Login and Registration Using JWT, Express, and MySQL

JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed.

Nowadays JWT is highly used for handling authentication and authorization via HTTP. Once the user is registered and logged in, each subsequent request will include the JWT, allowing the user to access routes, services, and resources that are permitted with that token. The diagram given below represents how the JWT works;

This article is about the simple login and registration system using JWT,Node.js with the Express framework and MySQL database.

Step 1:Create the table in MySQL database

At first, create a “users” table in the database using the following command in the MySQL shell:

CREATE TABLE IF NOT EXISTS users (

user_id INT(11) NOT NULL PRIMARY KEY AUTO_INCREMENT,

username VARCHAR(255) NOT NULL,

email VARCHAR(100) NOT NULL UNIQUE,

password CHAR(64) NOT NULL,

created_at datetime NOT NULL DEFAULT CURRENT_TIMESTAMP

);

Step 2:Setup the database connection

In this step, we set up a connection to the database using our Node.js application.

Step 3: Setting up an Express Router and creating routes

In this step, we import the required libraries and set up the Express app in the app.js file which is the entry point of our application. We register the routes on the server.

In the user.js file, we define all our routes.

Here we use the route ‘ /registration’ for registration and route ‘/login’ for login. We have route ‘/secret-route’ which can be accessed only by an authenticated user.

Step 4:Registration

In this step, we register the new user to our database. In order to register a new user to our database, we check whether the email already exists or not. If the email has already been used we throw an error. But if the email is unique, we register the user successfully. Before saving the user credentials to our database, the password entered by the user is hashed using bcrypt module.

Step 5:LogIn using JWT

Once the users have been registered, they can use the login route to login. On the basis of credentials provided by users, we search for appropriate database entry by email. Then the entered password is checked with the hashed password stored in the database usingbcrypt.compare(). Every time the user login, the JWT token is generated which is used later for verification. If the password or email doesn’t exist we return an error otherwise the user object and the token generated by JWT are returned.

Step 6: Protect the routes

After creating the registration and login functionality we want to protect some routes so that they can be accessed by registered users only. For this, we take the help of a token. We create the new middleware in our authenticaton.js file and register it in our app.js file as we did with routes. The token is taken from the header of the request and verified by JWT.

To protect routes, we simply include middleware when calling the routes as shown in the code given below

The req.id contains the data we have stored in the JWT key (in this case user id). This allows us to read user-defined values from the database using the id for protected routes.