node-js-jwt-authentication-mysql-feature-image

Node.js Express: JWT example | Token Based Authentication & Authorization

In this tutorial, we’re gonna build a Node.js Express Rest API example that supports Token Based Authentication with JWT (JSONWebToken). You’ll know:

  • Appropriate Flow for User Signup & User Login with JWT Authentication
  • Node.js Express Architecture with CORS, Authenticaton & Authorization middlewares & Sequelize
  • How to configure Express routes to work with JWT
  • How to define Data Models and association for Authentication and Authorization
  • Way to use Sequelize to interact with MySQL Database


Related Posts:
Node.js Rest APIs example with Express, Sequelize & MySQL
Node.js + MongoDB: User Authentication & Authorization with JWT
Node.js + PostgreSQL: User Authentication & Authorization with JWT

Fullstack (JWT Authentication & Authorization example):
Node.js Express + Vue.js
Node.js Express + Angular 8
Node.js Express + Angular 10
Node.js Express + React

Deployment: Deploying/Hosting Node.js app on Heroku with MySQL database

Token Based Authentication

Comparing with Session-based Authentication that need to store Session on Cookie, the big advantage of Token-based Authentication is that we store the JSON Web Token (JWT) on Client side: Local Storage for Browser, Keychain for IOS and SharedPreferences for Android… So we don’t need to build another backend project that supports Native Apps or an additional Authentication module for Native App users.

in-depth-introduction-jwt-token-based-authentication

There are three important parts of a JWT: Header, Payload, Signature. Together they are combined to a standard structure: header.payload.signature.

The Client typically attaches JWT in Authorization header with Bearer prefix:

Authorization: Bearer [header].[payload].[signature]

Or only in x-access-token header:

x-access-token: [header].[payload].[signature]

For more details, you can visit:
In-depth Introduction to JWT-JSON Web Token

Overview of Node.js Express JWT Authentication example

We will build a Node.js Express application in that:

  • User can signup new account, or login with username & password.
  • By User’s role (admin, moderator, user), we authorize the User to access resources

This is our Node.js application demo running with MySQL database and test Rest Apis with Postman.

These are APIs that we need to provide:

MethodsUrlsActions
POST/api/auth/signupsignup new account
POST/api/auth/signinlogin an account
GET/api/test/allretrieve public content
GET/api/test/useraccess User’s content
GET/api/test/modaccess Moderator’s content
GET/api/test/adminaccess Admin’s content

Flow for Signup & Login with JWT Authentication

The diagram shows flow of User Registration, User Login and Authorization process.

node-js-jwt-authentication-mysql-flow

A legal JWT must be added to HTTP x-access-token Header if Client accesses protected resources.

Node.js Express Architecture with Authentication & Authorization

You can have an overview of our Node.js Express App with the diagram below:

node-js-jwt-authentication-mysql-architecture

Via Express routes, HTTP request that matches a route will be checked by CORS Middleware before coming to Security layer.

Security layer includes:

  • JWT Authentication Middleware: verify SignUp, verify token
  • Authorization Middleware: check User’s roles with record in database

If these middlewares throw any error, a message will be sent as HTTP response.

Controllers interact with MySQL Database via Sequelize and send HTTP response (token, user information, data based on roles…) to client.

Technology

  • Express 4.17.1
  • bcryptjs 2.4.3
  • jsonwebtoken 8.5.1
  • Sequelize 5.21.3
  • MySQL

Project Structure

This is directory structure for our Node.js Express application:

node-js-jwt-authentication-mysql-project-structure

config

  • configure MySQL database & Sequelize
  • configure Auth Key

routes

  • auth.routes.js: POST signup & signin
  • user.routes.js: GET public & protected resources

middlewares

  • verifySignUp.js: check duplicate Username or Email
  • authJwt.js: verify Token, check User roles in database

controllers

  • auth.controller.js: handle signup & signin actions
  • user.controller.js: return public & protected content

models for Sequelize Models

  • user.model.js
  • role.model.js

server.js: import and initialize neccesary modules and routes, listen for connections.

Create Node.js App

First, we create a folder for our project:

$ mkdir node-js-jwt-auth
$ cd node-js-jwt-auth

Then we initialize the Node.js App with a package.json file:

npm init

name: (node-js-jwt-auth) 
version: (1.0.0) 
description: Node.js Demo for JWT Authentication
entry point: (index.js) server.js
test command: 
git repository: 
keywords: node.js, express, jwt, authentication, mysql
author: bezkoder
license: (ISC)

Is this ok? (yes) yes

We need to install necessary modules: express, cors, body-parser, sequelize, mysql2, jsonwebtoken and bcryptjs.
Run the command:

npm install express sequelize mysql2 body-parser cors jsonwebtoken bcryptjs --save

The package.json file now looks like this:

{
  "name": "node-js-jwt-auth",
  "version": "1.0.0",
  "description": "Node.js Demo for JWT Authentication",
  "main": "server.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "keywords": [
    "node.js",
    "jwt",
    "authentication",
    "express",
    "mysql"
  ],
  "author": "bezkoder",
  "license": "ISC",
  "dependencies": {
    "bcryptjs": "^2.4.3",
    "body-parser": "^1.19.0",
    "cors": "^2.8.5",
    "express": "^4.17.1",
    "jsonwebtoken": "^8.5.1",
    "mysql2": "^2.1.0",
    "sequelize": "^5.21.3"
  }
}

Setup Express web server

In the root folder, let’s create a new server.js file:

const express = require("express");
const bodyParser = require("body-parser");
const cors = require("cors");

const app = express();

var corsOptions = {
  origin: "http://localhost:8081"
};

app.use(cors(corsOptions));

// parse requests of content-type - application/json
app.use(bodyParser.json());

// parse requests of content-type - application/x-www-form-urlencoded
app.use(bodyParser.urlencoded({ extended: true }));

// simple route
app.get("/", (req, res) => {
  res.json({ message: "Welcome to bezkoder application." });
});

// set port, listen for requests
const PORT = process.env.PORT || 8080;
app.listen(PORT, () => {
  console.log(`Server is running on port ${PORT}.`);
});

Let me explain what we’ve just done:
– import express, body-parser and cors modules:

  • Express is for building the Rest apis
  • body-parser helps to parse the request and create the req.body object
  • cors provides Express middleware to enable CORS

– create an Express app, then add body-parser and cors middlewares using app.use() method. Notice that we set origin: http://localhost:8081.
– define a GET route which is simple for test.
– listen on port 8080 for incoming requests.

