Express.js is one of the most popular web application frameworks for Node.js. It simplifies the process of building web applications and APIs by providing a robust set of features for handling routing, middleware, and HTTP requests. In this module, we will explore how to set up and use Express.js to build a basic web server and API.

Table of Contents

1. Introduction to Express.js
2. Installing and Setting Up Express.js
3. Building a Basic Web Server with Express
4. Handling Routes and HTTP Methods
5. Working with Middleware in Express
6. Building RESTful APIs with Express
7. Error Handling in Express.js
8. Conclusion

1. Introduction to Express.js

Express.js is a minimal and flexible Node.js web application framework that provides a set of tools to build web applications and APIs. It abstracts much of the complexity involved in managing HTTP requests and responses, making it easier for developers to build and maintain applications.

Express simplifies routing, which is the process of handling incoming requests, and it allows developers to create endpoints to respond to different HTTP methods such as GET, POST, PUT, and DELETE. Express also allows for easy integration with middleware, which can be used for various tasks such as authentication, logging, error handling, and more.

With its easy-to-use API, Express has become one of the most widely used frameworks for Node.js development.

2. Installing and Setting Up Express.js

Before we begin using Express, we need to install it. Express is available via npm, so we can install it easily by running the following command in your project directory:

npm install express --save

Step 1: Creating the Basic Express App

Once Express is installed, you can create a simple Express server with just a few lines of code. In your project directory, create a new file named app.js (or any name you prefer).

Here is how you set up a simple Express server:

const express = require('express');
const app = express();
const port = 3000;

// Basic route
app.get('/', (req, res) => {
  res.send('Hello, Express!');
});

// Start the server
app.listen(port, () => {
  console.log(`Server is running at http://localhost:${port}`);
});

Step 2: Running the Server

To run your Express server, use the following command:

node app.js

After running this command, you can visit http://localhost:3000 in your browser, and you should see the message “Hello, Express!” displayed.

3. Building a Basic Web Server with Express

Now that we have a basic server up and running, let’s explore how to handle different HTTP methods and routes.

Handling GET Requests

The app.get() method is used to handle GET requests to a specific URL or route. You can define routes with dynamic segments, which allows for capturing parameters from the URL.

app.get('/greet/:name', (req, res) => {
  const name = req.params.name;
  res.send(`Hello, ${name}!`);
});

This will return a personalized greeting when you visit http://localhost:3000/greet/John.

Handling POST Requests

The app.post() method is used to handle POST requests. It’s commonly used for handling form submissions or sending data to the server.

app.post('/submit', (req, res) => {
  res.send('Form submitted successfully!');
});

4. Handling Routes and HTTP Methods

Express allows you to handle all standard HTTP methods (GET, POST, PUT, DELETE) through route handlers. Here’s how you can manage these methods in your application:

// Handle GET request
app.get('/data', (req, res) => {
  res.json({ message: 'GET request received' });
});

// Handle POST request
app.post('/data', (req, res) => {
  res.json({ message: 'POST request received' });
});

// Handle PUT request
app.put('/data', (req, res) => {
  res.json({ message: 'PUT request received' });
});

// Handle DELETE request
app.delete('/data', (req, res) => {
  res.json({ message: 'DELETE request received' });
});

5. Working with Middleware in Express

Middleware functions are essential in Express, allowing you to add functionality to your application, such as authentication, logging, and error handling. Middleware can be applied globally or to specific routes.

Example: Basic Logging Middleware

This middleware will log the details of each incoming request.

app.use((req, res, next) => {
  console.log(`Request Method: ${req.method}, Request URL: ${req.url}`);
  next(); // Move to the next middleware or route handler
});

Example: Error Handling Middleware

You can define custom error handling middleware to handle errors that occur during request processing.

app.use((err, req, res, next) => {
  console.error(err.stack);
  res.status(500).send('Something went wrong!');
});

6. Building RESTful APIs with Express

One of the most common use cases for Express is to build RESTful APIs. RESTful APIs use HTTP methods to perform CRUD (Create, Read, Update, Delete) operations.

