My first npm package about authentication
christosmito
Posted on April 27, 2021
Intro
I have been coding in Express and Mongodb about 1,5 years now and on every project I have built up until now I had to write the same code again and again in order to implement the authentication. Repetition is something we, as programmers, hate. So, for that reason I decided to make my own authentication package in order to implement the authentication flow and the DRY principle.
Implementation
This npm package was built to be used with Express and Mongodb. The authentication is based on jwt. In addition, sendgrid was used to implement the reset password functionality for sending an email with the reset token link.
Usage
This package offers the below functionalities:
- signup
- login
- logout
- update password
- forgot password
Let's see how easily we can use this package:
First we need to install the express-auth-flow package with this command
npm install express-auth-flow
or
yarn add express-auth-flow
Then we need to create a user model with the name of our choice and create at least these fields(the names must be exactly the same) as shown below:
- username
- password
Below is demonstrated a simple example using mongoose(it is highly recommended to validate all the fields)
//Model file userModel.js
const mongoose = require("mongoose");
const { Schema } = mongoose;
const userSchema = new Schema({
email: String,
username: String,
password: String
});
module.exports = mongoose.model("User", userSchema);
Now in your router file you must require your user's model you created above, the express-auth-flow package and make routes as below. The paths and the names must be exactly the same in order the package to recognize them. The email for the forgot password functionality are sent via sendgrid and you have to create a free account and then create an api key. An example is shown below:
//Router file userRoutes.js
const express = require("express');
const User = require("The path to your user model");
const auth = require("express-auth-flow");
const router = express.Router();
//Only for forgot password functionality
const options = {
apiKey: "your sendgrid api key",
from: "your email that you verified on sendgrid",
text: "The raw message",
html: "The html formatted message"
};
router.post("/signup", auth("User").signup);
router.post("/login", auth("User").login);
router.post("/logout", auth("User").logout);
router.post("/update-password", auth("User").updatePassword);
router.post("/forgot-password", auth("User, options").forgotPassword);
router.post("/reset-password/:token", auth("User").resetPassword);
module.exports = router;
Finally lets analyze the inputs that are expected from every router
/signup
The signup functionality is expect the below input:
email, username, password, confirmPassword
/login
The login functionality is expect the below input:
email, password
/logout
No input
/updatePassword:
email, password, newPassword, confirmNewPassword
/forgot-password
/reset-password/:token
password, confirmPassword
Notice
The forgot password functionality works like this:
First the user goes to /forgot-password route and fills the
email, password, newPassword, confirmNewPassword inputs. Then an email is sent to the provided email with a reset token link that is valid for 10 minutes and when the user redirects to this link must provide the password and the confirmPassword in order to save new password.
In the near future I am going to release a video tutorial on how to use this package
Thanks for your time and feel free to write any feedback.
contact me at this email: christosglx@hotmail.com
Posted on April 27, 2021
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.