User AUTH in MERN
I am currently working on a fun project with a few friends. We are building a social media for travelers and implementing a job board for traveling nomads looking for work. We are using MERN as our tech stack and we are probably going to migrate to AWS soon. In our first sprint, we started on a simple pipeline for POST/GET requests. I mainly worked on the backend — making controllers, models, and routes. Here is what it looked like after the first sprint:
Pretty cool stuff! In this sprint, we are creating user accounts and doing authentication. Below is my implementation and design!
I first created a user schema with a few parameters.
const userSchema = new Schema({
username: {
type: String,
required: true,
unique: true
},
password: {
type: String,
required: true
},
email: {
type: String,
required: true,
unique: true
}
...We then declared userSchema.statics.signup as an async function underneath the usermodel. We use statics here instead of methods because we did not already have objects instantiated. Statics do not need access to an instance of the class in order to access the functionality associated. We have to account for some edge cases. I covered most of them.
I then checked the database for uniqueness. The findOne() function returns the document whereas find() returns a cursor. It was just more efficient to implement two findOne() functions to check both the username and email.
// checks database to see if username and email entered are new and unique
const usernameExists = await this.findOne({ username })
const emailExists = await this.findOne({ email })
// if duplicate found, throw error to enforce uniqueness requirement in schema.
if (usernameExists || emailExists) {
throw Error('Error: Email/Username already in use!')
}After that, it was pretty simple to salt the password and create the user:
Now that we implemented a statics signup, we can use it in our user accounts controller. In our request body, we set the username, email, and password. We then implement a try-catch block to find errors inside our await function for signup.
// signup controller
const signupUser = async (req, res) => {
const {username, email, password} = req.body
try {
// reference signup model in userModel
const user = await User.signup(username, email, password)
// throw ok code if good, and print as json for postman
res.status(200).json({username, email, user})
} catch (error){
// throw error if fail
res.status(400).json({error: error.message})
}
}Awesome! We got have some logic working. After adding our expressJS routes and adding it to server.js, we can test it out. I send a post request and get the JSON response I was expecting:
With this done, it is time to decide between JWTs and Sessions for authentication.