Here’s an example of building a simple API for managing users:

Example: Simple User API

let users = [
  { id: 1, name: 'John Doe' },
  { id: 2, name: 'Jane Smith' },
];

// Get all users
app.get('/users', (req, res) => {
  res.json(users);
});

// Get a single user by ID
app.get('/users/:id', (req, res) => {
  const user = users.find(u => u.id === parseInt(req.params.id));
  if (!user) return res.status(404).send('User not found');
  res.json(user);
});

// Add a new user
app.post('/users', (req, res) => {
  const newUser = { id: users.length + 1, name: req.body.name };
  users.push(newUser);
  res.status(201).json(newUser);
});

// Update an existing user
app.put('/users/:id', (req, res) => {
  const user = users.find(u => u.id === parseInt(req.params.id));
  if (!user) return res.status(404).send('User not found');
  user.name = req.body.name;
  res.json(user);
});

// Delete a user
app.delete('/users/:id', (req, res) => {
  const userIndex = users.findIndex(u => u.id === parseInt(req.params.id));
  if (userIndex === -1) return res.status(404).send('User not found');
  users.splice(userIndex, 1);
  res.status(204).send();
});

7. Error Handling in Express.js

Handling errors is an important part of building reliable applications. In Express, you can define custom error handling middleware. For example, handling 404 errors when a route is not found:

app.use((req, res, next) => {
  res.status(404).send('Route not found');
});

Express also allows you to handle other types of errors globally with a custom error handler that will capture any uncaught errors:

app.use((err, req, res, next) => {
  console.error(err.stack);
  res.status(500).send('Something broke!');
});

8. Conclusion

In this module, we explored how to set up Express.js to build web servers and APIs. We covered the basics of handling HTTP requests, working with middleware, and building a simple RESTful API. Express is a powerful tool that helps simplify the process of building applications with Node.js, and it’s essential for any full-stack JavaScript developer.

In modern web development, interacting with databases is essential for storing and retrieving application data. Node.js offers multiple ways to connect to databases, both SQL and NoSQL. This module will introduce you to working with databases in Node.js, covering both relational (SQL) and non-relational (NoSQL) databases. We will walk you through how to connect, query, and manage databases like MongoDB and MySQL.

Table of Contents

1. Introduction to Databases in Node.js
2. Setting Up MongoDB with Node.js
3. Setting Up MySQL with Node.js
4. Basic CRUD Operations with MongoDB
5. Basic CRUD Operations with MySQL
6. Using Object-Relational Mappers (ORMs)
7. Using MongoDB with Mongoose
8. Connecting to Remote Databases
9. Conclusion

1. Introduction to Databases in Node.js

Node.js provides several libraries and frameworks to work with databases. Since Node.js is designed for asynchronous, event-driven applications, many libraries designed to work with databases are built around these principles, making it easy to perform non-blocking I/O operations.

The two main types of databases that Node.js applications typically interact with are:

• SQL (Relational Databases): These databases, such as MySQL and PostgreSQL, store data in structured tables and use SQL queries to interact with the data.
• NoSQL (Non-relational Databases): These databases, such as MongoDB, store data in formats like JSON or BSON and are more flexible when it comes to handling unstructured data.

In this module, we’ll first focus on MongoDB (a NoSQL database) and MySQL (a SQL database) to understand how to interact with these databases in Node.js.

2. Setting Up MongoDB with Node.js

MongoDB is a popular NoSQL database that stores data in a JSON-like format called BSON (Binary JSON). To interact with MongoDB in Node.js, we use the MongoDB Node.js Driver or the more popular Mongoose library.

Step 1: Installing MongoDB Driver and Mongoose

First, we need to install the MongoDB Node.js Driver and Mongoose:

npm install mongodb mongoose --save

Step 2: Connecting to MongoDB

Here’s an example of connecting to a local MongoDB instance using Mongoose:

const mongoose = require('mongoose');

mongoose.connect('mongodb://localhost:27017/mydb', {
  useNewUrlParser: true,
  useUnifiedTopology: true
})
.then(() => console.log('Connected to MongoDB'))
.catch(err => console.log('Error connecting to MongoDB:', err));

3. Setting Up MySQL with Node.js

MySQL is one of the most popular relational databases. It uses SQL (Structured Query Language) to interact with data, making it ideal for structured data storage and retrieval.

