Login with JSON WEB Token (JWT) using Node.js + Express.js #2

In this tutorial, we will continue building on our previous tutorial where we set up a basic Node.js server using Express.js. In this tutorial, we will focus on implementing login functionality using JSON Web Tokens (JWT) for authentication.

Step 1: Install necessary packages
First, we need to install two packages – jsonwebtoken and bcryptjs. JSON Web Tokens are used for securely transmitting information between parties as a JSON object and bcryptjs is used for hashing passwords.

To install these packages, run the following command in your terminal:

npm install jsonwebtoken bcryptjs

Step 2: Create a new route for login
Next, let’s create a new route in our server.js file for handling user login. Add the following code:

const express = require('express');
const bodyParser = require('body-parser');
const jwt = require('jsonwebtoken');
const bcrypt = require('bcryptjs');

const app = express();

app.use(bodyParser.json());

const users = [
  {
    username: 'admin',
    password: '$2a$10$qV3D2MidFVWGfzDVDFjytuEJuJUiz3sN0Gt3snyGvri9tKC3NME2O', // hashed password for 'password'
  },
];

app.post('/login', (req, res) => {
  const { username, password } = req.body;

  const user = users.find(u => u.username === username);

  if (!user || !bcrypt.compareSync(password, user.password)) {
    return res.status(401).json({ message: 'Invalid username or password' });
  }

  const token = jwt.sign({ username: user.username }, 'secret', { expiresIn: '1h' });

  res.json({ token });
});

app.listen(3000, () => {
  console.log('Server is running on port 3000');
});

Step 3: Test the login route
Now that we have created the login route, we can test it using a tool like Postman. Send a POST request to http://localhost:3000/login with the following JSON body:

{
  "username": "admin",
  "password": "password"
}

If the credentials are correct, the server will respond with a JWT token:

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImFkbWluIn0.9ZU9LdG8oUfb9DZx1I5LaKei4wEyk5zgK5VCizYgbW8"
}

Step 4: Protect routes with JWT
Finally, we can protect routes in our server by checking if the JWT token is valid. We can create a middleware function to do this:

const verifyToken = (req, res, next) => {
  const token = req.headers.authorization.split(' ')[1];

  if (!token) {
    return res.status(401).json({ message: 'Token is required' });
  }

  jwt.verify(token, 'secret', (err, decoded) => {
    if (err) {
      return res.status(403).json({ message: 'Invalid token' });
    }

    req.user = decoded;
    next();
  });
};

app.get('/protected', verifyToken, (req, res) => {
  res.json({ message: 'This route is protected' });
});

In the above code, we use the verifyToken middleware to check if the JWT token is present and valid. If the token is valid, the req.user object will contain the decoded JWT payload.

That’s it! You have successfully implemented user authentication using JSON Web Tokens in your Node.js + Express.js application. Feel free to expand on this functionality by adding features like user registration, token expiration, and refresh tokens.