Photo by NASA on Unsplash

Creating a Login / Signup system

So today I finally managed to create the Login / Signup system after several months of being blocked because I had no experience working with cryptography libraries!

To disclose the tech stack I am using to create a simple username / password based authentication system, I’m using the most popular option out there, which is passportjs. I’ve been using their official guide on creating the auth system, but it’s been more or less a struggle for me. I am not sure why but I kept getting errors from the encryption method they were using (NodeJS’s crypto.pbkdf2), but I eventually had to settle to writing my code with bcrypt which worked perfectly on first try!

ExpressJS Auth Router

Essentially, all I am doing is using ExpressJS to get the login / signup information, and then validate them using passport-local-stategy upon signin and using bcrypt to hash passwords upon signup.

Schema validation middleware

Some cool stuff going on in the first example, it is the schema validation middleware, I found a nifty package called express-validator which allows you to define a schema and then use it to validate your express request objects! I came across some helper functions through a bit of googling so I grabbed that too, and here is how the whole schema validation setup works:

So this is just a simple module that I have saved in the project that takes in a schema object and then validates, and also returns errors directly via response!

This is how my schema objects are setup so far:

Password verification

The password local verification strategy implementation is also pretty straightforward, we’re just taking in the schema-validated response and looking for user, if they exist, we use the aforementioned cryptography libraries to compare password and construct response.

Conclusion

So this is how my efforts to implement an auth system for this books app server came to a fruitful end! I know you may be screaming that there’s no tests or that this is hardly even production ready! and you may be right but that has never been the goal of this endeavour.

One thing I have learnt during this process is to not give into temptations to add unnecessary things. Halfway through implementing the schema validation with express-validator, I was really tempted to rewrite everything I wrote until then using a brand new schema validation tool I found: joi, but I managed to convince myself that even if that tool may be superior, it doesn’t really matter because my usecase is very simple and straightforward, and I would have started an unnecessary refactoring project for when the existing setup already works perfectly fine! One more temptation I had during this process was to create a login / signup page. Being a frontend engineer, I don’t usually work with Postman or any kind of curl scripts, so this is still a very unfamilier territory for me. I am currently actually debating if I should use something like riposte to write API tests.

That’s it for this post, I hope it was interesting to looking to the way I work 🙂

en_USEnglish