To interact with MySQL in Node.js, we use the mysql2 package.

Step 1: Installing MySQL2

Install the mysql2 package using npm:

npm install mysql2 --save

Step 2: Connecting to MySQL

Here’s an example of connecting to a MySQL database:

const mysql = require('mysql2');

const connection = mysql.createConnection({
  host: 'localhost',
  user: 'root',
  password: 'password',
  database: 'mydb'
});

connection.connect(err => {
  if (err) {
    console.error('Error connecting to MySQL:', err);
    return;
  }
  console.log('Connected to MySQL');
});

4. Basic CRUD Operations with MongoDB

Now that we have connected to MongoDB, let’s perform basic CRUD (Create, Read, Update, Delete) operations.

Creating a Document:

const mongoose = require('mongoose');

// Define a Schema
const userSchema = new mongoose.Schema({
  name: String,
  age: Number,
  email: String
});

// Create a Model
const User = mongoose.model('User', userSchema);

// Create a new user
const newUser = new User({
  name: 'John Doe',
  age: 30,
  email: '[email protected]'
});

newUser.save()
  .then(user => console.log('User created:', user))
  .catch(err => console.log('Error creating user:', err));

Reading Documents:

User.find()
  .then(users => console.log('Users:', users))
  .catch(err => console.log('Error reading users:', err));

5. Basic CRUD Operations with MySQL

Next, let’s perform basic CRUD operations with MySQL.

Creating a Record:

const query = 'INSERT INTO users (name, age, email) VALUES (?, ?, ?)';
const values = ['John Doe', 30, '[email protected]'];

connection.execute(query, values, (err, results) => {
  if (err) {
    console.error('Error inserting data:', err);
    return;
  }
  console.log('User created with ID:', results.insertId);
});

Reading Records:

const query = 'SELECT * FROM users';

connection.execute(query, (err, results) => {
  if (err) {
    console.error('Error fetching data:', err);
    return;
  }
  console.log('Users:', results);
});

6. Using Object-Relational Mappers (ORMs)

ORMs help simplify database interactions by allowing you to use JavaScript objects to represent database tables. For MySQL, Sequelize is a popular ORM, while Mongoose is commonly used for MongoDB.

Sequelize (MySQL ORM):

npm install sequelize sequelize-cli mysql2 --save

Example:

const { Sequelize, DataTypes } = require('sequelize');
const sequelize = new Sequelize('mysql://root:password@localhost:3306/mydb');

const User = sequelize.define('User', {
  name: {
    type: DataTypes.STRING,
    allowNull: false
  },
  age: {
    type: DataTypes.INTEGER,
    allowNull: false
  },
  email: {
    type: DataTypes.STRING,
    allowNull: false
  }
});

sequelize.sync()
  .then(() => User.create({ name: 'John Doe', age: 30, email: '[email protected]' }))
  .then(user => console.log('User created:', user))
  .catch(err => console.log('Error:', err));

7. Using MongoDB with Mongoose

Mongoose simplifies working with MongoDB by providing a schema-based solution to model your data. In addition to basic CRUD, Mongoose offers built-in query methods, validation, and middleware.

8. Connecting to Remote Databases

Whether you’re working with MongoDB or MySQL, you’ll often need to connect to a remote database instead of a local instance. The connection string will include the hostname, port, and credentials necessary for accessing the remote database.

For MongoDB (using MongoDB Atlas):

mongoose.connect('mongodb+srv://<username>:<password>@cluster0.mongodb.net/mydb', {
  useNewUrlParser: true,
  useUnifiedTopology: true
})
.then(() => console.log('Connected to remote MongoDB'))
.catch(err => console.log('Error connecting:', err));

For MySQL (using a remote server):

const connection = mysql.createConnection({
  host: 'remote-server.com',
  user: 'root',
  password: 'password',
  database: 'mydb'
});

9. Conclusion

In this module, we explored how to interact with both SQL (MySQL) and NoSQL (MongoDB) databases in a Node.js application. We covered basic CRUD operations, setting up databases locally and remotely, and using ORM tools like Sequelize and Mongoose.

