST">
<div>
<label for="email">Email</label>
<input type="email" id="email"
name="email" required>
</div>
<div>
<label for="password">Password</label>
<input type="password"
id="password" name="password" required>
</div>
<button type="submit">Login</button>
</form>
<a href="/register">Register</a>
register.ejs
HTML
<!-- Register page -->
<h1>Register</h1>
<!-- Make a simple register form with
name, email and password fields
make a submit button at the end -->
<form action="/register" method="POST">
<div>
<label for="name">Name</label>
<input type="text" id="name"
name="name" required>
</div>
<div>
<label for="email">Email</label>
<input type="email" id="email"
name="email" required>
</div>
<div>
<label for="password">Password</label>
<input type="password" id="password"
name="password" required>
</div>
<button type="submit">Register</button>
</form>
<a href="/login">Login</a>
6: Install another package using "npm i method-override" - The rest of the code remains the same.
The first page that will come up after starting the server is the login page.
If you have already registered, then login by using the same email and password.
If you haven't registered and you tried to login then you will get this output.
Register yourself first and remember the email and password and then again try to login.
After successful registration and login you will get this on your page i.e. "Welcome to GeeksforGeeks your_name".
Output:
Similar Reads
Node.js Tutorial Node.js is a powerful, open-source, and cross-platform JavaScript runtime environment built on Chrome's V8 engine. It allows you to run JavaScript code outside the browser, making it ideal for building scalable server-side and networking applications.JavaScript was mainly used for frontend developme
4 min read
Introduction & Installation
NodeJS IntroductionNodeJS is a runtime environment for executing JavaScript outside the browser, built on the V8 JavaScript engine. It enables server-side development, supports asynchronous, event-driven programming, and efficiently handles scalable network applications. NodeJS is single-threaded, utilizing an event l
5 min read
Node.js Roadmap: A Complete GuideNode.js has become one of the most popular technologies for building modern web applications. It allows developers to use JavaScript on the server side, making it easy to create fast, scalable, and efficient applications. Whether you want to build APIs, real-time applications, or full-stack web apps
6 min read
How to Install Node.js on LinuxInstalling Node.js on a Linux-based operating system can vary slightly depending on your distribution. This guide will walk you through various methods to install Node.js and npm (Node Package Manager) on Linux, whether using Ubuntu, Debian, or other distributions.PrerequisitesA Linux System: such a
6 min read
How to Install Node.js on WindowsInstalling Node.js on Windows is a straightforward process, but it's essential to follow the right steps to ensure smooth setup and proper functioning of Node Package Manager (NPM), which is crucial for managing dependencies and packages. This guide will walk you through the official site, NVM, Wind
6 min read
How to Install NodeJS on MacOSNode.js is a popular JavaScript runtime used for building server-side applications. It’s cross-platform and works seamlessly on macOS, Windows, and Linux systems. In this article, we'll guide you through the process of installing Node.js on your macOS system.What is Node.jsNode.js is an open-source,
6 min read
Node.js vs Browser - Top Differences That Every Developer Should KnowNode.js and Web browsers are two different but interrelated technologies in web development. JavaScript is executed in both the environment, node.js, and browser but for different use cases. Since JavaScript is the common Programming language in both, it is a huge advantage for developers to code bo
6 min read
NodeJS REPL (READ, EVAL, PRINT, LOOP)NodeJS REPL (Read-Eval-Print Loop) is an interactive shell that allows you to execute JavaScript code line-by-line and see immediate results. This tool is extremely useful for quick testing, debugging, and learning, providing a sandbox where you can experiment with JavaScript code in a NodeJS enviro
5 min read
Explain V8 engine in Node.jsThe V8 engine is one of the core components of Node.js, and understanding its role and how it works can significantly improve your understanding of how Node.js executes JavaScript code. In this article, we will discuss the V8 engine’s importance and its working in the context of Node.js.What is a V8
7 min read
Node.js Web Application ArchitectureNode.js is a JavaScript-based platform mainly used to create I/O-intensive web applications such as chat apps, multimedia streaming sites, etc. It is built on Google Chrome’s V8 JavaScript engine. Web ApplicationsA web application is software that runs on a server and is rendered by a client browser
3 min read
NodeJS Event LoopThe event loop in Node.js is a mechanism that allows asynchronous tasks to be handled efficiently without blocking the execution of other operations. It:Executes JavaScript synchronously first and then processes asynchronous operations.Delegates heavy tasks like I/O operations, timers, and network r
5 min read
Node.js Modules , Buffer & Streams
NodeJS ModulesIn NodeJS, modules play an important role in organizing, structuring, and reusing code efficiently. A module is a self-contained block of code that can be exported and imported into different parts of an application. This modular approach helps developers manage large projects, making them more scal
6 min read
What are Buffers in Node.js ?Buffers are an essential concept in Node.js, especially when working with binary data streams such as files, network protocols, or image processing. Unlike JavaScript, which is typically used to handle text-based data, Node.js provides buffers to manage raw binary data. This article delves into what
4 min read
Node.js StreamsNode.js streams are a key part of handling I/O operations efficiently. They provide a way to read or write data continuously, allowing for efficient data processing, manipulation, and transfer.\Node.js StreamsThe stream module in Node.js provides an abstraction for working with streaming data. Strea
