This is a sample project that uses Mongoose and MongoDB to create users. This project illustrates how to use JWT's to authorize user access to protected routes.
It contains 3 API routes:
- Signup
- Login
- Profile
With these routes, new users can sign up, login, and view a protected route, the /profile page.
To use this project, you will need to create a new MongoDB cluster via a new project.
In the root create a new .env file with the following information:
PORT = <AnyPortNumber>
MONGO_URL = <YourMongodbURL>
SECRET_JWT_KEY = <AnySuperSecretKey>
In your terminal:
npm install
npm run dev
Create new user, using Postman or Insomnia. Using http://localhost:4002/signup as the endpoint, make the following JSON POST request:
{
"username": "henry",
"email": "henry@gmail.com",
"password": "1234RTD2"
}
You should get a response that includes the JWT.
Next, you can test this JWT to ensure it is working and used in the Auth process. In your client, navigate to the headers and provide your JWT like so:
token: <yourJWT>
Now, make a GET request to the following endpoint: http://localhost:4002/profile. The full user should be returned.
This file is responsible for connecting mongoose to mongodb.
This contains the User model. This is used in the resolvers to create new users and find existing ones.
These are the functions responsible for responding to incoming requests. They create new users, logging existing ones in, and returning JWT to the client.
These are all of the API routes. They each take a resolver function
These are functions that run for certain routes when requests are made. There's an Auth middleware function that is responsible for verifying incoming JWT's, when a User tries to access the Profile route which is protected. The auth route looks for the JWT in the req.header.token. However, for security purposes this should be transferred over to an httpOnly cookie.
This file wires all of these pieces up:
- It starts up your express server
- It creates a connection to your database
- It spins up your API