Testing is a critical aspect of software development. It helps ensure that your Node.js application behaves as expected and allows you to catch bugs before they reach production. In this module, we will explore different testing strategies, tools, and techniques to effectively test your Node.js applications.

Table of Contents

1. Introduction to Testing in Node.js
2. Types of Tests in Node.js
3. Setting Up a Testing Environment
4. Unit Testing with Mocha and Chai
5. Integration Testing in Node.js
6. End-to-End Testing with Supertest
7. Mocking and Stubbing
8. Continuous Integration and Testing
9. Conclusion

1. Introduction to Testing in Node.js

Testing is essential in ensuring the quality of your application. It helps in verifying that your application’s code works correctly and prevents future changes from introducing new bugs. In the Node.js ecosystem, there are several tools and libraries available to make testing easier and more efficient.

Node.js testing is similar to testing in other programming languages, with the key difference being that Node.js is asynchronous and event-driven, which requires testing libraries and strategies tailored for this kind of environment.

2. Types of Tests in Node.js

There are three main types of tests that are commonly used in Node.js applications:

• Unit Testing: Tests individual units of code (e.g., functions, methods) to verify that they behave as expected in isolation. Unit tests are typically fast and easy to write.
• Integration Testing: Ensures that different parts of the application work together as expected. This may involve testing interactions between modules, databases, and external services.
• End-to-End Testing: Also known as system or acceptance testing, these tests validate the entire application flow to ensure everything works as expected from the user’s perspective.

3. Setting Up a Testing Environment

Before diving into testing, you need to set up your testing environment. In this module, we will use popular libraries like Mocha, Chai, and Supertest.

First, install Mocha, Chai, and Supertest:

npm install mocha chai supertest --save-dev

Next, configure Mocha in your package.json file:

{
  "scripts": {
    "test": "mocha"
  }
}

You can now run your tests using the following command:

npm test

4. Unit Testing with Mocha and Chai

Mocha is a testing framework that provides a simple way to organize and run tests. Chai is an assertion library that works well with Mocha to verify expected outcomes.

Here’s an example of a unit test using Mocha and Chai:

calculator.js (module to be tested):

function add(a, b) {
  return a + b;
}

function subtract(a, b) {
  return a - b;
}

module.exports = { add, subtract };

calculator.test.js (test file):

const assert = require('chai').assert;
const calculator = require('./calculator');

describe('Calculator', () => {
  it('should add two numbers correctly', () => {
    const result = calculator.add(2, 3);
    assert.equal(result, 5);
  });

  it('should subtract two numbers correctly', () => {
    const result = calculator.subtract(5, 3);
    assert.equal(result, 2);
  });
});

Running the tests:

npm test

5. Integration Testing in Node.js

Integration testing ensures that the various components of your application work together as expected. This might involve testing routes, database interactions, and API calls.

For example, let’s test an Express route that fetches data from a database:

app.js (application to be tested):

const express = require('express');
const app = express();

app.get('/data', (req, res) => {
  res.status(200).json({ message: 'Hello, World!' });
});

module.exports = app;

app.test.js (integration test):

const request = require('supertest');
const app = require('./app');

describe('GET /data', () => {
  it('should return a 200 status and a message', async () => {
    const response = await request(app).get('/data');
    expect(response.status).toBe(200);
    expect(response.body.message).toBe('Hello, World!');
  });
});

In this test, we’re using Supertest to simulate HTTP requests and check the responses from the server.

6. End-to-End Testing with Supertest

End-to-end tests simulate real user interactions and check the entire flow of the application. These tests ensure that all the components work together, from the frontend to the backend.

Here’s an example of using Supertest for end-to-end testing:

user.test.js (end-to-end test):

const request = require('supertest');
const app = require('./app');

describe('POST /login', () => {
  it('should log in a user and return a token', async () => {
    const response = await request(app)
      .post('/login')
      .send({ username: 'user', password: 'password123' });
    
    expect(response.status).toBe(200);
    expect(response.body.token).toBeDefined();
  });
});

In this case, we’re simulating a login request and verifying that the response contains a token.

7. Mocking and Stubbing

In testing, you often need to isolate units of code by replacing certain parts with mock functions or stubs. This allows you to focus on testing the specific functionality of the unit without relying on external dependencies like databases or APIs.