4 min read
Node.js Asynchronous Programming
Node.js NPM
NodeJS NPMNPM (Node Package Manager) is a package manager for NodeJS modules. It helps developers manage project dependencies, scripts, and third-party libraries. By installing NodeJS on your system, NPM is automatically installed, and ready to use.It is primarily used to manage packages or modules—these are
6 min read
Steps to Create and Publish NPM packagesIn this article, we will learn how to develop and publish your own npm package (also called an NPM module). There are many benefits of NPM packages, some of them are listed below: Reusable codeManaging code (using versioning)Sharing code The life-cycle of an npm package takes place like below: Modu
7 min read
Introduction to NPM scriptsNPM is a Node Package Manager. It is the world's largest Software Registry. This registry contains over 800,000 code packages. Many Open-source developers use npm to share software. Many organizations also use npm to manage private development. "npm scripts" are the entries in the scripts field of t
2 min read
Node.js package.jsonThe package.json file is the heart of Node.js system. It is the manifest file of any Node.js project and contains the metadata of the project. The package.json file is the essential part to understand, learn and work with the Node.js. It is the first step to learn about development in Node.js.What d
4 min read
What is package-lock.json ?package-lock.json is a file that is generated when we try to install the node. It is generated by the Node Package Manager(npm). package-lock.json will ensure that the same versions of packages are installed. It contains the name, dependencies, and locked version of the project. It will check that s
3 min read
Node.js Deployments & Communication
Node DebuggingDebugging is an essential part of software development that helps developers identify and fix errors. This ensures that the application runs smoothly without causing errors. NodeJS is the JavaScript runtime environment that provides various debugging tools for troubleshooting the application.What is
3 min read
How to Perform Testing in Node.js ?Testing is a method to check whether the functionality of an application is the same as expected or not. It helps to ensure that the output is the same as the required output. How Testing can be done in Node.js? There are various methods by which tasting can be done in Node.js, but one of the simple
2 min read
Unit Testing of Node.js ApplicationNode.js is a widely used javascript library based on Chrome's V8 JavaScript engine for developing server-side applications in web development. Unit Testing is a software testing method where individual units/components are tested in isolation. A unit can be described as the smallest testable part of
5 min read
NODE_ENV Variables and How to Use Them ?Introduction: NODE_ENV variables are environment variables that are made popularized by the express framework. The value of this type of variable can be set dynamically depending on the environment(i.e., development/production) the program is running on. The NODE_ENV works like a flag which indicate
2 min read
Difference Between Development and Production in Node.jsIn this article, we will explore the key differences between development and production environments in Node.js. Understanding these differences is crucial for deploying and managing Node.js applications effectively. IntroductionNode.js applications can behave differently depending on whether they a
3 min read
Best Security Practices in Node.jsThe security of an application is extremely important when we build a highly scalable and big project. So in this article, we are going to discuss some of the best practices that we need to follow in Node.js projects so that there are no security issues at a later point of time. In this article, we
4 min read
Deploying Node.js ApplicationsDeploying a NodeJS application can be a smooth process with the right tools and strategies. This article will guide you through the basics of deploying NodeJS applications.To show how to deploy a NodeJS app, we are first going to create a sample application for a better understanding of the process.
5 min read
How to Build a Microservices Architecture with NodeJSMicroservices architecture allows us to break down complex applications into smaller, independently deployable services. Node.js, with its non-blocking I/O and event-driven nature, is an excellent choice for building microservices. How to Build a Microservices Architecture with NodeJS?Microservices
3 min read
Node.js with WebAssemblyWebAssembly, often abbreviated as Wasm, is a cutting-edge technology that offers a high-performance assembly-like language capable of being compiled from various programming languages such as C/C++, Rust, and AssemblyScript. This technology is widely supported by major browsers including Chrome, Fir
3 min read
Resources & Tools
Node.js Web ServerA NodeJS web server is a server built using NodeJS to handle HTTP requests and responses. Unlike traditional web servers like Apache or Nginx, which are primarily designed to give static content, NodeJS web servers can handle both static and dynamic content while supporting real-time communication.
6 min read
Node Exercises, Practice Questions and SolutionsNode Exercise: Explore interactive quizzes, track progress, and enhance coding skills with our engaging portal. Ideal for beginners and experienced developers, Level up your Node proficiency at your own pace. Start coding now! #content-iframe { width: 100%; height: 500px;} @media (max-width: 768px)
4 min read
Node.js ProjectsNode.js is one of the most popular JavaScript runtime environments widely used in the software industry for projects in different domains like web applications, real-time chat applications, RESTful APIs, microservices, and more due to its high performance, scalability, non-blocking I/O, and many oth
9 min read
NodeJS Interview Questions and AnswersNodeJS is one of the most popular runtime environments, known for its efficiency, scalability, and ability to handle asynchronous operations. It is built on Chrome’s V8 JavaScript engine for executing JavaScript code outside of a browser. It is extensively used by top companies such as LinkedIn, Net
15+ min read