npm initto start the package.json file then run the following to install all the dependencies we need:
index.ejsso go ahead and create that:
sign-up-form, and a route for
/sign-upthat points to it:
app.postfor the sign up form so that we can add users to our database (remember our notes about sanitation, and using plain text to store passwords...).
/sign-up, and submit the form. If all goes well it'll redirect you to the index and you will be able to go see your newly created user inside your database.
LocalStrategy(documentation here). We have already installed and required the appropriate modules so let's set it up!
/log-inpath. Add them somewhere before the line that initializes passport for us:
passport.authenticate()function later. Basically, it takes a username and password, tries to find the user in our DB, and then makes sure that the user's password matches the given password. If all of that works out (there's a user in the DB, and the passwords match) then it authenticates our user and moves on! We will not be calling this function directly, so you won't have to supply the
donefunction. This function acts a bit like a middleware and will be called for us when we ask passport to do the authentication later.
/sign-upwe'll add an
actionto it so that it
/log-ininstead. Add the following to your index template:
passport.authenticate(). This middleware performs numerous functions behind the scenes. Among other things, it looks at the request body for parameters named
passwordthen runs the
LocalStrategyfunction that we defined earlier to see if the username and password are in the database. It then creates a session cookie that gets stored in the user's browser, and that we can access in all future requests to see whether or not that user is logged in. It can also redirect you to different routes based on whether the login is a success or a failure. If we had a separate login page we might want to go back to that if the login failed, or we might want to take the user to their user dashboard if the login is successful. Since we're keeping everything in the index we want to go back to "/" no matter what.
reqobject) and if there is, it adds that user to the request object for us. So, all we need to do is check for
req.userto change our view depending on whether or not a user is logged in.
app.get("/")to send the user object to our view like so:
/log-outso all we need to do is add a route for that in our app.js. Conveniently, the passport middleware adds a logout function to the
reqobject, so logging out is as easy as this:
/sign-upto create a new user, then log-in using that user's username and password, and then log out by clicking the log out button!
localsobject. We can use this knowledge to write ourselves a custom middleware that will simplify how we access our current user in our views.
resobjects, manipulate them, and pass them on through the rest of the app.
currentUservariable in all of your views, and you won't have to manually pass it into all of the controllers in which you need it.
npm install bcryptjs. There is another module called
bcryptthat does the same thing, but it is written in C++ and is sometimes a pain to get installed. The C++
bcryptis technically faster, so in the future it might be worth getting it running, but for now, the modules work the same so we can just use
app.post("/sign-up")to use the bcrypt.hash function which works like this:
bcrypt.compare()function to validate the password input. The function compares the plain-text password in the request object to the hashed password.
LocalStrategyfunction we need to replace the
user.password !== passwordexpression with the