For example, you can use the Sinon.js library to mock a database query:

npm install sinon --save-dev

Mocking an API call with Sinon:

const sinon = require('sinon');
const myApi = require('./myApi');
const expect = require('chai').expect;

describe('API Mocking', () => {
  it('should return mock data', () => {
    const mock = sinon.stub(myApi, 'fetchData').returns({ data: 'mocked data' });
    
    const result = myApi.fetchData();
    
    expect(result).to.eql({ data: 'mocked data' });
    mock.restore();
  });
});

8. Continuous Integration and Testing

Continuous Integration (CI) is the practice of automating the testing process to ensure that changes to the codebase don’t break existing functionality. You can set up CI with services like Travis CI, CircleCI, or GitHub Actions to automatically run your tests whenever you push changes to your repository.

For example, a simple .travis.yml configuration for running tests with Mocha:

language: node_js
node_js:
  - "14"
script:
  - npm test

With this setup, every time you push changes to your repository, the tests will automatically run on Travis CI, providing instant feedback on whether your code is working as expected.

9. Conclusion

Testing is an essential practice for building reliable and maintainable applications. In this module, we covered different types of tests, including unit, integration, and end-to-end testing, as well as how to mock dependencies and set up a CI pipeline for automated testing. With these tools and techniques, you can ensure that your Node.js applications are robust and bug-free.

When developing applications, error handling and debugging are essential to ensure that your application runs smoothly. Node.js provides several mechanisms to handle errors gracefully and debug your applications effectively. In this module, we will cover how to handle errors, use debugging tools, and implement best practices for error handling in your Node.js applications.

Table of Contents

1. Introduction to Error Handling in Node.js
2. Types of Errors in Node.js
3. Using Try-Catch Blocks for Synchronous Errors
4. Handling Asynchronous Errors with Callbacks
5. Using Promises and async/await for Error Handling
6. Using Node.js Debugger for Debugging
7. Logging Errors for Production Environments
8. Best Practices for Error Handling and Debugging
9. Conclusion

1. Introduction to Error Handling in Node.js

Error handling is the process of anticipating, detecting, and responding to runtime errors in an application. Proper error handling improves the user experience by providing helpful messages and preventing crashes.

Node.js is built on an event-driven architecture, which means that error handling in Node.js is different from traditional synchronous applications. Many Node.js APIs and third-party libraries use callbacks, Promises, or async/await to handle errors asynchronously.

This module will guide you through various techniques for handling both synchronous and asynchronous errors in Node.js.

2. Types of Errors in Node.js

There are several types of errors in Node.js:

• System Errors: These occur when the system fails to execute an operation, such as file system errors (e.g., file not found), network errors, or memory allocation errors.
• Application Errors: These errors occur within the application due to bugs, invalid inputs, or incorrect logic.
• Custom Errors: You can define custom error types that can be thrown within your application to handle specific use cases.

To throw custom errors in Node.js, you can create a custom error class that extends the built-in Error object:

class CustomError extends Error {
  constructor(message) {
    super(message);
    this.name = this.constructor.name;
  }
}

throw new CustomError('This is a custom error!');

3. Using Try-Catch Blocks for Synchronous Errors

In synchronous code, the try-catch block is a powerful tool for error handling. When an error occurs within a try block, it is immediately caught by the catch block.

Example:

try {
  const data = JSON.parse('Invalid JSON');
} catch (error) {
  console.log('Error occurred:', error.message);
}

In this example, if JSON.parse() fails, the error is caught by the catch block, and the error message is logged.

4. Handling Asynchronous Errors with Callbacks

In Node.js, many APIs rely on callbacks to handle asynchronous operations. To catch errors in callbacks, the first argument of the callback is typically an error object.

Example using Node.js’ fs.readFile():

fs.readFile('nonexistent-file.txt', 'utf8', (err, data) => {
  if (err) {
    console.log('Error reading file:', err.message);
  } else {
    console.log('File content:', data);
  }
});

In this example, if the file doesn’t exist, the err object will contain the error, which you can handle accordingly.