Now let’s run the app with command: node server.js.
Open your browser with url http://localhost:8080/, you will see:

node-js-jwt-authentication-mysql-example-setup-server

Configure MySQL database & Sequelize

In the app folder, create config folder for configuration with db.config.js file like this:

module.exports = {
  HOST: "localhost",
  USER: "root",
  PASSWORD: "123456",
  DB: "testdb",
  dialect: "mysql",
  pool: {
    max: 5,
    min: 0,
    acquire: 30000,
    idle: 10000
  }
};

First five parameters are for MySQL connection.
pool is optional, it will be used for Sequelize connection pool configuration:

  • max: maximum number of connection in pool
  • min: minimum number of connection in pool
  • idle: maximum time, in milliseconds, that a connection can be idle before being released
  • acquire: maximum time, in milliseconds, that pool will try to get connection before throwing error

For more details, please visit API Reference for the Sequelize constructor.

Define the Sequelize Model

In models folder, create User and Role data model as following code:

models/user.model.js

module.exports = (sequelize, Sequelize) => {
  const User = sequelize.define("users", {
    username: {
      type: Sequelize.STRING
    },
    email: {
      type: Sequelize.STRING
    },
    password: {
      type: Sequelize.STRING
    }
  });

  return User;
};

models/role.model.js

module.exports = (sequelize, Sequelize) => {
  const Role = sequelize.define("roles", {
    id: {
      type: Sequelize.INTEGER,
      primaryKey: true
    },
    name: {
      type: Sequelize.STRING
    }
  });

  return Role;
};

These Sequelize Models represents users & roles table in MySQL database.

After initializing Sequelize, we don’t need to write CRUD functions, Sequelize supports all of them:

  • create a new User: create(object)
  • find a User by id: findByPk(id)
  • find a User by email: findOne({ where: { email: ... } })
  • get all Users: findAll()
  • find all Users by username: findAll({ where: { username: ... } })

These functions will be used in our Controllers and Middlewares.

Initialize Sequelize

Now create app/models/index.js with content like this:

const config = require("../config/db.config.js");

const Sequelize = require("sequelize");
const sequelize = new Sequelize(
  config.DB,
  config.USER,
  config.PASSWORD,
  {
    host: config.HOST,
    dialect: config.dialect,
    operatorsAliases: false,

    pool: {
      max: config.pool.max,
      min: config.pool.min,
      acquire: config.pool.acquire,
      idle: config.pool.idle
    }
  }
);

const db = {};

db.Sequelize = Sequelize;
db.sequelize = sequelize;

db.user = require("../models/user.model.js")(sequelize, Sequelize);
db.role = require("../models/role.model.js")(sequelize, Sequelize);

db.role.belongsToMany(db.user, {
  through: "user_roles",
  foreignKey: "roleId",
  otherKey: "userId"
});
db.user.belongsToMany(db.role, {
  through: "user_roles",
  foreignKey: "userId",
  otherKey: "roleId"
});

db.ROLES = ["user", "admin", "moderator"];

module.exports = db;

The association between Users and Roles is Many-to-Many relationship:
– One User can have several Roles.
– One Role can be taken on by many Users.

We use User.belongsToMany(Role) to indicate that the user model can belong to many Roles and vice versa.

With through, foreignKey, otherKey, we’re gonna have a new table user_roles as connection between users and roles table via their primary key as foreign keys.

If you want to know more details about how to make Many-to-Many Association with Sequelize and Node.js, please visit:
Sequelize Many-to-Many Association example – Node.js & MySQL

Don’t forget to call sync() method in server.js.

...
const app = express();
app.use(...);

const db = require("./app/models");
const Role = db.role;

db.sequelize.sync({force: true}).then(() => {
  console.log('Drop and Resync Db');
  initial();
});

...
function initial() {
  Role.create({
    id: 1,
    name: "user"
  });
 
  Role.create({
    id: 2,
    name: "moderator"
  });
 
  Role.create({
    id: 3,
    name: "admin"
  });
}

initial() function helps us to create 3 rows in database.
In development, you may need to drop existing tables and re-sync database. So you can use force: true as code above.

For production, just insert these rows manually and use sync() without parameters to avoid dropping data:

...
const app = express();
app.use(...);

const db = require("./app/models");

db.sequelize.sync();
...

Learn how to implement Sequelize One-to-Many Relationship at:
Sequelize Associations: One-to-Many example – Node.js, MySQL

Configure Auth Key

jsonwebtoken functions such as verify() or sign() use algorithm that needs a secret key (as String) to encode and decode token.

In the app/config folder, create auth.config.js file with following code:

module.exports = {
  secret: "bezkoder-secret-key"
};

You can create your own secret String.

