12/27/2023 0 Comments Mern stack tutorial![]() ![]() ![]() The higher the number, the harder it is for the password to be brute forced but the more processing time is required. The second parameter of bcrypt's hash method describes how many rounds the hashing algorithm should perform, so for mine it would go 2^10 or 1024 times. After confirming that a user is not already in the database, we use bcrypt to hash the password. Also, make sure that the findOne method is on the User model that we imported from our user.js file and that it is awaited because we don't want to have our if statement happen before we check if the username or email is in the database. We start by checking if the username or email is already in the database through mongoose's findOne method with an object providing what we are looking for. Now we must actually register the user by placing their info into the database as shown in the code snippet below. JWTs will be used for the login system, but the register route needs access to the User schema and bcrypt as well. Our body parser middleware from above will allow us to access this post data in req.body But first, let's require some helpful modules at the top of our server.js file. ![]() We haven't created the frontend for our registration system yet, but pretend that we have a field for a username, email, and password that posts a JSON object with this data to our "/register" route. In this case, every field is required, and we even have a second parameter that lets us set timestamps for the creation of the database entry. In the snippet above, you can see that we need to specify the data type of each item and whether it should be required by the user or not. This model will be called upon later when we create our register route because each user will need to utilize it. We can do this by using a Schema which takes in an object representing our data. MongoDB provides us with the id, but we have to show mongoose what the rest of the data will look like. Typically, users are modeled as an object with these five properties: username, email, password, and id when they were created. The next step is creating a model that describes how each user will be structured in our database. To get your dbURI, you need to create a collection on MongoDB Atlas, but make sure to save your username and password in environment variables and not directly in the string like I did in my example below The snippet below shows the basic setup of our server.js file and includes connecting to the database as well as including some required body-parser middleware. Lastly, we have body-parser which just allows us to access post data from React in our post requestsīefore we start, we need to create a file structure that looks something like this (I'll explain the purpose of the models directory and users file soon).mongoose is used to connect to our database, but I won't really explain the nitty gritty details of it because this tutorial is about authentication.I will explain JSON Web Tokens (JWTs) more later on but in short, the jsonwebtoken package is used to authorize a user (by the way, authorize means to check whether a user has access to a certain resource or route whereas authenticate means to verify that a user is who they claim to be which happens during the login process).bcrypt is used to hash the password we save to the database and is used later to verify that we entered the right token with each login.Enter fullscreen mode Exit fullscreen mode ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |