User Password Authentication | Node.js & Express Tutorials for Beginners

If you are new to web development and have just started working with Node.js and Express, it’s essential to learn about user password authentication. User authentication allows you to secure your web application by only allowing access to authorized users. In this tutorial, we will guide you through the process of implementing user password authentication in your Node.js and Express application.

What is User Password Authentication?

User password authentication is a way to verify the identity of a user before granting access to protected resources in a web application. It ensures that users provide a valid username and password to access specific parts of the application. This authentication process ensures secure access and protects sensitive user data.

Using Express for User Authentication

Node.js and Express make it easy to implement user password authentication in your web application. You can use various libraries and packages available in the Node.js ecosystem to streamline the authentication process.

1. Install Required Packages

First, you need to install the required npm packages. Open your project directory in the terminal and run the following command:

npm install express express-session bcrypt passport

2. Set Up the Express Application

Next, you need to set up your Express application. Create a new file called `app.js` and add the following code:

const express = require("express");
const session = require("express-session");
const bcrypt = require("bcrypt");
const passport = require("passport");
const LocalStrategy = require("passport-local").Strategy;

const app = express();

// Configure express-session middleware
app.use(
  session({
    secret: "your-secret-key",
    resave: false,
    saveUninitialized: false
  })
);

// Initialize Passport middleware
app.use(passport.initialize());
app.use(passport.session());

// Your application routes here

// Start the server
app.listen(3000, () => {
  console.log("Server started on port 3000");
});

3. Implement User Schema

Create a new file called `User.js` to define the schema for your user model. In this file, you can define the necessary fields such as `username` and `password`. Use the `bcrypt` library to hash the user’s password for secure storage.

const mongoose = require("mongoose");
const bcrypt = require("bcrypt");

const userSchema = new mongoose.Schema({
  username: { type: String, required: true, unique: true },
  password: { type: String, required: true },
});

userSchema.pre("save", async function (next) {
  const user = this;
  const hash = await bcrypt.hash(user.password, 10);
  user.password = hash;
  next();
});

module.exports = mongoose.model("User", userSchema);

4. Implement Passport Local Strategy

In the `app.js` file, add the following code to implement a local strategy for passport. This strategy compares the user’s entered password with the hashed password stored in the database for authentication.

passport.use(
  new LocalStrategy((username, password, done) => {
    User.findOne({ username: username }, (err, user) => {
      if (err) return done(err);
      if (!user) return done(null, false);
      bcrypt.compare(password, user.password, (err, res) => {
        if (err) return done(err);
        if (res === false) return done(null, false);
        return done(null, user);
      });
    });
  })
);

5. Implement Routes and Authentication Middleware

Create a new file called `routes.js` to handle your application routes. In this file, you can define the routes for user registration, login, and logout. Additionally, you need to add authentication middleware to restrict access to certain routes. Here’s an example:

const express = require("express");
const router = express.Router();
const passport = require("passport");

// User registration route
router.post("/register", (req, res) => {
  const { username, password } = req.body;
  const newUser = new User({ username, password });
  newUser.save((err) => {
    if (err) return res.status(500).send(err);
    res.send("User registered successfully!");
  });
});

// User login route
router.post("/login", passport.authenticate("local"), (req, res) => {
  res.send("User logged in successfully!");
});

// User logout route
router.get("/logout", (req, res) => {
  req.logout();
  res.send("User logged out successfully!");
});

module.exports = router;

6. Connect Routes and Middleware to Express App

Finally, connect the routes and middleware to your Express application by modifying the `app.js` file:

// Import routes from routes.js
const routes = require("./routes");

// Use routes
app.use("/", routes);

Testing User Authentication

Now that your authentication is set up, you can test it using a tool like Postman or by creating a simple HTML form. Make sure to provide proper form validation and communicate the authentication status back to the user.

Conclusion

Congratulations! You have successfully implemented user password authentication in your Node.js and Express application. User authentication is a critical feature for any web application that deals with user data and personal information. Remember to continually improve the security of your authentication process and stay updated with the latest security best practices.