In this assignment you will be expected to write a backend system which will issue JWT tokens on login
This project includes some already prepared starter code. The following packages have already been specified:
"express": "^4.17.1", "mongoose": "^5.10.11"
Please run npm install
before starting
- Create a
.env
file which will contain your secret keys for the server
Setup a server in server.js
with express.js
-
Use the
express.json()
middleware -
Install & import the
cors
package and use thecors()
middleware
Do not use port 3000 for your server
You will be creating a mongoose schema
-
Create the file
UserSchema.js
-
Import mongoose
-
Create a mongoose schema based on the following characteristics:
-
name string, not required
-
email string, required
-
hash string, required
-
-
Export your schema
-
Create the file
UserModel.js
-
Import mongoose & the UerSchema you just created
-
Create a mongoose model based on the schema you imported
-
Export the model
-
Use the
dotenv
package to load theprocess.env
variables from your.env
file -
In the file
server.js
, connect to your server -
Check the connection
- Create a file
user.js
in a folderroutes
This will contain all the user routes
-
Import
express
-
Use the following code to create a route
const router = express.Router();
-
Export
router
fromuser.js
-
Inside
server.js
, importrouter
fromuser.js
-
Use
app.use()
to redirect all/user
routes to therouter
variable you exported fromuser.js
- Create a route
/register
inuser.js
. This will be aPOST
route.
Inside your /register
route, you can expect to receive the values name, email and password from request.body
-
Import your
User
model intouser.js
-
We have to check if the user already exists, before registering them
Using the User
model, use the findOne
method to search for the user based on the email
address
- If the user exists, send a fail response to the user
- If the user doesn't exist, we will create the user
Note: We are using the
- Install bcrypt
npm i bcrypt
-
Import
bcrypt
-
Use bcrypt to create a hash of the password
-
If the user doesn't exist then create the user. Using the
User
model, save the user registration data to the database:
name
email
hash
- this should be the hashed version of the password you created in step 6
- Test your code
-
Create a new file called
jwtIssuer.js
inside a folder calledutils
-
Install
jsonwebtoken
npm i jsonwebtoken
-
Import
jsonwebtoken
-
create a function called
jwtIssuer
This function should accept the User
object
- Create the following variable:
const expiresIn = '1d';
- Create a variable
payload
. This should be an object with 2 keys:
sub
- the value for this key should be the id of the user
iat
- the value for this key should be Date.now()
(the current time)
-
Inside this function use the following function to create a token:
jsonwebtoken.sign(payload, 'secret')`;
Where:
payload
is an object you created in step 5secret
is a string value of your choice -
The function should return an object:
token: 'Bearer ' + signedToken,
expiresIn
Where:
signedToken
is the token you created in step 6
expiresIn
is the variable you created in step 5
- Export this function
In this assignment, we will create a route to login the user, and issue a JWT token
-
Create a route /login in user.js. This will be a POST route. Inside your /login route, you can expect to receive the values, email and password from request.body
-
Using the User model, use the findOne method to search for the user based on the email
-
If the user doesn't exist, send a fail response to the user
-
If the user does exist use bcrypt.compare()to compare the password with the hash in the database
-
If the password does not match, send a fail response to the user
-
-
Import the jwtIssuer function from the utils folder
-
If the user exists, and the password matched, use the jwtIssuer function to create a jwt token, and send this as a response to the user
-
Test your code
In this assignment you will create a React frontend which will have a register
and login
form
- Create a Register form with the following fields:
name
- not required
email
password
- Create a login form with the following fields:
email
password