Create Middleware functions

To verify a Signup action, we need 2 functions:
– check if username or email is duplicate or not
– check if roles in the request is existed or not

middleware/verifySignUp.js

const db = require("../models");
const ROLES = db.ROLES;
const User = db.user;

checkDuplicateUsernameOrEmail = (req, res, next) => {
  // Username
  User.findOne({
    where: {
      username: req.body.username
    }
  }).then(user => {
    if (user) {
      res.status(400).send({
        message: "Failed! Username is already in use!"
      });
      return;
    }

    // Email
    User.findOne({
      where: {
        email: req.body.email
      }
    }).then(user => {
      if (user) {
        res.status(400).send({
          message: "Failed! Email is already in use!"
        });
        return;
      }

      next();
    });
  });
};

checkRolesExisted = (req, res, next) => {
  if (req.body.roles) {
    for (let i = 0; i < req.body.roles.length; i++) {
      if (!ROLES.includes(req.body.roles[i])) {
        res.status(400).send({
          message: "Failed! Role does not exist = " + req.body.roles[i]
        });
        return;
      }
    }
  }
  
  next();
};

const verifySignUp = {
  checkDuplicateUsernameOrEmail: checkDuplicateUsernameOrEmail,
  checkRolesExisted: checkRolesExisted
};

module.exports = verifySignUp;

To process Authentication & Authorization, we have these functions:
- check if token is provided, legal or not. We get token from x-access-token of HTTP headers, then use jsonwebtoken's verify() function.
- check if roles of the user contains required role or not.

middleware/authJwt.js

const jwt = require("jsonwebtoken");
const config = require("../config/auth.config.js");
const db = require("../models");
const User = db.user;

verifyToken = (req, res, next) => {
  let token = req.headers["x-access-token"];

  if (!token) {
    return res.status(403).send({
      message: "No token provided!"
    });
  }

  jwt.verify(token, config.secret, (err, decoded) => {
    if (err) {
      return res.status(401).send({
        message: "Unauthorized!"
      });
    }
    req.userId = decoded.id;
    next();
  });
};

isAdmin = (req, res, next) => {
  User.findByPk(req.userId).then(user => {
    user.getRoles().then(roles => {
      for (let i = 0; i < roles.length; i++) {
        if (roles[i].name === "admin") {
          next();
          return;
        }
      }

      res.status(403).send({
        message: "Require Admin Role!"
      });
      return;
    });
  });
};

isModerator = (req, res, next) => {
  User.findByPk(req.userId).then(user => {
    user.getRoles().then(roles => {
      for (let i = 0; i < roles.length; i++) {
        if (roles[i].name === "moderator") {
          next();
          return;
        }
      }

      res.status(403).send({
        message: "Require Moderator Role!"
      });
    });
  });
};

isModeratorOrAdmin = (req, res, next) => {
  User.findByPk(req.userId).then(user => {
    user.getRoles().then(roles => {
      for (let i = 0; i < roles.length; i++) {
        if (roles[i].name === "moderator") {
          next();
          return;
        }

        if (roles[i].name === "admin") {
          next();
          return;
        }
      }

      res.status(403).send({
        message: "Require Moderator or Admin Role!"
      });
    });
  });
};

const authJwt = {
  verifyToken: verifyToken,
  isAdmin: isAdmin,
  isModerator: isModerator,
  isModeratorOrAdmin: isModeratorOrAdmin
};
module.exports = authJwt;

middleware/index.js

const authJwt = require("./authJwt");
const verifySignUp = require("./verifySignUp");

module.exports = {
  authJwt,
  verifySignUp
};

Create Controllers

Controller for Authentication

There are 2 main functions for Authentication:
- signup: create new User in database (role is user if not specifying role)
- signin:

  • find username of the request in database, if it exists
  • compare password with password in database using bcrypt, if it is correct
  • generate a token using jsonwebtoken
  • return user information & access Token

controllers/auth.controller.js

const db = require("../models");
const config = require("../config/auth.config");
const User = db.user;
const Role = db.role;

const Op = db.Sequelize.Op;

var jwt = require("jsonwebtoken");
var bcrypt = require("bcryptjs");

exports.signup = (req, res) => {
  // Save User to Database
  User.create({
    username: req.body.username,
    email: req.body.email,
    password: bcrypt.hashSync(req.body.password, 8)
  })
    .then(user => {
      if (req.body.roles) {
        Role.findAll({
          where: {
            name: {
              [Op.or]: req.body.roles
            }
          }
        }).then(roles => {
          user.setRoles(roles).then(() => {
            res.send({ message: "User was registered successfully!" });
          });
        });
      } else {
        // user role = 1
        user.setRoles([1]).then(() => {
          res.send({ message: "User was registered successfully!" });
        });
      }
    })
    .catch(err => {
      res.status(500).send({ message: err.message });
    });
};

exports.signin = (req, res) => {
  User.findOne({
    where: {
      username: req.body.username
    }
  })
    .then(user => {
      if (!user) {
        return res.status(404).send({ message: "User Not found." });
      }

      var passwordIsValid = bcrypt.compareSync(
        req.body.password,
        user.password
      );

      if (!passwordIsValid) {
        return res.status(401).send({
          accessToken: null,
          message: "Invalid Password!"
        });
      }

      var token = jwt.sign({ id: user.id }, config.secret, {
        expiresIn: 86400 // 24 hours
      });

      var authorities = [];
      user.getRoles().then(roles => {
        for (let i = 0; i < roles.length; i++) {
          authorities.push("ROLE_" + roles[i].name.toUpperCase());
        }
        res.status(200).send({
          id: user.id,
          username: user.username,
          email: user.email,
          roles: authorities,
          accessToken: token
        });
      });
    })
    .catch(err => {
      res.status(500).send({ message: err.message });
    });
};

Controller for testing Authorization

There are 4 functions:
/api/test/all for public access
/api/test/user for loggedin users (role: user/moderator/admin)
/api/test/mod for users having moderator role
/api/test/admin for users having admin role

controllers/user.controller.js

exports.allAccess = (req, res) => {
  res.status(200).send("Public Content.");
};

exports.userBoard = (req, res) => {
  res.status(200).send("User Content.");
};

exports.adminBoard = (req, res) => {
  res.status(200).send("Admin Content.");
};

exports.moderatorBoard = (req, res) => {
  res.status(200).send("Moderator Content.");
};

Now, do you have any question? Would you like to know how we can combine middlewares with controller functions?
Let's do it in the next section.

Define Routes

When a client sends request for an endpoint using HTTP request (GET, POST, PUT, DELETE), we need to determine how the server will response by setting up the routes.

