Authentication is a critical part of any application that deals with user data or personalized experiences. In the MERN stack (MongoDB, Express, React, Node.js), building a robust authentication system involves understanding both backend and frontend processes. This guide will walk you through setting up authentication, covering key concepts, real-world examples, and best practices.
Understanding authentication methods helps you decide the best approach for your application:
The backend handles user registration, login, and authentication logic.
Start by installing the necessary packages:
npm install express mongoose bcrypt jsonwebtoken dotenv
Use Mongoose to create a schema for storing user credentials securely:
const mongoose = require("mongoose");
const bcrypt = require("bcrypt");
const UserSchema = new mongoose.Schema({
username: { type: String, required: true, unique: true },
email: { type: String, required: true, unique: true },
password: { type: String, required: true },
});
// Hash password before saving
UserSchema.pre("save", async function (next) {
if (!this.isModified("password")) return next();
this.password = await bcrypt.hash(this.password, 10);
next();
});
module.exports = mongoose.model("User", UserSchema);
Implement registration and login routes:
const express = require("express");
const User = require("./models/User");
const bcrypt = require("bcrypt");
const jwt = require("jsonwebtoken");
const router = express.Router();
const SECRET_KEY = "your_secret_key"; // Use dotenv in production
// Register Route
router.post("/register", async (req, res) => {
const { username, email, password } = req.body;
try {
const user = new User({ username, email, password });
await user.save();
res.status(201).json({ message: "User registered successfully" });
} catch (err) {
res.status(500).json({ error: "Error registering user" });
}
});
// Login Route
router.post("/login", async (req, res) => {
const { email, password } = req.body;
try {
const user = await User.findOne({ email });
if (!user) return res.status(404).json({ error: "User not found" });
const isPasswordValid = await bcrypt.compare(password, user.password);
if (!isPasswordValid) return res.status(401).json({ error: "Invalid password" });
const token = jwt.sign({ id: user._id }, SECRET_KEY, { expiresIn: "1h" });
res.status(200).json({ message: "Login successful", token });
} catch (err) {
res.status(500).json({ error: "Error logging in" });
}
});
module.exports = router;
Protect routes by verifying tokens:
const jwt = require("jsonwebtoken");
function authenticateToken(req, res, next) {
const token = req.headers["authorization"];
if (!token) return res.status(403).json({ error: "Access denied" });
jwt.verify(token, "your_secret_key", (err, user) => {
if (err) return res.status(403).json({ error: "Invalid token" });
req.user = user;
next();
});
}
module.exports = authenticateToken;
Use it in secure routes:
const express = require("express");
const authenticateToken = require("./middleware/authenticateToken");
const router = express.Router();
router.get("/profile", authenticateToken, (req, res) => {
res.json({ message: `Welcome, User ${req.user.id}` });
});
The React frontend manages user sessions and communicates with the backend.
Use Axios to handle API requests:
npm install axios
Use React Context and hooks for managing authentication:
import React, { createContext, useState, useContext } from "react";
import axios from "axios";
const AuthContext = createContext();
export const useAuth = () => useContext(AuthContext);
export const AuthProvider = ({ children }) => {
const [user, setUser] = useState(null);
const login = async (email, password) => {
const { data } = await axios.post("/api/login", { email, password });
localStorage.setItem("token", data.token);
setUser(data.user);
};
const logout = () => {
localStorage.removeItem("token");
setUser(null);
};
return (
<AuthContext.Provider value={{ user, login, logout }}>
{children}
</AuthContext.Provider>
);
};
Redirect unauthenticated users:
import React from "react";
import { Navigate } from "react-router-dom";
import { useAuth } from "./AuthProvider";
const ProtectedRoute = ({ children }) => {
const { user } = useAuth();
return user ? children : <Navigate to="/login" />;
};
export default ProtectedRoute;
In a fitness app, users expect their session to persist even after a page reload. Without proper token storage and validation, theyu2019d have to log in repeatedly.
npm install express mongoose bcrypt jsonwebtoken dotenv
Authentication in MERN is a blend of backend logic and frontend management. By following best practices, you can create a secure, scalable, and user-friendly authentication system. Whether it's a social platform, an e-commerce site, or a SaaS application, mastering authentication ensures seamless user experiences.
We’re building a community where innovation thrives and tech enthusiasts grow together. Join us on our journey to inspire, learn, and create!
? Explore More:
? Follow Us for Daily Inspiration:
? thecampuscoders.com
? Explore resources, tutorials, and updates that fuel your tech journey!
✨ Let’s Collaborate, Learn, and Build the Future Together!
Have ideas or suggestions? Reach out to us and be part of something extraordinary!
? Contact Us: deepak@thecampuscoders.com
The above is the detailed content of Mastering Authentication in MERN: A Comprehensive Guide. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
