JS-301-NodeServer
  • Introduction
  • js_library
    • Node Server
      • 00 - Intro
        • 01 - Purpose
        • 02 - Back-End Setup
        • 03 - Terms Cheat Sheet
      • 01 - Server Set up
        • 01 - npm packages
        • 02 - Express Intro
        • 03 - Express code
      • 02 - Development Tools
        • 01 - Nodemon Intro
        • 02 - Postman Intro
        • 03 - Postman set up
      • 03 - Routes Intro
        • 01 - Routes intro
        • 02 - Express Router() intro
        • 03 - Challenge 1
        • 04 - Challenge 2
      • 04 - Database Intro
        • 00 - DB Intro and Set up
          • 00 - DB Intro
          • 01 - PostgreSQL Intro
          • 02 - Install
        • 01 - Sequelize Intro
          • 01 - Sequelize intro
          • 02 - Initialize
      • 05 - Model View Controller
        • 01 - MVC
          • 00 - MVC Intro
        • 02 - Models
          • 01 - Intro to Models
          • 02 - Test Model
        • 03 - Controllers
          • 00 - Controllers Intro
          • 01 - Controller Set up
          • 02 - Create Method
          • 03 - req.body()
          • 04 - Crafting the Response
          • 05 - Sending the Response
          • 06 - JSON Response
          • 07 - Error Handling
        • 04 - Conclusion
      • 06 - Tokenization
        • 01 - JWT Intro
          • 01 - JWT intro
        • 02 - User Create
          • 01 - User Create
          • 02 - Refactor
        • 03 - User Token
          • 01 - JWT Package
          • 02 - Adding JWT
          • 03 - ENV
      • 07 - Encryption
        • 01 - bcrypt
        • 02 - bcrypt setup
      • 08 - Session
        • 00 - Session Intro
        • 01 - Sign In Method
        • 02 - Sign In Bcrypt
        • 03 - Sign In JWT
      • 09 - Middleware
        • 01 - Test Client HTML
        • 02 - Test Client JS
        • 03 - Middleware intro
        • 04 - Headers intro
        • 05 - Server Update
        • 06 - Test Post
        • 07 - Test Post Refactor
        • 08 - Post Data
        • 09 - Fetch From One
      • 10 - Authenticated Routes
        • 01 - Intro to Authenticated Routes
        • 02 - Validate Session
        • 03 - Changes to app.js
        • 04 - authtestcontroller.js
        • 05 - Delete an Item
        • 06 - Update an Item
        • 07 - Postman Testing
      • 11 - Authenticated Requests
        • 00 - Additions to index
        • 01 - Anatomy of a Request
        • 02 - Create User
        • 03 - Getting a Token
        • 04 - Get Items From One User
        • 05 - Creating an Item for a User
        • 06 - Get one item
        • 07 - Update an Item
        • 08 - Deleting an Item
        • 09 - Deleting with a Custom Event
      • 12 - Workout Log Server
        • 00 - Intro
      • 13 - More Sequelize Functions
        • Migrations
          • 00 - Intro
          • 01 - init and config
          • 02 - Creating the First Migration
          • 03 - Running Migrations
          • 04 - Reverting Migrations
          • 05 - Seeds
          • 06 - Reverting Seeds
        • Queries
          • 00 - Intro
          • 01 - Queries
Powered by GitBook
On this page
  • Overview
  • What is an Authenticated Route?
  • How Do We Do It?
  • server/models/authtest.js
  1. js_library
  2. Node Server
  3. 10 - Authenticated Routes

01 - Intro to Authenticated Routes

In this module, we'll begin working with authenticated routes by creating routes that require a valid token to access.

Overview

With Postman, we have the ability to create an account, login to an account, and receive a token. In a little while, we will use those routes in the DOM. However, for now, let's do some server work and prepare it for authenticated requests.

What is an Authenticated Route?

An authenticated route is another way of saying a protected route. There are parts of our database and site that we only want certain people to be able to access, and only certain parts that those certain people are allowed into. When you login to your email or a site like Facebook, you're being taken to an authenticated route: your email inbox, your Facebook feed, etc. While their authentication processes are undoubtedly far more advanced and complicated than what we'll do, the idea is the same: keeping out any unauthorized traffic or malicious users.

How Do We Do It?

We need to write a middleware function that acts as a gate between the client and the server. This middleware is going to look for and look at our token in the request. If the request has a token, it's allowed to pass through the gate to reach the server and get data from Postgres to be returned or saved for a specific user. If not, the request is rejected.

Think back to the example about the bar from earlier. In this context, the bar is the route we want to authenticate. After you pay your cover and get your stamp, you go inside and order a drink from the bartender. First, the bartender has to check that you have a stamp, then check your ID to make sure that you're old enough to drink. This second step is the new middleware function that we're going to create: validation.

We can even take this one step further: Let's say the bar uses different stamps for different nights of the week. The doorman was only checking to make sure that you had a stamp; the bartender will check to make sure it's TONIGHT's stamp, not the previous night's. Remember that when we create our tokens, we give them an expiration date, so our new middleware function needs to not only verify that the token belongs to the user that it was assigned to, but also verify that the token is still valid.

Let's do a little bit of server setup now, and then make some changes to our client.

server/models/authtest.js

In order to try out using authenticated routes, we need a new table in our database that we can place behind an authentication barrier. Follow these steps:

  1. In the models folder in the server, add an authtest.js file.

  2. Add the following code inside of the file:

    module.exports = function(sequelize, DataTypes) {
             return sequelize.define('authtestdata', {
                 authtestdata: DataTypes.STRING,
                 owner: DataTypes.INTEGER
             });
     };
  3. Notice that we will be providing two properties: authtestdata and owner.

  4. Think of authtestdata as a string like testData.

  5. The owner is a number, a foreign key, that will point to a specific user on the users table.

Previous10 - Authenticated RoutesNext02 - Validate Session

Last updated 7 years ago