We can separate our routes into 2 part: for Authentication and for Authorization (accessing protected resources).

Authentication:

  • POST /api/auth/signup
  • POST /api/auth/signin

routes/auth.routes.js

const { verifySignUp } = require("../middleware");
const controller = require("../controllers/auth.controller");

module.exports = function(app) {
  app.use(function(req, res, next) {
    res.header(
      "Access-Control-Allow-Headers",
      "x-access-token, Origin, Content-Type, Accept"
    );
    next();
  });

  app.post(
    "/api/auth/signup",
    [
      verifySignUp.checkDuplicateUsernameOrEmail,
      verifySignUp.checkRolesExisted
    ],
    controller.signup
  );

  app.post("/api/auth/signin", controller.signin);
};

Authorization:

  • GET /api/test/all
  • GET /api/test/user for loggedin users (user/moderator/admin)
  • GET /api/test/mod for moderator
  • GET /api/test/admin for admin

routes/user.routes.js

const { authJwt } = require("../middleware");
const controller = require("../controllers/user.controller");

module.exports = function(app) {
  app.use(function(req, res, next) {
    res.header(
      "Access-Control-Allow-Headers",
      "x-access-token, Origin, Content-Type, Accept"
    );
    next();
  });

  app.get("/api/test/all", controller.allAccess);

  app.get(
    "/api/test/user",
    [authJwt.verifyToken],
    controller.userBoard
  );

  app.get(
    "/api/test/mod",
    [authJwt.verifyToken, authJwt.isModerator],
    controller.moderatorBoard
  );

  app.get(
    "/api/test/admin",
    [authJwt.verifyToken, authJwt.isAdmin],
    controller.adminBoard
  );
};

Don't forget to add these routes in server.js:

...
// routes
require('./app/routes/auth.routes')(app);
require('./app/routes/user.routes')(app);

// set port, listen for requests
...

Run & Test with Results

Run Node.js application with command: node server.js

Tables that we define in models package will be automatically generated in MySQL Database.
If you check the database, you can see things like this:

mysql> describe users;
+-----------+--------------+------+-----+---------+----------------+
| Field     | Type         | Null | Key | Default | Extra          |
+-----------+--------------+------+-----+---------+----------------+
| id        | int(11)      | NO   | PRI | NULL    | auto_increment |
| username  | varchar(255) | YES  |     | NULL    |                |
| email     | varchar(255) | YES  |     | NULL    |                |
| password  | varchar(255) | YES  |     | NULL    |                |
| createdAt | datetime     | NO   |     | NULL    |                |
| updatedAt | datetime     | NO   |     | NULL    |                |
+-----------+--------------+------+-----+---------+----------------+


mysql> describe roles;
+-----------+--------------+------+-----+---------+-------+
| Field     | Type         | Null | Key | Default | Extra |
+-----------+--------------+------+-----+---------+-------+
| id        | int(11)      | NO   | PRI | NULL    |       |
| name      | varchar(255) | YES  |     | NULL    |       |
| createdAt | datetime     | NO   |     | NULL    |       |
| updatedAt | datetime     | NO   |     | NULL    |       |
+-----------+--------------+------+-----+---------+-------+


mysql> describe user_roles;
+-----------+----------+------+-----+---------+-------+
| Field     | Type     | Null | Key | Default | Extra |
+-----------+----------+------+-----+---------+-------+
| createdAt | datetime | NO   |     | NULL    |       |
| updatedAt | datetime | NO   |     | NULL    |       |
| roleId    | int(11)  | NO   | PRI | NULL    |       |
| userId    | int(11)  | NO   | PRI | NULL    |       |
+-----------+----------+------+-----+---------+-------+


mysql> select * from roles;
+----+-----------+---------------------+---------------------+
| id | name      | createdAt           | updatedAt           |
+----+-----------+---------------------+---------------------+
|  1 | user      | 2020-01-13 09:05:39 | 2020-01-13 09:05:39 |
|  2 | moderator | 2020-01-13 09:05:39 | 2020-01-13 09:05:39 |
|  3 | admin     | 2020-01-13 09:05:39 | 2020-01-13 09:05:39 |
+----+-----------+---------------------+---------------------+

Register some users with /signup API:

  • admin with admin role
  • mod with moderator and user roles
  • zkoder with user role

node-js-jwt-authentication-mysql-signup-new-user

Our tables after signup could look like this.

mysql> select * from users;
+----+----------+--------------------+--------------------------------------------------------------+---------------------+---------------------+
| id | username | email              | password                                                     | createdAt           | updatedAt           |
+----+----------+--------------------+--------------------------------------------------------------+---------------------+---------------------+
|  1 | admin    | admin@bezkoder.com | $2a$08$w3cYCF.N0UQZO19z8CQSZ.whzxFS5vMoi9k51g3TQx9r5tkwrIXO2 | 2020-01-13 09:21:51 | 2020-01-13 09:21:51 |
|  2 | mod      | mod@bezkoder.com   | $2a$08$tTj1l28esAxPSSvl3YqKl./nz35vQF7Y76jGtzcYUhHtGy6d.1/ze | 2020-01-13 09:22:01 | 2020-01-13 09:22:01 |
|  3 | zkoder   | user@bezkoder.com  | $2a$08$U2F07dLyYZjzTxQbFMCAcOd1k8V1o9f6E4TGVJHpy0V6/DC7iS0CS | 2020-01-13 09:23:25 | 2020-01-13 09:23:25 |
+----+----------+--------------------+--------------------------------------------------------------+---------------------+---------------------+


mysql> select * from user_roles;
+---------------------+---------------------+--------+--------+
| createdAt           | updatedAt           | roleId | userId |
+---------------------+---------------------+--------+--------+
| 2020-01-13 09:22:01 | 2020-01-13 09:22:01 |      1 |      2 |
| 2020-01-13 09:23:25 | 2020-01-13 09:23:25 |      1 |      3 |
| 2020-01-13 09:22:01 | 2020-01-13 09:22:01 |      2 |      2 |
| 2020-01-13 09:21:51 | 2020-01-13 09:21:51 |      3 |      1 |
+---------------------+---------------------+--------+--------+

Access public resource: GET /api/test/all

node-js-jwt-authentication-mysql-get-public-content

Access protected resource: GET /api/test/user

node-js-jwt-authentication-mysql-get-user-content-not-loggedin

Login an account (with wrong password): POST /api/auth/signin

node-js-jwt-authentication-mysql-user-signin-wrong-password

Login an account: POST /api/auth/signin

node-js-jwt-authentication-mysql-user-signin

Access protected resources: GET /api/test/user

node-js-jwt-authentication-mysql-get-authorized-content

Conclusion

Congratulation!

Today we've learned so many interesting things about Node.js Token Based Authentication with JWT - JSONWebToken in just a Node.js Express Rest Api example.
Despite we wrote a lot of code, I hope you will understand the overall architecture of the application, and apply it in your project at ease.

If you need a working front-end for this back-end, you can find Client App in the post:
- Vue.js JWT Authentication with Vuex and Vue Router
- Angular 8 JWT Authentication with HttpInterceptor and Router
- Angular 10 JWT Authentication example with Web Api
- React JWT Authentication (without Redux) example
- React Hooks: JWT Authentication (without Redux) example
- React Redux: JWT Authentication example

Happy learning! See you again.

Further Reading

Source Code

You can find the complete source code for this tutorial on Github.

123 thoughts to “Node.js Express: JWT example | Token Based Authentication & Authorization”

  1. Great job, thanks a lot!
    Just one question, can we integrate this with sequelize migrate due to the fact that it makes the job easier for entitites

      1. Thanks a lot, this is the best explanation I’ve found, I’m learning a lot from your articles, If I will find you on social media (Medium and others) I’ll be following you.

      2. Great work, thanks a bunch.
        I have a simple question, you’re using those methods which you didn’t define like user.getRoles() but you never defined these methods. I tried to read on sequelize custom setters and getters but about setters and getters they must be defined on a model but these were used without definition so I wanted to know where they’re coming from.

  2. Great Tutorial, thank you very much! It helped very much with my project 🙂 I still have one question though – I hope you’ll be able to help:

    Everything is working and I am trying to build a page where an admin can change the User Roles of a specific user. Right now, I have no Idea what to change or how I would implement this on the backend site. How can I update a User and send a new array of roles to the backend and update the belongsToMany association?

    Thanks in advance!

    1. Hi, you can add a new route with [authJwt.verifyToken, authJwt.isAdmin] middlewares. This route calls controller method that updates just one table: user_roles.

  3. Hi, really Great Tutorial, but i have the problem, that the Signup doesnt work

    I checked out your source code from github, but i get the following message:

    Unhandled rejection Error: WHERE parameter “username” has invalid “undefined” value

    I think it is inside the verifysignup middleware – maybe you can imagine whats wrong?

    Thanks in Advance

    1. shift these lines:
      // routes
      require(‘./app/routes/auth.routes’)(app);
      require(‘./app/routes/user.routes’)(app);

      below :

      // parse requests of content-type – application/json
      app.use(bodyParser.json());

      // parse requests of content-type – application/x-www-form-urlencoded
      app.use(bodyParser.urlencoded({ extended: true }));

      It will work, the issue is routes are called before parsing JSON so it gets undefined in the body.
      Hope this will help someone facing the same issue.
      Thanks a lot, bezkoder for this great tutorial 🙂

  4. Hi. I have a problem whereby every time I start the server through “node server.js” command everything in the database gets reset. It’s making development a bit harder. Can you help with this??

  5. Can we have a version without serialize please? I already made my tables using serialize messes my erd design 🙁

  6. Hi, really Great Tutorial, but i have the problem,
    when Access protected resources: GET /api/test/mod
    Access protected resources: GET /api/test/mod
    Error: Unhandled rejection TypeError: Cannot read property ‘getRoles’ of null

    1. Access protected resources: GET /api/test/admin

      Error: Unhandled rejection TypeError: Cannot read property ‘getRoles’ of null

  7. Bezkoder, your tutorials are just awesome, thank you very much for your work 🙂
    Maybe u have this version without roles(admin, moder) only user?
    If yes, could you please share it?

    1. Hi, admin or moderator is just a role. You can remove them in the define steps of the model.
      Try your best to do it. 🙂

  8. Thanks for this useful tutorial. When I run the node server.js after cloned the source code from GitHub I have following error. Unfortunately I couldn’t find any solution for that. Do you have any suggestions for that?

    Unhandled rejection SequelizeConnectionRefusedError: connect ECONNREFUSED 127.0.0.1:3306
    at C:\Users\ShojaMo\webApp\tasktracker\node_modules\sequelize\lib\dialects\mysql\connection-manager.js:123:19
    at tryCatcher (C:\Users\ShojaMo\webApp\tasktracker\node_modules\bluebird\js\release\util.js:16:23)
    at Promise._settlePromiseFromHandler (C:\Users\ShojaMo\webApp\tasktracker\node_modules\bluebird\js\release\promise.js:547:31)
    at Promise._settlePromise (C:\Users\ShojaMo\webApp\tasktracker\node_modules\bluebird\js\release\promise.js:604:18)
    at Promise._settlePromise0 (C:\Users\ShojaMo\webApp\tasktracker\node_modules\bluebird\js\release\promise.js:649:10)
    at Promise._settlePromises (C:\Users\ShojaMo\webApp\tasktracker\node_modules\bluebird\js\release\promise.js:725:18)
    at _drainQueueStep (C:\Users\ShojaMo\webApp\tasktracker\node_modules\bluebird\js\release\async.js:93:12)
    at _drainQueue (C:\Users\ShojaMo\webApp\tasktracker\node_modules\bluebird\js\release\async.js:86:9)
    at Async._drainQueues (C:\Users\ShojaMo\webApp\tasktracker\node_modules\bluebird\js\release\async.js:102:5)
    at Immediate.Async.drainQueues [as _onImmediate] (C:\Users\ShojaMo\webApp\tasktracker\node_modules\bluebird\js\release\async.js:15:14)
    at processImmediate (internal/timers.js:456:21)

      1. Hi, I’m connecting in my db normaly using MySQL Workbench, but when I try to conect the application with database I have the follow error:

        Unhandled rejection SequelizeConnectionRefusedError: connect ECONNREFUSED 127.0.0.1:3306

        How said Mohsen , infortunately I couldn’t find any solution for that. Do you have any others suggestions for that?

    1. Actually, I ran the code on Win and Mac and both have the same issue! It looks like something is wrong when it tries to run the database. Thanks in advance for any suggestions.

  9. Hi Mr Bezkoder,
    Congratulations on this excellent tutorial. That’s what I’ve been looking for ever since.
    However, I have a hard time integrating this Backend into uen Development FrontEnd React with Redux and JWT Passport.

    Could you help me? I’m new to ReactJS Development.
    Thank you

  10. Hi really great tutorial.
    how to insert data to multiple tables at a time – parent/child relationship in nodejs to mySql ?
    Could you help me? I’m new to node.js Development.

    Relationship between Product & ProductDetails tables.
    Sample JSON object:

    {
    "productName":"laptop",
    "inv_date":"2020-04-01",
    "productDetails":[
    		{
    			"name":"HP 15.6inc 64GB",
    			"price":34052
    		},
    		{
    			"name":"Dell 16.4inc 64GB",
    			"price":37761
    		},
    		{
    			"name":"Acer 14inc Spin 3",
    			"price":32464
    		},
    		{
    			"name":"Refurb HP Spectre x360 ",
    			"price":54150
    		}
    	]
    }
    
      1. Hi,
        Really it’s a good tutorial.Is there anyway to generate( swagger integration) some default documentation without writing the API Documentations (comments) manually? Like in ASP.NET core.

        Sample swagger documentation comments in each routing page:
        /**
        * @swagger
        * /registerUser:
        * post:
        * tags:
        * – Users
        * name: Register
        * summary: Register a new user
        * consumes:
        * – application/json
        * produces:
        * – application/json
        * parameters:
        * – name: body
        * in: body
        * schema:
        * $ref: ‘#/definitions/User’
        * type: object
        * properties:
        * first_name:
        * type: string
        * last_name:
        * type: string
        * username:
        * type: string
        * email:
        * type: string
        * password:
        * type: string
        * format: password
        * required:
        * – username
        * – email
        * – password
        * responses:
        * ‘200’:
        * description: User created
        * ‘403’:
        * description: Username or email already taken
        */

        Thanks in advance.

    1. You can check out Sequelize, an ORM for Node. It is easy to use and provides ability to represent such relationships

  11. I am having an issue with user.setRoles() is not a function in my signUp request:

    {
    “message”: “user.setRoles is not a function”
    }

      1. Hi i have the same error, I was wondering if you could explain where the setRoles function is coming from, is it automatically generated?

          1. Hi, thanks for your tutorial 🙂
            I fixed this issue with an alias :

            db.user.belongsToMany(db.role, {
              through: "Table_User_Roles",
              foreignKey: "idUser",
              otherKey: "idRole",
              as: "roles"
            });
            

            I hope that help you 😉

    1. If you use a REST Client such as Postman, you call API from the same origin http://localhost:8080. It is ok and CORS doesn’t need to work here.

      But when you send HTTP request from another origin (another front-end app with another port: Angular, React, Vue…), for example: http://localhost:8081, you must accept the Cross-origin resource sharing (CORS). It is a mechanism that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served.

  12. Hi,

    I am very new to backend. I follow the tutorial and also clone the repo but always showing the message “Coluld not get any response”. Please let me know what should I have to do. do I need to install any software along. like mySql?

    1. Hi, the example works with MySQL database, so you MUST install MySQL and configure appropriate db parameters 🙂

  13. bezkoder, excellent tutorial. Complete and well thought out. I’m facing an issue that you have appeared to solve, but for the life of me, I cant replicate from your tutorial into my own code.

    I have react/redux front-end with express.js api.
    Login works and returns a token.
    Attempts to access endpoints with the x-access-token fail from localhost, but succeed from PostMan.

    Attempts from localhost give the below error:
    Access to fetch at ‘https:///dev/buyer’ from origin ‘http://localhost:3000’ has been blocked by CORS policy: Request header field x-access-token is not allowed by Access-Control-Allow-Headers in preflight response.

    I have the below cors configuration

    let corsOptions = {
      origin: "http://localhost:3000",
    };
    
    app.use(cors(corsOptions));
    

    I dont understand why PostMan would work, but my localhost will not.

    1. Hi, your server should return that it accepts custom headers:

      res.header(
        "Access-Control-Allow-Headers",
        "x-access-token, Origin, Content-Type, Accept"
      );
      
  14. node run server stuck at:
    Executing (default): CREATE TABLE IF NOT EXISTS `roles` (`role_id` INTEGER , `role_code` VARCHAR(255), `role_descr` VARCHAR(255), `createdAt` DATETIME NOT NULL, `updatedAt` DATETIME NOT NULL, PRIMARY KEY (`role_id`)) ENGINE=InnoDB;
    Executing (default): SHOW INDEX FROM `roles`

      1. Thanks for your quick reply but I’ve figured out the issue. server was running fine there was some other error in my code.

    1. Hi, we’re gonna save the Refresh Token in the database. I will write a tutorial for this when having time 🙂

  15. Hi bezkoder! Been working with some of your tutorials recently, which have been so great, and I’m trying to get a website up on my namecheap hosting server. When I have the API backend loaded and started server.js, I’m able to successfully register and login through the cPanel terminal using curl commands.

