This tutorial guides you through user authentication in a MEAN stack application. We'll use a common architecture: an Angular single-page app interacting with a Node.js, Express, and MongoDB-based REST API.
Key Authentication Aspects:
- User registration.
- Secure user data storage (passwords are never stored directly).
- User login.
- Session persistence across page visits.
- Access control for protected pages (only accessible to logged-in users).
- Dynamic UI updates based on login status (e.g., showing "Login" or "My Profile" buttons).
MEAN Stack Authentication Workflow:
- User data (with hashed passwords) resides in MongoDB.
- CRUD (Create, Read, Update, Delete) functions are implemented in the Express API.
- The Angular app interacts with the API and handles responses.
- The Express API generates JSON Web Tokens (JWTs) upon registration/login, sending them to the Angular app.
- The Angular app stores the JWT to manage user sessions.
- The Angular app verifies JWT validity for protected views.
- The Angular app sends the JWT back to Express when accessing protected API routes.
JWTs are preferred over cookies for browser session management; cookies are better suited for server-side applications.
Example Application:
The code is available on GitHub. You'll need Node.js and MongoDB installed (refer to MongoDB's documentation for installation instructions on Windows, Linux, and macOS).
Angular App Structure:
The Angular app comprises four basic pages:
- Home page
- Register page
- Login page
- Profile page (accessible only to authenticated users)
The Angular CLI is used for building and running the local server. Refer to the "Building a Todo App with Angular CLI" tutorial for guidance if needed.
REST API Structure:
The Node.js, Express, and MongoDB REST API initially includes these routes:
-
/api/register(POST): Handles user registration. -
/api/login(POST): Handles user login. -
/api/profile/:userid(GET): Retrieves profile details.
Setting up the API:
Use the express-generator tool (install with npm i -g express-generator) to create the Express app:
express -v pug mean-authentication cd mean-authentication npm i npm i pug@latest npm i mongoose
Create the necessary directory structure and files as described in the original tutorial. The app.js, database connection (api/models/db.js), API routes (api/routes/index.js), and initial controller stubs (api/controllers/authentication.js and api/controllers/profile.js) are provided.
MongoDB Schema with Mongoose:
The api/models/users.js file defines the MongoDB schema using Mongoose:
const mongoose = require('mongoose');
const crypto = require('crypto');
const jwt = require('jsonwebtoken');
// ... (Schema definition and setPassword, validPassword, generateJwt methods as described in the original tutorial)
Password Management (Hashing and Salting):
The setPassword and validPassword methods use the crypto module to securely handle passwords without storing them directly. The generateJwt method uses the jsonwebtoken package to create JWTs.
Passport.js for Authentication:
Install Passport and the local strategy:
npm i passport passport-local
Configure Passport in api/config/passport.js:
// ... (Passport configuration as described in the original tutorial)
Update app.js to initialize Passport as middleware.
API Endpoint Configuration:
Complete the api/controllers/authentication.js and api/controllers/profile.js files with the register, login, and profile handling logic, including JWT generation and authentication using Passport.js and express-jwt middleware. Secure the /api/profile route using express-jwt.
Angular App Initialization and Service:
Create the Angular app using the CLI:
ng new client
Generate the necessary components (register, login, profile, home) and a service (authentication). Implement the AuthenticationService to handle JWT storage, retrieval, deletion, API calls, login status checks, and user detail retrieval.
Connecting Angular Components and API:
Implement the register and login forms in the respective components, using the AuthenticationService to handle API interactions. Update the navigation bar to dynamically display "Sign in" or the user's name and profile link based on login status. Protect the /profile route using an Angular route guard (AuthGuard). Finally, implement the profile page to fetch and display user details from the protected /api/profile API route.
Running the Application:
Configure a proxy in client/proxy.conf.json to forward /api requests to the Express server. Start the Express server and the Angular app. Test registration, login, and profile access. Add styling as desired (refer to the GitHub repository for styling details).
Frequently Asked Questions (FAQs):
The FAQs section provides answers to common questions about MEAN stack development, including its differences from other frameworks, the role of Angular CLI, database options, data handling, scalability, security, learning resources, and the role of Node.js. The answers are paraphrased for conciseness and clarity.
The above is the detailed content of MEAN Stack: Build an App with Angular and the Angular CLI. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
Java vs. JavaScript: Clearing Up the Confusion
Jun 20, 2025 am 12:27 AM
Java and JavaScript are different programming languages, each suitable for different application scenarios. Java is used for large enterprise and mobile application development, while JavaScript is mainly used for web page development.
Javascript Comments: short explanation
Jun 19, 2025 am 12:40 AM
JavaScriptcommentsareessentialformaintaining,reading,andguidingcodeexecution.1)Single-linecommentsareusedforquickexplanations.2)Multi-linecommentsexplaincomplexlogicorprovidedetaileddocumentation.3)Inlinecommentsclarifyspecificpartsofcode.Bestpractic
How to work with dates and times in js?
Jul 01, 2025 am 01:27 AM
The following points should be noted when processing dates and time in JavaScript: 1. There are many ways to create Date objects. It is recommended to use ISO format strings to ensure compatibility; 2. Get and set time information can be obtained and set methods, and note that the month starts from 0; 3. Manually formatting dates requires strings, and third-party libraries can also be used; 4. It is recommended to use libraries that support time zones, such as Luxon. Mastering these key points can effectively avoid common mistakes.
Why should you place tags at the bottom of the ?
Jul 02, 2025 am 01:22 AM
PlacingtagsatthebottomofablogpostorwebpageservespracticalpurposesforSEO,userexperience,anddesign.1.IthelpswithSEObyallowingsearchenginestoaccesskeyword-relevanttagswithoutclutteringthemaincontent.2.Itimprovesuserexperiencebykeepingthefocusonthearticl
JavaScript vs. Java: A Comprehensive Comparison for Developers
Jun 20, 2025 am 12:21 AM
JavaScriptispreferredforwebdevelopment,whileJavaisbetterforlarge-scalebackendsystemsandAndroidapps.1)JavaScriptexcelsincreatinginteractivewebexperienceswithitsdynamicnatureandDOMmanipulation.2)Javaoffersstrongtypingandobject-orientedfeatures,idealfor
What is event bubbling and capturing in the DOM?
Jul 02, 2025 am 01:19 AM
Event capture and bubble are two stages of event propagation in DOM. Capture is from the top layer to the target element, and bubble is from the target element to the top layer. 1. Event capture is implemented by setting the useCapture parameter of addEventListener to true; 2. Event bubble is the default behavior, useCapture is set to false or omitted; 3. Event propagation can be used to prevent event propagation; 4. Event bubbling supports event delegation to improve dynamic content processing efficiency; 5. Capture can be used to intercept events in advance, such as logging or error processing. Understanding these two phases helps to accurately control the timing and how JavaScript responds to user operations.
JavaScript: Exploring Data Types for Efficient Coding
Jun 20, 2025 am 12:46 AM
JavaScripthassevenfundamentaldatatypes:number,string,boolean,undefined,null,object,andsymbol.1)Numbersuseadouble-precisionformat,usefulforwidevaluerangesbutbecautiouswithfloating-pointarithmetic.2)Stringsareimmutable,useefficientconcatenationmethodsf
How can you reduce the payload size of a JavaScript application?
Jun 26, 2025 am 12:54 AM
If JavaScript applications load slowly and have poor performance, the problem is that the payload is too large. Solutions include: 1. Use code splitting (CodeSplitting), split the large bundle into multiple small files through React.lazy() or build tools, and load it as needed to reduce the first download; 2. Remove unused code (TreeShaking), use the ES6 module mechanism to clear "dead code" to ensure that the introduced libraries support this feature; 3. Compress and merge resource files, enable Gzip/Brotli and Terser to compress JS, reasonably merge files and optimize static resources; 4. Replace heavy-duty dependencies and choose lightweight libraries such as day.js and fetch
