Note: This can be a pair programming activity or done independently.
We've seen how to implement an authentication manually using bcrypt. This can be valid for a simple auth system, but if you want to implement a secure and scalable auth system inside a Node app, you should use passport.js.
This lab is about implementing a login system and limit the access of some pages to authenticated users.
You do not need to put everything in controllers - if the route handlers are in app.js it's fine. The main goal for this lab is to create the auth strategy with passport.
- Create a login form with email & password
- Use passport-local to find User & verify password
- Restrict access to API without an authenticated user
- The app should have 4 route with methods and views:
- Home (/)
- Login (/login)
- Signup (/signup)
- Profile (/profile)
Bonus:
- Create a CRUD resource, then authorise index and show to all users and limit access to create, update and delete to only authenticated users.
- Add twitter bootstrap.
- Move the route handlers in a separate controller.
- Add a navbar that displays different links if the user is signed in or not
Please find the starter code including all the files that you need for this app and some comments about which bits of code should be in which file.
Here are few screenshots of a potential solution:
