Skip to content

vantu-code/catch-me-there-back

BranchesTags

Repository files navigation

React authentication code along - Server


Clone the repository with starter code


git clone https://github.com/ross-u/React-Auth-Server-Code-Along---Starter-Code-.git

cd React-Auth-Server-Code-Along---Starter-Code-/

npm i

Rename .env.sample file to .env


- HTTP request and response flow and session appWComments.js

- helpers/middlewares.js - we use it to abstract some functionality to helper functions


Create the /signup route in routes/auth.js

//		routes/auth.js

//  POST    '/signup'
router.post('/signup', isNotLoggedIn(), validationLoggin(), async (req, res, next) => {
    const { username, password } = req.body;

    try {																									 // projection
      const usernameExists = await User.findOne({ username }, 'username');
      
      if (usernameExists) return next(createError(400));
      else {
        const salt = bcrypt.genSaltSync(saltRounds);
        const hashPass = bcrypt.hashSync(password, salt);
        const newUser = await User.create({ username, password: hashPass });
        req.session.currentUser = newUser;
        res
          .status(200)  //  OK
          .json(newUser);
      }
    } 
    catch (error) {
      next(error);
    }
  },
);

Create the /login route in routes/auth.js

//		routes/auth.js

//  POST    '/login'
router.post('/login', isNotLoggedIn(), validationLoggin(), async (req, res, next) => {
    const { username, password } = req.body;
    try {
      const user = await User.findOne({ username }) ;
      if (!user) {
        next(createError(404));
      } 
      else if (bcrypt.compareSync(password, user.password)) {
        req.session.currentUser = user;
        res
          .status(200)
          .json(user);
        return 
      } 
      else {
        next(createError(401));
      }
    } 
    catch (error) {
      next(error);
    }
  },
);

Create the /logout route in routes/auth.js

//		routes/auth.js

//  POST    '/logout'
router.post('/logout', isLoggedIn(), (req, res, next) => {
  req.session.destroy();
  res
    .status(204)  //  No Content
    .send();
  return; 
});

Create the /private route in routes/auth.js

//		routes/auth.js

//  GET    '/private'   --> Only for testing - Same as `/me` but it returns a message instead
router.get('/private', isLoggedIn(), (req, res, next) => {
  res
    .status(200)  // OK
    .json({ message: 'Test - User is logged in'});
});


module.exports = router;

Export the router in routes/auth.js

//		routes/auth.js
...
		...

module.exports = router;

Import the Postman collection from ``


In Postman, test the routes in the following order:

/signup, /private ,/logout ,/login and again /private.


Postman will automatically save cookies on the Headers for the next requests.

Example: after /signup cookie is returned in the response and Postman will set that cookie on all the requests in the collection, so that next time we send request, that cookie with session.id is sent automatically to the server.


Create the /me route in routes/auth.js

//		routes/auth.js

//  GET    '/me'
router.get('/me', isLoggedIn(), (req, res, next) => {
  res.json(req.session.currentUser);
});

We can also edit the /me route to ensure password is not sent to the client side

//		routes/auth.js

//  GET    '/me'
router.get('/me', isLoggedIn(), (req, res, next) => {
  req.session.currentUser.password = '*';
  res.json(req.session.currentUser);
});

catch-me-there-back

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages