Remember the simple authentication middleware we built in Module 1, Lesson 3 with Authorisation: Bearer secret123?
While that approach worked for learning the middleware pattern, production applications need more sophisticated security. In this lesson, we’ll evolve that foundational concept into proper authentication.
We’ll build a complete authentication system by implementing these key features:
- Database password storage: Add secure password fields to our user table.
- User registration: Create a register endpoint with password hashing using bcrypt.
- User login: Build a login endpoint that generates JWT tokens for authenticated sessions.
- JWT middleware: Implement token-based authentication middleware for route protection.
- Route authorisation: Protect existing user routes so users can only modify their own data.
- Security validation: Use the validation schemas from the previous step for secure input handling.
By the end, we’ll have endpoints for user registration and login authentication and protected routes that ensure users can only access their own data.