Practice code for Section 15 - Adding Authentication, part of the course "NodeJS - The Complete Guide (MVC, REST APIs, GraphQL, Deno)" by Maximilian Schwarzmüller.
This project covers:
- Implementing user signup and login functionality
- Hashing and verifying passwords with
bcryptjs - Protecting routes with authentication checks (only accessible to logged-in users)
- Using
csurfmiddleware to add CSRF protection - Providing user error feedback with flash messages using
connect-flash
- Independently implemented while following a Node.js course, writing all functionalities from scratch and extending the project with personal improvements.
- Node.js
- Express.js
- JavaScript (ES6+)
- Mongoose
- express-session
- connect-mongodb-session
- bcryptjs
- csurf
- connect-flash
- Docker
- dotenv
- Nodemon
git clone https://github.com/S15-Adding-Authentication
cd ./S15-Adding-Authenticationcp .env.example .envNote:
USE_MONGODB_ATLASvariable must be set tofalse
npm run db:start- Creates database
shopwithdocker compose up -d
npm installnode .\server.jsnpm run db:downRuns
docker compose down -v
npm run db:resetRuns
docker compose down -v && docker compose up -d
email: test@example.com
password: 123
email: foo@bar.com
password: 456
A helper script is included to quickly test DB connectivity
npm run db:testRuns
node scripts/test-db.cjs
Expected output:
===== DB connection OK =====
--- Product data: --- [
{
_id: new ObjectId('68c5a0d9f45e62ed9233c5d3'),
title: 'Physical picture of a kitty',
price: 0.99,
description: 'kitty',
imageUrl: 'https://static.vecteezy.com/system/resources/thumbnails/002/098/203/small/silver-tabby-cat-sitting-on-green-background-free-photo.jpg',
userId: new ObjectId('68c59cebf2b7f6e17ff9ea08')
},
{
_id: new ObjectId('68c32686af5c529e81421f78'),
title: 'A book!',
price: 12.99,
description: 'Funny-colored',
imageUrl: 'https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcSoDXr4is7-bVjWtE-TI4q-l0jHX0SPN4_4Uw&s',
userId: new ObjectId('68c59cebf2b7f6e17ff9ea08')
},
{
_id: new ObjectId('68c32686af5c529e814266e1'),
title: 'Red apple',
price: 2.99,
description: 'Do not combine with a pen',
imageUrl: 'https://i5.walmartimages.com/seo/Fresh-Red-Delicious-Apple-Each_7320e63a-de46-4a16-9b8c-526e15219a12_3.e557c1ad9973e1f76f512b34950243a3.jpeg',
userId: new ObjectId('68c59cebf2b7f6e17ff9ea08')
},
{
_id: new ObjectId('68c495a27829b9cab975da81'),
title: 'Pen',
price: 249.99,
description: 'Pure prestige',
imageUrl: 'https://www.faber-castell.pl/-/media/Products/Product-Repository/Miscellaneous-ballpoint-pens/24-24-05-Ballpoint-pen/143499-Ballpoint-Pen-Basic-M-black/Images/143499_0_PM99.ashx?bc=ffffff&as=0&h=900&w=900&sc_lang=pl-PL&hash=0552B329890216C4F517A47B7B261E90',
userId: new ObjectId('68c49525baa988da36319592')
}
]
--- User data: --- [
{
cart: { items: [] },
_id: new ObjectId('68c59cebf2b7f6e17ff9ea08'),
email: 'test@example.com',
password: '$2b$12$3K2ChFNft.k8lF4TShiRee6vOBnaSqC3gi81SNUDvMf.dhsf84zv.'
},
{
cart: { items: [] },
_id: new ObjectId('68c49525baa988da36319592'),
email: 'foo@bar.com',
password: '$2b$12$9FaAU/JXiYbJ6k3RuPM9pudnJkOPoQaF9BlF0exENihInyhR/6stK'
}
]
npm start/node .\server.js→ start the Node appnpm run db:test→ run DB connectivity test (scripts/test-db.cjs)npm run db:up→ start MongoDB container in backgroundnpm run db:down→ stop MongoDB containernpm run db:reset→ reset database (drop volume + re-init)
.envis ignored by Git; only.env.exampleis committedUSE_MONGODB_ATLASin.envvariable must be set tofalse
My note about csurf deprecation
I know that
csurf has been marked as deprecated.
This course lecture was created a few years ago using
csurf, before the development team deprecated the package. Its purpose is to explain the general principle of CSRF attacks, with csurf being used as the demonstration tool.
Since the attacks are only simulated locally in our code, and this is a course repository after all (though I put my heart into every single one of them), I will continue using
csurf until I decide otherwise.