35. Module introduction

In this module, we'll be adding user accounts to our API.

The main purpose of this is to allow us to create an authentication system to restrict some of our endpoints.

We're going to be using JSON Web Tokens for this, which is special kind of token that works brilliantly for securing APIs.

We'll be adding a lot of code to our user model in this module, including custom model methods for creating and validate JSON web tokens, as well as hashing user passwords to keep them safe.

We'll be creating several controller methods too, for registering and logging in users, and we'll be attaching our JSON Web Token to the response.

We're also going to make our own custom middleware for Express. This one here allows us to protect an endpoint, requiring a valid JWT to be supplied before it can be used.

We're also going to provide different user roles, including an admin role, which will allow us to further controll access to our endpoints.

And, of course, we'll be writing unit tests for our new user endpoints. This involves a number of interesting challenges, especially regarding authorization in our test requests.

So, as you can see, there's a lot to cover in this module, so let's get started!

Discussion

0 comments