NodeJS JSON API + MongoDB + JWT + ES6 forms

Here is how to create a real-life NodeJS API together with a login form.

Resources:

JavaScript for beginners - learn by doing

Learn Node.js, Express and MongoDB + JWT

We will start with the HTML representing the form as well as its JavaScript functionality:

formLogin.html


  <html>

   <body>

    <form id="myform">

     <div>

      <label for="email">Email:</label>

      <input type="text" id="email" name="email" />
 
     </div>
 
     <div>
 
      <label for="password">Password:</label>
 
      <input type="password" id="password" name="password" />
 
     </div>
 
     <div class="button">
 
      <button type="submit" id="loginUser">Send</button>
 
     </div>
 
    </form>

 
    <div id="result"></div>


    <script type="text/javascript">

     async function fetchData(url = '', data = {}, method, headers = {}) {
 
      const response = await fetch(
 
       url, {
 
        method,
 
        headers: { 'Content-Type': 'application/json', ...headers },
 
        ...data && { body: JSON.stringify(data) },
 
       });
 
       return response.json();
 
      }

 
      
      let form = document.querySelector('#myform');
 
       if (form) {
 
        form.addEventListener('submit', (e) => {

         e.preventDefault();

         fetchData(

          '/user/login',

          { email: this.email.value, password: this.password.value },

          'POST'
 
         ).then((result) => {
 
          if (result.token) {
 
           // request the url with token
 
           fetchData('/info', null, 'GET', { Bearer: result.token })
 
           .then((result) => { console.log(result); });
 
           return;
 
          }
 
          document.querySelector('#result').innerHTML = `message: ${result.message}`;
 
         })
 
         .catch(error => console.log('error:', error));
 
        })
 
       }
 
     </script>

   </body>

  </html>

our main node server: index.js


import express from "express";

import mongoose from "mongoose";

import dotenv from "dotenv";



// import the routes

import routes from "./routes/routes.js";


// create an express instance

const app = express();


app.use(express.json())


// setup the middleware routes

routes(app);


// config the database credentials

dotenv.config();


// connect to the database

mongoose.connect(
 
 process.env.DB_CONNECT,
 
 { useNewUrlParser: true, useUnifiedTopology: true },
 
 () => console.log("connected to mongoDB")

);


// listen for errors

mongoose.connection.on('error', console.error.bind(console, 'MongoDB connection error:'));


// listen on port 3000

app.listen(3000, () => console.log("server is running"));

application routes: routes.js


import { loginUser } from "../controllers/controller.js";

import { info } from "../controllers/info.js"; // the protected route

import { auth } from "../controllers/verifyToken.js"; // middleware for validating the token


import * as path from 'path';

import { fileURLToPath } from 'url';

const __filename = fileURLToPath(import.meta.url); // The absolute URL of the current file.

const __dirname = path.dirname(__filename); // parse just the directory




const routes = app => {
 
 app.route("/user/login").get((req, res) => { res.sendFile('formLogin.html', { root: path.join(__dirname, "../views") }); });
 
 app.route("/user/login").post((req, res) => loginUser(req, res)); // we capture inside req, and res

 
 app.route("/info").get(auth, (req, res) => info(req, res)); // we capture inside req, and res
 
 // and insert the auth middleware to process the token

};

export default routes;

our main controller: controller.js


import mongoose from "mongoose";

mongoose.set("useCreateIndex", true);

import { userSchema } from "../models/user.js";

import jwt from "jsonwebtoken";


const User = mongoose.model("users", userSchema); // users is the name of our collection!

export const addNewUser = (req, res) => {
 
 User.init(() => {
 
 // init() resolves when the indexes have finished building successfully.
 
 // in order for unique check to work

 
 
  let newUser = new User(req.body); // just creating w/o saving
 
  newUser.password = newUser.encryptPassword(req.body.password);

 
  newUser.save((err, user) => { // now saving
 
   if (err) {
 
    res.json({ 'message': 'duplicate email' });
 
   }
 
   res.json(user);
 
  });
 
 });

};


 
export const loginUser = (req, res) => {

 
 if (req.body.password == null || req.body.email == null) {
 
  res.status(400).json({ 'message': 'Please provide email / password' });
 
  return;
 
 }

 
 User.init(() => {
 
  User.findOne({ email: req.body.email }, (err, user) => {
 
   if (err) {
 
    res.json(err);
 
    return;
 
   }
 
   if (user == null) {
 
    res.status(400).json({ 'message': 'Non existing user' });
 
    return;
 
   });

 
    
   // here user is the fetched user
 
   const validPassword = user.validatePassword(req.body.password, user.password);

 
   if (!validPassword) {
 
    res.status(400).json({ 'message': 'Not valid password' });
 
    return;
 
   }

 
   // create and send a token to be able to use it in further requests
 
   const token = jwt.sign({ _id: user._id }, process.env.TOKEN_SECRET);
 
   res.header("auth-token", token) // set the token in the header of the response
 
   .json({ 'token': token }); // display the token
 
   });
 
  });

 };

js helper middleware for working with JWT tokens: verifyToken.js


    import jwt from "jsonwebtoken";

    export const auth = (req, res, next) => {
 
     const token = req.header("Bearer"); 
 
     if (!token) return res.status(401).json({'message':'access denied'});
 
     const verified = jwt.verify(token, process.env.TOKEN_SECRET);
 
     if (!verified) res.status(400).message({'message':'Invalid token'});
 
     // continue from the middleware to the next processing middleware :)
 
     next();

     };

user database model: user.js


import mongoose from 'mongoose';

import bcrypt from 'bcryptjs';


let userSchema = new mongoose.Schema(
 
 {
 
  email: {
 
   type: String,
 
   requires: "Enter email",
 
   maxlength: 50,
 
   unique: true
 
  },
 
  password: {
 
   type: String,
 
   required: "Enter password",
 
   maxlength: 65
 
  }
 
 },
 
 {
 
  timestamps: true
 
 }

);


userSchema.method({
 
 encryptPassword: (password) => {
 
  return bcrypt.hashSync(password, bcrypt.genSaltSync(5));
 
 },
 
 validatePassword: (pass1, pass2) => {
 
  return bcrypt.compareSync(pass1, pass2);
 
 }

});


export { userSchema };

Congratulations !

Nevyan's how to's

NodeJS JSON API + MongoDB + JWT + ES6 forms

About Nevyan Neykov