5. Using Promises and async/await for Error Handling

Promises allow you to handle errors in asynchronous code more cleanly. When using promises, you can chain .catch() to handle errors:

const fs = require('fs').promises;

fs.readFile('nonexistent-file.txt', 'utf8')
  .then((data) => console.log('File content:', data))
  .catch((err) => console.log('Error reading file:', err.message));

Alternatively, with async/await, you can handle errors using try-catch blocks:

const fs = require('fs').promises;

async function readFile() {
  try {
    const data = await fs.readFile('nonexistent-file.txt', 'utf8');
    console.log('File content:', data);
  } catch (err) {
    console.log('Error reading file:', err.message);
  }
}

readFile();

The async/await syntax simplifies error handling in asynchronous code and makes it more readable.

6. Using Node.js Debugger for Debugging

Node.js provides a built-in debugger that allows you to step through your code, inspect variables, and diagnose issues.

To start the debugger, run your Node.js application with the inspect flag:

node --inspect app.js

You can then open Chrome’s DevTools by navigating to chrome://inspect in your browser, where you can set breakpoints and step through your code.

Alternatively, you can use the debugger statement in your code to trigger the debugger at specific points:

function add(a, b) {
  debugger;  // Execution will pause here when running in debug mode
  return a + b;
}

add(1, 2);

7. Logging Errors for Production Environments

In production environments, simply logging errors to the console is not sufficient. It’s essential to log errors to a persistent storage (e.g., a log file, or a logging service) so that you can monitor and troubleshoot issues.

You can use popular logging libraries like Winston for advanced logging capabilities, including log levels, file logging, and more.

To install Winston:

npm install winston

Example of logging errors with Winston:

const winston = require('winston');

const logger = winston.createLogger({
  level: 'error',
  transports: [
    new winston.transports.Console(),
    new winston.transports.File({ filename: 'error.log' })
  ]
});

logger.error('This is an error message');

8. Best Practices for Error Handling and Debugging

• Always handle errors explicitly: Don’t rely on unhandled errors, as they can lead to unexpected crashes or unresponsiveness in your application.
• Use proper HTTP status codes for API responses: Return appropriate status codes (e.g., 404 for not found, 500 for internal server error) to indicate the nature of the error.
• Use logging: In production environments, logging errors is crucial to diagnose issues and track performance.
• Avoid exposing sensitive error information: In production, avoid exposing sensitive information (like stack traces or database details) in error messages.
• Use try-catch with asynchronous code (Promises, async/await): For asynchronous code, always handle errors gracefully using Promises or async/await with try-catch blocks.

9. Conclusion

Effective error handling and debugging are crucial to maintaining the stability and reliability of your Node.js applications. By using try-catch blocks for synchronous errors, proper error handling for asynchronous code, and leveraging debugging tools, you can identify and fix issues efficiently.

In the next module, we will discuss “Testing Node.js Applications”, covering different testing strategies, libraries, and best practices to ensure that your Node.js applications are robust and reliable.

Authentication and authorization are key components of most modern web applications. Authentication is the process of verifying the identity of a user, while authorization ensures that a user has permission to access certain resources or perform certain actions. In this module, we’ll explore how to implement authentication and authorization in a Node.js application using popular techniques like JSON Web Tokens (JWT) and Passport.js.

Table of Contents

1. Introduction to Authentication and Authorization
2. Setting Up Passport.js for Authentication
3. Using JSON Web Tokens (JWT) for Stateless Authentication
4. Protecting Routes with JWT Authentication
5. Implementing Authorization with Role-Based Access Control (RBAC)
6. Conclusion

1. Introduction to Authentication and Authorization

Before diving into the code, let’s understand the concepts of authentication and authorization.

• Authentication: The process of verifying who a user is. It typically involves checking credentials like a username and password. If the credentials match, the user is authenticated.
• Authorization: After authentication, authorization ensures that the user has the necessary permissions to access a resource or perform a certain action. For example, only users with an “admin” role should be allowed to access the admin panel.

In Node.js, you can implement both using various techniques and libraries. The most common strategies are using sessions, cookies, or JSON Web Tokens (JWT).

