Database Connection and Backend Validation | Node Auth Tutorial – Part 2

Released on May 11th 2017
Length: 45:45

Learn the basics behind creating a user based login system with Node, Express, and Passport.js. In part two of our Node Authentication series, we cover how to grab form values within our backend, how to create a database, database tables, and well written database fields; how to insert data into our database using Node's mysql package, and how to validate our users' submitted values on the backend using the express-validation package. Included are tips on security and validation that'll ensure your app is as functional as can possibly be (from what I know). Within Part 3, we will be covering the basics behind hashing our users' passwords (and why we must do this within any password related app), and how to use Passport.js to authenticate users and permit access to restricted pages. Stay tuned. Video Git Repo (starts at part 1): ------------------------------------------------ Node Authentication Process: ------------------------------------------ // Add our boilerplate // 1.x Git clone express-cc repo // 2.x Run yarn / npm install // Create a new user in the database // 1.x Create a form within a view // 2.x Create route that'll process the form's post request // 3.x Create a database connection using .env file // 4. Grab form input and insert into database // 5. Add express-validation package // 6. Validate user input on backend // 7. Validate user input on frontend // 8. Hash our user's password // 9. Store user in database // Login user (update user session, return auth cookie) // 1. Install passport // 2. Configure passport with local strategy // Protect routes and only permit entry with authorization cookie // Create logout button // Create login page Validation Snippet Used in Video: ----------------------------------------------- req.checkBody('username', 'Username field cannot be empty.').notEmpty(); req.checkBody('username', 'Username must be between 4-15 characters long.').len(4, 15); req.checkBody('email', 'The email you entered is invalid, please try again.').isEmail(); req.checkBody('email', 'Email address must be between 4-100 characters long, please try again.').len(4, 100); req.checkBody('password', 'Password must be between 8-100 characters long.').len(8, 100); req.checkBody("password", "Password must include one lowercase character, one uppercase character, a number, and a special character.").matches(/^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?!.* )(?=.*[^a-zA-Z0-9]).{8,}$/, "i"); req.checkBody('passwordMatch', 'Password must be between 8-100 characters long.').len(8, 100); req.checkBody('passwordMatch', 'Passwords do not match, please try again.').equals(req.body.password); // Additional validation to ensure username is alphanumeric with underscores and dashes req.checkBody('username', 'Username can only contain letters, numbers, or underscores.').matches(/^[A-Za-z0-9_-]+$/, 'i'); Video Timeline: ----------------------------- 00:00 - Review where we left off 00:23 - Changes since the last episode 03:49 - Grabbing our users' input 06:52 - Testing and using our database connection 11:06 - Creating our first SQL query 11:42 - Creating our database schema (what are good validation rules for a user based app?) 22:32 - Why we need validation, and how to add it with Express 29:30 - Adding integrity rules to our database to ensure usernames and email addresses are unique 31:55 - Comprehensive validation rules with express-validator (paste snippet above here) 34:27 - Returning validation errors to the user To be continued... The Platform: ------------------------- is a platform in progress whose goal is to educate aspiring and seasoned web developers via story driven learning. Each course tells a different story, and each milestone reveals a different scene. With an expansive universe to explore, you can track your progress, and gain the necessary skills needed to build your dreams. For updates on the progress of and future videos, join the Chris Courses mailing list at Chris Courses Social: ----------------------------------- Twitter: Facebook: Christopher Lis Social: ------------------------------------- Twitter: CodePen: