On this journey to create a backend dashboard to manage my site and write my blogs, I decided I would need a way to setup users. This was mostly for my own purpose: to be able to login. This step seems pretty obvious, so I’ll leave off explaining why.
I found this article that walks through the process of creating an authentication system using Node, Express, and Mongo, and a bunch of other dependencies. There was a caveat regarding security, so I reviewed this article to gain a better understanding of authentication protocol and amend whatever aspects were necessary from the first. Luckily, both articles agreed on bcrypt as the module of choice. More on this in a moment.
I needed a way to store user login and session info, so this is where Mongodb comes in. Mongodb will take a much bigger role later on as I build out the backend, but for now, I just needed a way to authenticate users and manage their logins. This led me to read all about Schema creation and validation in the Mongodb docs. Schema validation rules can be specified when creating a new collection, which is kind of cool, but unnecessary for my purposes, as it turns out. More on this in a moment as well.
I did a whole lot of digging around in an effort to figure out how I was going to create and manage my collection of users. Part of this was spent learning how to change the directory where Mongodb would store the database, which wasn’t particularly difficult, but a bit of tangent. Only a bit though; I did not want my database taking up precious space on my droplet, so it was necessary to set it up on separate storage space. Once that was done, it was back to authentication.
Now, I’m not big on using dependencies. I understand that a lot (read: most) developers stack a myriad of dependencies to speed up their workflow and bring their projects to market quickly. I am not one of them. The more pieces included in any project, the more opportunities there are to break something. That, and the fact that dependencies are exactly that: dependencies. Your project is broken if one of the modules it relies on breaks. As a result, I’m working to minimize the dependencies I use in my projects. So imagine my frustration when I do a search for help regarding Mongodb collections and find that fucking EVERYONE is using Mongoose. Not one fucking person had a write up that was worthwhile. Not one.
Except this guy. But his was more of an argument against using Mongoose than a tutorial on how to do shit without it.
I can understand the penchant for wanting to use tools. But sometimes you need to know how a screwdriver works before you understand the drill. And sometimes, the drill just isn’t necessary.
Anyway, this led me back to the Mongo docs because that’s the only place that was free of Mongoose. Which made me realize something:
I don’t actually have to create my own authentication system.
I’m building this site to support my development of my discord bot: nonsensemod. So why don’t I just use Discord as the authentication system? They have it set up to use OAuth2 to authenticate with sites and I can use that to my advantage here. In doing so, I can focus my attention on learning Node, Express, Mongo, and Discord.js really well, and not stack up my project with a bunch of shit that’s gonna gummy it up.
As a result of this switch in design, I removed bcrypt and made a list of things to consider:
All of this just to work my skills, learn the ins and outs of authentication, and grow my knowledge of discord.js, bots, and frontend development.
Comments? Follow me on twitter and drop me a line in response to this tweet:
Day 005: a mess with coming to understand authentication. It’s a little overwhelming. But I think I’ve figured out a way to approach it, at least for this particular project. https://t.co/RbM3YWwoQX#nonsensemod365 #thatCodingLife pic.twitter.com/2LBjqbe8ML— Joshua Alexander (@nonsensecodes) April 18, 2020