auth api with node

Step-by-Step Guide to Building a Robust Auth API with Node.js and MongoDB

AGARO Marvel 9L Oven Toaster Griller, Cake Baking, Grilling, Toas...

AGARO Marvel 9L Oven Toaster Griller, Cake Baking, Grilling, Toas…

  • Toast, Bake, Grill and more.
  • Adjustable temperature from 100°C to 250°C.
  • Adjustable timer up to 30 minutes.
₹1,898
Is prime
Buy on Amazon

Authentication is a cornerstone of modern web applications, ensuring secure user access to systems. If you’re building an Auth API with Node.js and MongoDB, this guide will walk you through the process step-by-step. By the end, you’ll have a secure, scalable, and reliable authentication system that meets modern standards.

Why Use Node.js and MongoDB for Authentication?

Node.js, known for its efficiency and scalability, pairs well with MongoDB, a flexible NoSQL database. Together, they provide an excellent foundation for building robust APIs. The asynchronous nature of Node.js, combined with MongoDB’s schema-less design, enables quick and efficient development of complex authentication systems.

Step 1: Setting Up the Environment

Before diving into coding, ensure your development environment is ready.

Prerequisites:

  • Node.js: Download and install the latest version from nodejs.org.
  • MongoDB: Install MongoDB locally or use a cloud service like MongoDB Atlas.
  • Postman (or an equivalent API testing tool): To test your API endpoints.

Initialize the Project

Run the following commands to create your project:

mkdir auth-api
cd auth-api
npm init -y

This creates a package.json file, the core of your Node.js project.

Install Required Packages

Install the essential packages for authentication:

npm install express mongoose bcrypt jsonwebtoken dotenv
  • Express: For building APIs.
  • Mongoose: For interacting with MongoDB.
  • Bcrypt: For hashing passwords.
  • JSON Web Token (JWT): For secure user sessions.
  • Dotenv: For managing environment variables.

Step 2: Configuring the Project

Directory Structure

Organize your project for scalability:

auth-api/
├── controllers/
├── models/
├── routes/
├── config/
├── .env
├── server.js

Configure Environment Variables

Create a .env file in the root directory and add:

PORT=5000
MONGO_URI=mongodb://localhost:27017/authDB
JWT_SECRET=your_jwt_secret_key

Load these variables using dotenv in your application:

require('dotenv').config();
const PORT = process.env.PORT || 5000;
const MONGO_URI = process.env.MONGO_URI;
const JWT_SECRET = process.env.JWT_SECRET;

Step 3: Connecting to MongoDB

Establish a connection to the database in a config/db.js file:

const mongoose = require('mongoose');

const connectDB = async () => {
    try {
        await mongoose.connect(process.env.MONGO_URI, {
            useNewUrlParser: true,
            useUnifiedTopology: true,
        });
        console.log('MongoDB Connected...');
    } catch (error) {
        console.error('Error connecting to MongoDB:', error.message);
        process.exit(1);
    }
};

module.exports = connectDB;

Import and invoke this function in your main file (server.js).

Step 4: Building the User Model

Create a models/User.js file for the user schema:

const mongoose = require('mongoose');
const bcrypt = require('bcrypt');

const UserSchema = new mongoose.Schema({
    name: { type: String, required: true },
    email: { type: String, required: true, unique: true },
    password: { type: String, required: true },
}, { timestamps: true });

// Hash password before saving
UserSchema.pre('save', async function (next) {
    if (!this.isModified('password')) return next();
    this.password = await bcrypt.hash(this.password, 10);
    next();
});

module.exports = mongoose.model('User', UserSchema);

Step 5: Setting Up Routes and Controllers

User Registration

Add a routes/auth.js file:

const express = require('express');
const { registerUser } = require('../controllers/authController');
const router = express.Router();

router.post('/register', registerUser);

module.exports = router;

In the controllers/authController.js file:

const User = require('../models/User');

const registerUser = async (req, res) => {
    const { name, email, password } = req.body;
    try {
        const existingUser = await User.findOne({ email });
        if (existingUser) return res.status(400).json({ message: 'User already exists' });

        const user = await User.create({ name, email, password });
        res.status(201).json({ message: 'User registered successfully', user });
    } catch (error) {
        res.status(500).json({ message: 'Server Error', error: error.message });
    }
};

module.exports = { registerUser };

User Login

Add a login route:

router.post('/login', loginUser);

In authController.js:

const jwt = require('jsonwebtoken');
const bcrypt = require('bcrypt');

const loginUser = async (req, res) => {
    const { email, password } = req.body;
    try {
        const user = await User.findOne({ email });
        if (!user) return res.status(400).json({ message: 'Invalid credentials' });

        const isMatch = await bcrypt.compare(password, user.password);
        if (!isMatch) return res.status(400).json({ message: 'Invalid credentials' });

        const token = jwt.sign({ id: user._id }, process.env.JWT_SECRET, { expiresIn: '1h' });
        res.status(200).json({ message: 'Login successful', token });
    } catch (error) {
        res.status(500).json({ message: 'Server Error', error: error.message });
    }
};

Step 6: Middleware for Protecting Routes

Create an authMiddleware.js file:

const jwt = require('jsonwebtoken');

const protect = (req, res, next) => {
    const token = req.header('Authorization')?.split(' ')[1];
    if (!token) return res.status(401).json({ message: 'Unauthorized' });

    try {
        const decoded = jwt.verify(token, process.env.JWT_SECRET);
        req.user = decoded;
        next();
    } catch (error) {
        res.status(401).json({ message: 'Invalid Token' });
    }
};

module.exports = protect;

Step 7: Testing the API

Use Postman or similar tools to:

  1. Register a user with the /register endpoint.
  2. Log in with /login to get a token.
  3. Test protected routes using the Authorization header with the token.

Conclusion – Auth API With Node

Building an Auth API with Node.js and MongoDB ensures a secure and efficient user authentication process. By following this guide, you’ve set up a foundation for advanced features like role-based access control, multi-factor authentication, and account recovery.

Take your time to implement each step, and don’t hesitate to expand on this basic setup to suit your application’s needs. Happy coding!

Security is a critical aspect of any authentication system, and encrypting access tokens is an essential step to enhance your application’s safety. To dive deeper into why this practice is crucial and how it adds an extra layer of protection against potential vulnerabilities, check out our detailed blog post: Why Encrypting Access Tokens Should Be Your Next Security Move!. It’s packed with insights and practical tips to help you secure your APIs like a pro.

PHILIPS Air Fryer NA120/00, uses up to 90% less fat, 1500W, 4.2 L...

PHILIPS Air Fryer NA120/00, uses up to 90% less fat, 1500W, 4.2 L…

  • Philips Airfryer NA120/00 (Large, 4.2 L) lets you cook great tasting food with up to 90% less fat*
  • Patented Rapid Air technology with unique starfish design pan ensures evenly fried results without flipping the food
  • Preset menus for 12 different ways of cooking – Fry, bake, grill, roast and more. Easily adjust time and temperature — i…
₹4,799
Is prime
Buy on Amazon

Trending now

media queries
Media Queries 2025: Unlocking Next-Level Responsive Design
javascript loops
Mastering JavaScript Loops: A Beginner’s Guide
javascript functions
Exploring JavaScript Functions: Syntax, Scope, and Hoisting
javascript objects
Understanding JavaScript Objects: Key Concepts and Examples