    So today I went through your “Vue.js JWT Authentication with Vuex and Vue Router” tutorial, and everything works in testing when connecting to a MySQL database on my local computer, but after loading my build to the server, I’m getting “net::ERR_CONNECTION_REFUSED”. At first I was getting a CORS error, so I changed the corsOptions origin value to my domain, thinking that would work. I’m no longer getting the CORS error message.. just “net::ERR_CONNECTION_REFUSED”.

    Any ideas? Thank you!!

  16. Thanks for the great tutorial! I got this working with SQL Server using tedious and express4-tedious. Didn’t need mysql2 so uninstalled it. So I have a route set up in express4-tedious that I would like to only be available if a user (ROLE_USER) is logged in:

    app.use(‘/alignments’, require(‘./app/routes/alignments’));
    (in server.js)

    I have nothing against myql. Just need to use a mssql database because of some spatial functions that are not available in mysql, for example:

    /* GET alignments listing. */
    router.get(‘/’, function (req, res) {
    req.sql(“select id, fid, GeomCol1.AsTextZM() as alignmentwkt, GeomCol1.STSrid as srid, aligngrp1, aligngrp2, alignment, GeomCol1.STLength() as length, lrs.STStartMeasure(GeomCol1) as startm, lrs.STEndMeasure(GeomCol1) as endm, lrs.STMeasureRange(GeomCol1) as measure_range, hascurve, numsegs, thumbnail, mapurl from alignmentstest4 order by aligngrp1 asc, aligngrp2 asc, alignment asc for json path”)
    .into(res, ‘[]’);
    });
    (in routes/alignments.js)

    So how would you go about making this new /alignments route available to only users who are logged in?

    Going further, there will be some POSTs and PUTs that I would like only moderators or admins to be able to get access to:

    /* PUT update station/offset/point. */
    router.put(‘/ptso/put/update/:ptid’, textParser, function (req, res) {
    req.sql(“exec update_pt_so_h @ptid, @pts”)
    .param(‘ptid’, req.params.ptid, TYPES.Int)
    .param(‘pts’, req.body, TYPES.NVarChar)
    .exec(res);
    });

    Any pointers you can give will be appreciated. I’m very new to Express and have been working with React for a couple of months.

    Thanks again for a great tutorial!

  17. How would you add another protected route without sequelize?

    I have a route /alignments that I would like to add as a protected route. I’m trying to get it to work like the user route. I tried to add it to /user/alignments but that didn’t work either. Please help!

  18. Hi, first of all, thank you for your guidance. Can you make a tutorial about Node.js Token Based Authentication & Authorization example without ORM Sequelize? Thank you!

  19. This article is great.

    The checkDuplicateUserNameOrEmail function check email only when username is already in use. Maybe you should check email only when username is not in use.

    Thanks.

  20. Great work, quick question, why when i add a new model (table), it still enforces createdAt and updatedAt fields to be there? how can i remove this enforcement pls? much thankkkks

  21. I got this to work on my local development machine using SQL Server (MSSQL) rather than MySQL. Also using Tedious and Express4/Tedious. Now trying to publish the Express app to Azure and unable to get to any of the ‘auth’ routes. It returns Cannot GET /api/auth/signin and Cannot GET /api/auth/signup. It does let me have access to the /api/test/user and /api/test/mod and /api/test/admin (these show {“message”:”No token provided!”}) and /api/test/all (shows Public Content.) All my other routes are protected, so they also show up as {“message”:”No token provided!”}. How does one go about getting the auth routes to work in Azure?

  22. First i want thenks for tutorial – it work great … but i dont have rules. I think i dont create or add something. I have profile component from github like everything else. When i try find ROLES_USER, ROLES_ADMIN or ROLES_MODERATOR i cant find it in my code. If i dont give what i have in my code for you please tell me and i add in next comment. Do you know what i miss ?Sorry i dont add “my” code but i dont know what i should add and want know exacly what create ROLES.

    PS
    Sorry for my english – i know im terrible 😛

  23. Thanks a lot for the Tutorial, it helped me understand a lot I didn’t grasp before. It would be nice if you could make this post a bit clearer:
    React + Node.js Express: User Authentication with JWT example
    Scrolling through half the page was a little bit confusing to find the implementation.
    Besides that I have one question maybe you or someone else here can answer.

    const authJwt = {
    verifyToken: verifyToken,
    isAdmin: isAdmin,
    isModerator: isModerator,
    isModeratorOrAdmin: isModeratorOrAdmin
    };

    Everything in these is undefined for me and thus the arrow functions also don’t work. Do you have any idea why that could be the case? I think I’m probably missing something super simple but I don’t know what.

    Thanks again for the great tutorial, even with my fails it was easy for me to follow and made some things clear.

  24. Hi greatesolution i tried the CRUD operations and it worked perfectly . I have an error in the api while trying the authentication with mysql. I’m not able to add a new user in both mysql db as well as in server (i.e) in the locahost:8080/api/auth/signup in server . in my db i’m getting the following error
    Unhandled rejection SequelizeForeignKeyConstraintError: Cannot add or update a child row: a foreign key constraint fails (`mysql`.`user_roles`, CONSTRAINT `user_roles_ibfk_1` FOREIGN KEY (`roleId`) REFERENCES `roles` (`id`) ON DELETE CASCADE ON UPDATE CASCADE)
    Help needed. Thanks in advance!!!

  25. That’s awesome, thanks!

    One quick note: You’ve created the folder as “middlewares” but it’s importing it later as “middleware”. 🙂

  26. Hi,
    I’m getting an error, When I start the server node server.js. Please find the below error log:
    D:\Personal\NodeJS\node-js-jwt-auth>node server.js
    D:\Personal\NodeJS\node-js-jwt-auth\server.js:23
    db.sequelize.sync();
    ^
    TypeError: Cannot read property ‘sync’ of undefined
    at Object. (D:\Personal\NodeJS\node-js-jwt-auth\server.js:23:14)
    at Module._compile (internal/modules/cjs/loader.js:1138:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1158:10)
    at Module.load (internal/modules/cjs/loader.js:986:32)
    at Function.Module._load (internal/modules/cjs/loader.js:879:14)
    at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:71:12)
    at internal/main/run_main_module.js:17:47
    Thanks.
    Harish

    1. Hi,
      I don’t know how to do this initialization.
      If anyone has source code, Kindly the share to me.
      Thank you so much for these tutorials.

