Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.


User Authentication With Express and Mongo Course

via Treehouse


Learn how to implement a custom user authentication system that controls users access to web resources using Node.js using Express and MongoDB. The system lets users sign up, log in, and log out, limiting access to password-protected resources. Express is a popular web framework for creating MVC applications and RESTful APIs in Node.js. Express lets developers define routes and middleware for submitting and retrieving data in our database. We will leverage the document based NoSQL database, MongoDB, to store our user data by creating a user model with mongoose. Mongoose is an open source Node package for defining data models for an application and connecting to MongoDB.

What you'll learn

  • What is Authentication?
  • User Registration
  • Pug (formerly Jade) templating engine
  • Sessions
  • Cookies
  • Express Middleware


What is Authentication?

In this stage we will start by showing the finished project in action then walk through the source code of the starter project. Before diving into the code we will first go over what authentication is and why it is important. We will demystify the authentication process and you will gain an understanding of what is going on behind the scenes when you log into a website. After that we will jump into the code of our project and start working with models and routes.

Chevron 6 steps
  • What is User Authentication?


  • Authentication and Authorization


  • Review: Authentication and Authorization

    5 questions

  • Preview the Project


  • Setting Up the Project


  • Review: Node, Express and npm

    6 questions

User Registration

Let’s continue to develop our project by adding routes and views to our Express application. We will use the default templating engine, Jade, to create a registration form. You will also learn how to tie our application into MongoDB using Mongoose, what hashing and salting are, and how they fit into an authentication process. Finally, we will improve our user model with methods and validation while using the Node bcrypt module.

Chevron 11 steps
  • Define User Registration Routes


  • Using Nodemon While Developing an Express App


  • Creating a Registration Form With Pug (Jade)


  • Review: Routes, Nodemon and Pug

    5 questions

  • Setting Up Mongoose and a Mongo Database


  • Defining a Mongo Schema with Mongoose


  • Adding Data to the Database


  • Review: Mongo, Mongoose and Schemas

    5 questions

  • Hashing and Salting


  • Storing Passwords Securely


  • Review: Passwords, Hashing and Salting

    5 questions

Sessions and Cookies

Now that we have the logic in place to create and authenticate users, how do we know if the user is logged in? Well, that is where sessions come in. A way of identifying a user will be stored in the session. We will know who the user is as they navigate through the website. Cookies can be used to store this information, and that is what we will show you how to use in this stage.

Chevron 9 steps
  • Adding User Login


  • Tracking Visits With Sessions and Cookies


  • Working with Sessions in Express


  • Review: Sessions, Cookies and Express

    5 questions

  • Adding Log In Routes


  • Creating a Login Form With Pug (Jade)


  • Authenticating the Username and Password


  • Creating the Profile Route and Page


  • Review: Login Routes

    5 questions

Improving the App with Custom Middleware

We are almost done with our authentication system! Now that users can register and login and you have sessions to identify the user we need to think about security. Right now anyone that can access the site can navigate to any of the routes whether they are logged in or not. With middleware we can make sure that doesn’t happen.

Chevron 9 steps
  • Using Session Variables to Customize Content


  • Adding a Log Out Route


  • Review: Custom Content

    3 questions

  • Understanding Express Middleware


  • Writing Custom Middleware


  • Writing More Middleware


  • Using MongoDB as a Session Store


  • Next Steps


  • Review: User Authentication With Express and Mongo

    5 questions

Taught by

Jonathan Foster

Related Courses


Start your review of User Authentication With Express and Mongo Course

Never Stop Learning!

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free