Add JWT-based authentication to a Node/Express/Mongo app.
- Create Server
- Add auth router
- Create user with POST /auth/signup
- validate required fields
- Check if email is unique
- hash password with bcrypt
- insert into db
- Login user with POST /auth/login
- check if email in db
- compare password with hashed password in db
- Create and sign a JWT
- Respond with JWT
- check if email in db
- Create login form; show errors; redirect;
- validate required fields
- Create sign up form; show errors; redirect;
- Validate required fields
- Visitors can only see the homepage
- isLoggedIn middleware
- Validate JWT in header
- set req.user to be JWT payload
- send an unauthorized error message
- redirect to login form
- isLoggedIn middleware
- Logged in users can only see their page
- allowAccess middleware
- id in url must match id in req.user
- send an unauthorized error message
- redirect to user page if they visit the homepage
- set user_id in localStorage after login/signup
- allowAccess middleware
- Add GET /auth/logout to clear user_id cookie
- redirect to login page
- Admin page that lists all users
- admin table with user_id
- de-activate users
- Admin can see any page on site
- Rate limiting
- Prevent brute force logins
$2y$12$cj4BYDSkUrsk/mgketfvQekBnTF2iOiy6ZK.AjtVRDML5KICytbzm $2y$12$0gzNy1.CwIU2AJqDyFnPwuJNfJ63m3VB0OxQ4SrNq8UPlabsqBBF.