Cookie Consent by Free Privacy Policy Generator 📌 User Authentication with JWT tokens in node js


✅ User Authentication with JWT tokens in node js


💡 Newskategorie: Programmierung
🔗 Quelle: dev.to

User authentication is the most important part of developing a website. To prevent any malicious activity in user accounts, we must implement a strong authentication system. Today, we will explore user authentication using JSON web tokens.

Getting Started

first, we need to set up our Node.js boilerplate using Express. Make sure you have installed the npm and node

create a directory for your project. We are going to use server

go inside the newly created directory and run

npm init

This will initialize our project with a package.json file.

Now we will need to install Express

npm install express

create a new file index.js.

put following code in the file


const express = require('express')
const app = express()
require("./db/conn")

const PORT=8083

app.use(require("./route/router"))

app.listen(PORT, () => console.log(`connected to port number ${PORT}`))

now we will need another dependency "mongoose"

npm install mongoose

Database Connection

first we are going to connect our database.

create a new folder as db and create a file inside it as conn.js

paste the following code inside the file

const mongoose=require("mongoose")

const DB=process.env.DATABASE;

mongoose.connect(DB)
.then(()=>{
console.log("connection successfull")
})
.catch((e)=>{console.log(e)})

In this code snippet, we are connecting our database to MongoDB Atlas by importing Mongoose. We access the database connection link from the config.env file using the process.env.DATABASE variable. The config.env file stores custom environment variables, which can be created using the dotenv library

Creating User Collection

lets create collection in database with mongoose schema

first create new folder with name models.

create a new file user.model.js inside the folder

user.model.js will have our user data such as name, email,password.

paste the following code in the user.model.js

const mongoose=require("mongoose");

const user=new mongoose.Schema({
name:{
type:String
},
email:{
type:String
},
password:{
type:String
},
token:{
type:String
}
)

const User=new mongoose.model("User",user)

module.exports=User

we are creating schema here for the collection.
Mongoose Schema defines document's properties, default values, types of data, validators, etc. In contrast, a Mongoose model provides an interface for the database to create, query, update, delete records, and so on.

mongoose model accepts two parameters
mongoose.model(collection name,collection schema)

Installing JWT

before moving ahead lets just install the JWT package

npm i jsonwebtoken

Creating Routes and Authentication for User

After creating collection now lets create routes.

create a new folder "routes" in this folder create router.js file

paste the following code into the file

const express=require("express")
const router=express.Router()
const mongoose=require("mongoose")
const User=require("../model/user.model.js")

router.post("/Login",async (req,res)=>{       //Login  API

  const {email,Password}=req.body;

  if(!email || !Password){
   return res.status(403).json({error:"empty Fields"})
  }

  try{
    const exist=await User.findOne({email})
    if(exist){
      if(exist.password==Password){
        const token= await exist.generateAuthToken();
        res.cookie("authcookie",token,{
          expires:new Date(Date.now()+36000000),
          httpOnly:false,
        }) 
        res.status(200).json({token:token})                                                                                        
      }
      else{
        return res.status(401).json({error:"invalid credentials"})
      }
    }
    else{
      return res.status(401).json({error:"invalid credentials"})
}}catch(e){
  console.log(e)
  res.status(500).json({error:"wont be able to login"})
}}
)

here we are checking if email and password are not empty if empty we are returning status code 403 "Empty fields"

If the password and email fields are not empty, we check if the email exists in the collection. If it does, we compare the entered password with the stored password to determine if they match. If the passwords match, we call the generateAuthToken() method to generate an authentication token.

now go to user.model.js and paste this code

user.methods.generateAuthToken=async function(){
    try{
    const tokenGen= jwt.sign({_id:this._id},process.env.SECRET)//genertaes token
    this.tokens=this.tokens.splice(0,1,{token:tokenGen})
     await this.save();
     return tokenGen;
    }
     catch(e){
        console.log(e)
     }
}

generateAuthToken function generates the token .

jwt.sign() sign takes two parameter id and JWT_secret and returns signed token (it is recommended that JWT_secret must be stored in config.env file).

Creating Middleware

create a new folder middleware inside the folder create a new file authentication.js

paste the following code :-

const jwt=require("jsonwebtoken")
const User=require("../models/user.model.js")


const authenticate= async (req,res,next)=>{
    try{
    const token= req.cookies.authcookie || req.headers["x-access-token"];  // taking token

    const authnToken= jwt.verify(token,process.env.SECRET)//verfify token with secret key{token is made up of user unique id and secret key} return unique id

 const userInfo= await User.find({_id:authnToken._id},{"tokens.token":token})//finding document that matches the unique id and token 

    if(!userInfo){res.status(209).json({error:"user info is not available"})}
        req.token=token;
        req.userinfo=userInfo;
        req.userId=userInfo[0]._id;
        next();
    }
    catch(e){
        res.status(401).json({message:"Please loggin first"})
        console.log(e)
    }

}

module.exports=authenticate


The jwt.verify function takes a token and a secret key (which is composed of the user's unique ID) as parameters. It returns the user's unique ID.

