#Express authentication In this lesson, we'll be building an express application with user authentication.
##Objectives After this lesson, students will be able to:
- ... add user authentication to an express application
- ... set up a local authentication strategy with Passport.js
##Setup After forking and cloning, you will want to checkout our annotated branch. This is the branch with the dependencies added to our package file and hints in the various files we need to create and modify. If you'd like more of a challenge, master has no hints and requires you to add your own dependencies.
Before we can do anything, we need to install our dependencies:
$ npm install
Take a look at our package.json
to see what modules we need for what
we're setting out to do in this lesson.
###What are those modules for?
passport
is the core module for authentication here. It is organized in
a modular manner, not tied to any particular style of authentication, instead
importing strategy modules. Passport is capable of everything from standard
username-and-password (local) authentication to authentication with Google,
Facebook, or other social networking sites using the OAuth protocol, and
beyond.
passport-local
is a local strategy for passport, which we are using for
simplicity. With this strategy, we will be storing and retrieving user
credentials in our very own databases, and hashing our own passwords for
secure storage.
bcrypt
is a key derivation function designed to be arbitrarily slow. Its
purpose is to take a low-entropy (not very random) input, such as a password,
and produce a high-entropy output suitable for use as an encryption key. We
will use it to hash our passwords for secure storage.
sequelize
, pg
, and pg-hstore
have to do with our relational database.
We're using Sequelize as our ORM and our database is Postgres, so we install
the relevant packages. We will not use pg
or pg-hstore
directly.
##Code-along We'll be doing this as a code-along, where I will make periodic commits to the solved branch of this repository. You will be able to follow my commits on that branch to review this material in the future.
###lib/passport.js Create the file and directory, then proceed.
We will be using this file to configure passport
. You will be provided an
initial state of comments stating what needs to be done.
###app.js
We will need to edit our app.js in order to mount Passport's middleware for
user sessions. Note that it depends on session middleware already being mounted
on our app or router; it must be use
d after we use
our session
middleware, and before we use
our routes.
###routes/index.js Here, we have to create two routes:
- a login route, which uses
passport.authenticate
to pass the user's credentials on to our authentication strategy - a register route, where we don't use Passport at all, but add a row to our Users table.
Note that we need body-parsing middleware on both of these routes for user credentials.
###models/* This will essentially be a review of Sequelize. We'll make our user model and export it as part of a module containing all of our models for convenience.