In this exercise, we are going to create a project where we will have all the basic authorization and authentication processes and features that you would in a real application.
- Fork this repo
- Clone this repo
-
Upon completion, run the following commands:
git add . git commit -m "done" git push origin master
-
Create Pull Request so your TAs can check up your work.
After forking and cloning the project, you have to install all the dependencies:
$ npm install
Now you are ready to start ๐
We have to create the sign up functionality of the application, that allows new users to create an account. The users have to provide the following information:
- Username: Must be unique in our application, and will identify each user.
- Password: Must be hashed, using
bcrypt
.
To complete this first iteration, you have to create the User
model with mongoose, the routes, and the views.
Remember that you should to handle validation errors when a user signs up:
- The fields can't be empty.
- The username can't be repeated.
Once the user has signed up, they have to be able to log in the application. You have to create the view and add the correct functionality in the controller to let them log in the application.
Once the user has logged in, you have to create a session with express-session
and connect-mongo
.
Again, we have to check out that the fields are correctly filled before try to authenticate them.
At this point, we have implemented basic authentication features. Now, we have to create some routes that are protected, meaning that users can't visit these routes unless they're authenticated.
Let's create two different routes protected by authentication:
- GET
/main
- Add a funny picture of a cat and a link back to the home page - GET
/private
- Add your favoritegif
and an<h1>
denoting the page as private.
Create the views and add the middleware configuration to avoid accessing these routes without being authenticated.
Let's add validations to our forms. Remember we have two different forms: sign up and log in.
Remember, when a user signs up or logs in, both the username and password fields must be filled in.
Check out the documentation on MDN. See if you can find a constraint that requires the user to fill a field prior to submission.
Create the following routes and corresponding views:
- GET
/profile
- Should display basic information about the user, such as the username and user id. Should not be accessible to non-logged-in users.
Add a name property to the user schema that accepts a string and no has additional validators.
Create the following routes and request handlers/corresponding views:
- GET
/profile/edit
- Should display a form that allows the user to edit their name. - POST
/profile/edit
- Getsname
property from the request body and updates the user document.
Both routes should disallow non-logged-in users. Also, update the /profile
view to display the user's name.
Happy coding! ๐