Now let’s create the /somepage route and update router.js with the following code to test the middleware

router.get("/somepage",authetication,(req,res)=>{
console.log("working")
})

Checking The API In POSTMAN

paste the localhost:8003/login into the path

pass email and Password in body as a JSON

Image description

it gives token as response

for now copy this token

Change the route to /somepage and include the x-access-token key in the headers with the token value pasted as its value. Then, send the request

Image description

token is verified by middleware.

Conclusion

In this tutorial we learned about JWT, authentication, authorization and how to develop an API using JWT token for authentication in Node.js.

...

✅ User Authentication with JWT tokens in node js


📈 47.2 Punkte

✅ JWT-Hack - Tool To En/Decoding JWT, Generate Payload For JWT Attack And Very Fast Cracking(Dict/Brutefoce)


📈 45.56 Punkte

✅ jwt-simple up to 0.3.0 on Node.js jwt.decode weak authentication


📈 43.39 Punkte

✅ How to Invalidate JWT Tokens Without Collecting Tokens


📈 42.39 Punkte

✅ Power of Tokens:Refresh Tokens and Access Tokens in Backend Development


📈 40.81 Punkte

✅ Access Tokens vs Refresh Tokens vs ID Tokens


📈 40.81 Punkte

✅ perl-CRYPT-JWT up to 0.022 Access Control JWT.pm _decode_jws() weak authentication


📈 35.75 Punkte

✅ Crypt::JWT up to 0.022 on Perl Access Control JWT.pm hmac weak authentication


📈 35.75 Punkte

✅ FastAPI Beyond CRUD Part 12 - JWT Authentication (Revoke Access Tokens Using Redis)


📈 34.17 Punkte

✅ FastAPI Beyond CRUD Part 9 - JWT Authentication (Create Access And Refresh Tokens)


📈 34.17 Punkte

✅ Understanding JSON Web Tokens (JWT) and Their Use in Web Authentication


📈 34.17 Punkte

✅ Secure Authentication and Authorization in Mobile Apps with JSON Web Tokens (JWT)


📈 34.17 Punkte

✅ Authentication with JWT Tokens in React and Express.js


📈 34.17 Punkte

✅ User authentication and authorization in Node.js, Express.js app, using Typescript, Prisma, Zod and JWT


📈 33.6 Punkte

✅ Inversoft prime-jwt JWT Signature Validation erweiterte Rechte


📈 30.37 Punkte

✅ jwt-simple bis 0.3.0 jwt.decode schwache Authentisierung


📈 30.37 Punkte

✅ Create JWT Using DataWeave JWT Library


📈 30.37 Punkte

✅ jwt decode link: https://www.npmjs.com/package/jwt-decode


📈 30.37 Punkte

✅ Some-Tweak-To-Hide-Jwt-Payload-Values - A Handful Of Tweaks And Ideas To Safeguard The JWT Payload


📈 30.37 Punkte

✅ CVE-2023-51774 | json-jwt Gem 1.16.3 on Ruby JSON::JWT.decode unknown vulnerability


📈 30.37 Punkte

✅ JWT Key ID Injector - Simple Python Script To Check Against Hypothetical JWT Vulnerability


📈 30.37 Punkte

✅ Inversoft prime-jwt JWT Signature Validation privilege escalation


📈 30.37 Punkte

✅ Jwtear - Modular Command-Line Tool To Parse, Create And Manipulate JWT Tokens For Hackers


📈 28.79 Punkte

✅ Hacking JWT Tokens For Fun And Profit


📈 28.79 Punkte

✅ Abusing JWT (JSON Web Tokens) - Sven Morgenroth - PSW #673


📈 28.79 Punkte

✅ JWT Tool - A Toolkit For Testing, Tweaking And Cracking JSON Web Tokens


📈 28.79 Punkte

✅ Understanding JWT and Bearer Tokens: What Every Developer Should Know


📈 28.79 Punkte

✅ Understanding JWT and Validating Tokens with Expiry Dates


📈 28.79 Punkte

✅ Using a Symfony secret to encode your JWT Tokens


📈 28.79 Punkte

✅ JWT(json web tokens)


📈 28.79 Punkte

✅ Implementing an Auth Guard with JWT tokens in Nest.js


📈 28.79 Punkte

✅ Understanding JSON Web Tokens (JWT)


📈 28.79 Punkte

✅ Jwtear – Modular Command-Line Tool To Parse, Create And Manipulate JWT Tokens For Hackers


📈 28.79 Punkte

✅ Implementing JWT Authentication in Node.js


📈 28.21 Punkte

✅ 9 Steps for JWT Authentication in Node.js Application


📈 28.21 Punkte











matomo

Datei nicht gefunden!