2. Setting Up Passport.js for Authentication

Passport.js is a popular middleware for authentication in Node.js applications. It supports various authentication strategies, including local authentication (username/password), OAuth, and social logins.

First, install Passport.js and the necessary modules:

npm install passport passport-local express-session

Then, set up Passport in your application:

const express = require('express');
const passport = require('passport');
const LocalStrategy = require('passport-local').Strategy;
const session = require('express-session');
const app = express();

app.use(session({
  secret: 'your_secret_key',
  resave: false,
  saveUninitialized: true
}));

app.use(passport.initialize());
app.use(passport.session());

Define a simple local strategy:

passport.use(new LocalStrategy((username, password, done) => {
  // Replace with your own logic to check credentials
  if (username === 'admin' && password === 'password123') {
    return done(null, { id: 1, username: 'admin' });
  } else {
    return done(null, false, { message: 'Invalid credentials' });
  }
}));

Define how to serialize and deserialize the user:

passport.serializeUser((user, done) => {
  done(null, user.id);
});

passport.deserializeUser((id, done) => {
  // Replace with your logic to fetch user by id
  done(null, { id: 1, username: 'admin' });
});

Now, you can create a login route that authenticates users:

app.post('/login', passport.authenticate('local', {
  successRedirect: '/',
  failureRedirect: '/login'
}));

3. Using JSON Web Tokens (JWT) for Stateless Authentication

JSON Web Tokens (JWT) are a popular method for implementing stateless authentication. With JWT, the server does not store session information; instead, it creates a signed token that contains user information. The token is then sent with each request, and the server verifies the token to authenticate the user.

To use JWT, install the jsonwebtoken library:

npm install jsonwebtoken

Here’s how to create a JWT after successful login:

const jwt = require('jsonwebtoken');

app.post('/login', (req, res) => {
  const user = { id: 1, username: 'admin' };  // Replace with actual user data

  const token = jwt.sign(user, 'your_secret_key', { expiresIn: '1h' });
  res.json({ token });
});

To protect routes, create a middleware that verifies the JWT:

const jwt = require('jsonwebtoken');

function authenticateJWT(req, res, next) {
  const token = req.headers['authorization'];

  if (token) {
    jwt.verify(token, 'your_secret_key', (err, user) => {
      if (err) {
        return res.sendStatus(403);
      }
      req.user = user;
      next();
    });
  } else {
    res.sendStatus(401);
  }
}

Now, protect a route by applying the authenticateJWT middleware:

app.get('/dashboard', authenticateJWT, (req, res) => {
  res.send('Welcome to your dashboard');
});

4. Protecting Routes with JWT Authentication

JWT authentication works well in single-page applications (SPAs) and APIs because the token is stored in the client (usually in localStorage or a cookie). To access protected resources, the client sends the JWT in the request headers.

Here’s how you can protect a route:

app.get('/profile', authenticateJWT, (req, res) => {
  res.json({ message: 'This is your profile', user: req.user });
});

If the user is authenticated with a valid JWT, they will be able to access the route. Otherwise, they will receive a 401 Unauthorized status.

5. Implementing Authorization with Role-Based Access Control (RBAC)

In addition to authentication, authorization is crucial for controlling access to resources. Role-Based Access Control (RBAC) is a method where permissions are assigned to users based on their roles.

For example, an “admin” might have access to all routes, while a “user” can only access their own profile. Here’s how you can implement RBAC:

function authorizeRole(role) {
  return (req, res, next) => {
    if (req.user.role !== role) {
      return res.sendStatus(403);  // Forbidden
    }
    next();
  };
}

// Apply role-based authorization to a route
app.get('/admin', authenticateJWT, authorizeRole('admin'), (req, res) => {
  res.send('Welcome, admin!');
});

In this example:

• The authenticateJWT middleware checks if the user is authenticated.
• The authorizeRole middleware ensures the user has the required role.

6. Conclusion

Authentication and authorization are critical in any modern web application. With Passport.js and JWT, you can easily handle user authentication and secure your routes. By combining authentication with role-based authorization, you can manage user access and protect sensitive data.

In the next module, we’ll dive deeper into “Error Handling and Debugging in Node.js”, focusing on how to handle exceptions, log errors, and improve the reliability of your Node.js applications.