FORMATEUR : ESSADDIQ LAKHLIFI

0PTION : CREATION OF NATIVE CLOUD APPLICATION

—----------------------------

WORKSHOP :
JWT Authentication in Node.js: A Practical Guide

Developing authentication for a web application using Node.js typically comprises

multiple stages. A prevalent method for securing web apps is 'Token-based
authentication.' This method revolves around the generation and verification of
tokens, often JSON Web Tokens (JWTs), to authenticate users. Below is a guide on
implementing token-based authentication in a Node.js web application, complete
with an example and code snippet.

In this workshop, we will utilize Express.js to facilitate CRUD operations and

MongoDB as our database.

1. Choose an Authentication Strategy:

Decide on the type of authentication you want to implement. Common options
include username/password, social media login (e.g., using OAuth), or token-based
authentication (e.g., JWT).
In our case, we will use a username/password combination as the credential.

2. Set Up Your Node.js Project:

Create a directory for your project and navigate into it, then initialize a new project
using npm or yarn:

npm init

3. Install Required Packages:

Depending on your chosen authentication strategy, you may need to install relevant
packages. For example, if you’re using JWT, you can install the ‘jsonwebtoken’
package.
Don't forget to install the express framework, as well as the ORM Mongoose and
bcrypt for password encryption and body-parser.

$ npm install express jsonwebtoken mongoose bcrypt body-parser

4. Create a User Model:

Define a user model to store user data in your database (e.g., MongoDB,
PostgreSQL, or MySQL). You can use an ORM like Mongoose (for MongoDB) or
Sequelize (for SQL databases). Here’s a simplified example for MongoDB and
Mongoose:

// models/User.js
const mongoose = require('mongoose');
const userSchema = new mongoose.Schema({
username: { type: String, unique: true, required: true },
password: { type: String, required: true },
});
module.exports = mongoose.model('User', userSchema);

5. Create Routes and Controllers:

Set up routes and controllers for user registration, login, and authentication. Here’s a
basic example using Express.js:

// routes/auth.js
const express = require('express');
const router = express.Router();
const User = require('../models/User');
const bcrypt = require('bcrypt');
const jwt = require('jsonwebtoken');

// User registration
router.post('/register', async (req, res) => {
try {
const { username, password } = req.body;
const hashedPassword = await bcrypt.hash(password, 10);
const user = new User({ username, password: hashedPassword });
await user.save();
res.status(201).json({ message: 'User registered successfully' });
} catch (error) {
res.status(500).json({ error: 'Registration failed' });
}
});

// User login
router.post('/login', async (req, res) => {
try {
const { username, password } = req.body;
const user = await User.findOne({ username });
if (!user) {
return res.status(401).json({ error: 'Authentication failed' });
}
const passwordMatch = await bcrypt.compare(password, user.password);
if (!passwordMatch) {
return res.status(401).json({ error: 'Authentication failed' });
}
const token = jwt.sign({ userId: user._id }, 'your-secret-key', {
expiresIn: '1h',
});
res.status(200).json({ token });
} catch (error) {
res.status(500).json({ error: 'Login failed' });
}
});

module.exports = router;

6. Protect Routes:
Implement middleware to protect routes that require authentication. For example,
you can use a middleware function to verify JWT tokens:

// middleware/authMiddleware.js

const jwt = require('jsonwebtoken');

function verifyToken(req, res, next) {
const token = req.header('Authorization');
if (!token) return res.status(401).json({ error: 'Access denied' });
try {
const decoded = jwt.verify(token, 'your-secret-key');
req.userId = decoded.userId;
next();
} catch (error) {
res.status(401).json({ error: 'Invalid token' });
}
};

module.exports = verifyToken;

7. Use Authentication Middleware:

Apply the authentication middleware to protect specific routes in your application:

// routes/protectedRoute.js

const express = require('express');

const router = express.Router();
const verifyToken = require('../middleware/authMiddleware');
// Protected route
router.get('/', verifyToken, (req, res) => {
res.status(200).json({ message: 'Protected route accessed' });
});

module.exports = router;

8. Start Your Express Application:

Set up your main application file and start the Express server:

//server.js
const express = require('express');
const app = express();
const authRoutes = require('./routes/auth');
const protectedRoute = require('./routes/protectedRoute');
const bodyParser = require("body-parser")

app.use(bodyParser.json())
app.use(bodyParser.urlencoded({extended : true}))
const mongoose = require('mongoose');
mongoose.Promise = global.Promise;
mongoose.connect("mongodb://localhost:27017/login_db", {
useNewUrlParser: true,
}).then(() => {
console.log("Databse Connected Successfully!!");
}).catch(err => {
console.log('Could not connect to the database', err);
process.exit();
});
app.use(express.json());
app.use('/auth', authRoutes);
app.use('/protected', protectedRoute);
const PORT = process.env.PORT || 3000;

app.listen(PORT, () => {
console.log(`Server is running on port ${PORT}`);
});
app.get('/',(req,res)=>{
res.json({
"message":"it's work"
})
})

9. Run Your Application:

Start your Node.js application using `node server.js`.
This example demonstrates a basic implementation of authentication in a Node.js
web application using Express.js, MongoDB for storing user data, and JWT for
token-based authentication. Remember to replace `’your-secret-key’` with a strong,
secret key and consider using environment variables for configuration and security.
Additionally, in a production environment, you should use HTTPS to secure
communication between the client and server.