      Thanks,
      Harish

  27. Everything looks great except I fear many people using this may not realize that adding roles in the signup route is a bad idea. Anyone could hit the api of the site using postgres and create an account with admin privileges if they knew the website used this. I would highly recommend removing removing everything in this if statement and only keeping what is in the else (default User role) in the signup function in auth.user.js

    if (req.body.roles) {
            Role.findAll({
              where: {
                name: {
                  [Op.or]: req.body.roles
                }
              }
            }).then(roles => {
              user.setRoles(roles).then(() => {
                res.send({ message: "User was registered successfully!" });
              });
            });
          } else {
            // user role = 1
            user.setRoles([1]).then(() => {
              res.send({ message: "User was registered successfully!" });
            });
          }
    
    1. Hi, this is just for development and understand how to run authorization. In real app, we don’t accept anybody signup for all roles.

      1. Hi,

        For my use case it’s ideal as I expect the admin to do the signups and allocate roles, so the signup route will be admin role protected.

    1. Hi Aak,

      I’ve just completed this tutorial by converting to using node-postgres rather than use sequelize, so it will be possible. As I’m new to most of this myself and haven’t used MySql I can’t be specific but it should just be a matter of creating the appropriate SQL statements for each of the database queries required.

      Best regards,

  28. Hi Bezkoder,

    Thanks for this tutorial, very helpful. But I don’t understand one of the functions.
    What does ‘getRoles()’ from authJwt.js file do?
    I cannot see where it is defined or referenced in the project.

    1. Hi, you can see that we use belongsToMany() so that Sequelize supports the methods getRoles() for model User.

  29. Hi and thanks bezkoder for this tutorial, it has helped me understand this process better considering I’ve rewritten parts to use node-postgres rather than sequelize since I’m more familiar with SQL than working with ORMs. The conversion “forced” me to learn more Postgresql functionality. Now to tackle the React frontend part where I’ll be using material-ui and formik but still following your React Hooks: JWT Authentication (without Redux) example. Excellent work.

  30. please i need an explanation; whats the setRole() for, is it a sequelize function.

    .then(roles => {
    user.setRoles(roles).then(() => {
    res.send({ message: “User was registered successfully!” });
    });
    });

    1. Hi, you should change the code in server.js to:

      // db.sequelize.sync();
      // force: true will drop the table if it already exists
      db.sequelize.sync({force: true}).then(() => {
        console.log('Drop and Resync Database with { force: true }');
        initial();
      });
      

      It will create 3 necessary rows first. 🙂

  31. UnhandledPromiseRejectionWarning: SequelizeDatabaseError: Cannot drop table ‘roles’ referenced by a foreign key constraint ‘user_roles_ibfk_1’ on table ‘user_roles’. . this is happen when i try to execute server.js . I know this is an error when i try to delete table that has foreign key , how to fix this in node js .

    1. Hi, please look at how we define Sequelize Associations in app/models/index.js. The method user.getRoles() is supported without our implementation.

  32. Great guide thank you!
    Posting this again as you may have missed it.

    In your explanation of folder stucture, you have “middleware”.
    However you refer to this folder throughout the guide as “middlewares” (plural), when we are creating the files authJwt, index, and verifySignUp.

    But, inside the code, you are importing files from the folder “middleware” (singular).

    Would advise changing to avoid any confusion on why code isn’t working if people are not checking this.

    Again, love all the guides and options you are providing for different stacks.
    Best,

    1. I also wanted to add to this as I had an issue with the correct board being displayed per the users role.
      (User, Moderator, Admin)
      In the auth-header.js file you have the following object being returned to the user.service.js GET requests:

      return { Authorization: “Bearer ” + user.accessToken };

      This results in an error of “No token provided”. as it is looking for the header “x-access-token”, not Authorization.bearer

      I have changed it to reflect the following, which resulted in a correct display of the board being viewed by the users role.

      return { “x-access-token” : user.accessToken };

      If the way in which you have described the object in the guide is correct, could you explain a bit further on how that works?
      Because I received the error stated above, I have kept my chgange I made until further notice.

      Again, thank you!! 🙂

      1. Hi, it is because I use the frontend for 2 backend:
        – Spring Boot: using Bearer token
        – Node.js: using x-access-token

        I write this notification in the frontend tutorial.

  33. hey bezkoder,

    I have this error :

    TypeError: Cannot read property ‘username’ of undefined
    at exports.signin (C:\Users\me\Desktop\env_node\JWT_mysql_node_tut\app\controllers\auth.controller.js:46:26)
    at Layer.handle [as handle_request] (C:\Users\me\Desktop\env_node\JWT_mysql_node_tut\node_modules\express\lib\router\layer.js:95:5)
    at next (C:\Users\me\Desktop\env_node\JWT_mysql_node_tut\node_modules\express\lib\router\route.js:137:13)
    at Route.dispatch (C:\Users\me\Desktop\env_node\JWT_mysql_node_tut\node_modules\express\lib\router\route.js:112:3)
    at Layer.handle [as handle_request] (C:\Users\me\Desktop\env_node\JWT_mysql_node_tut\node_modules\express\lib\router\layer.js:95:5)
    at C:\Users\me\Desktop\env_node\JWT_mysql_node_tut\node_modules\express\lib\router\index.js:281:22
    at Function.process_params (C:\Users\me\Desktop\env_node\JWT_mysql_node_tut\node_modules\express\lib\router\index.js:335:12)
    at next (C:\Users\me\Desktop\env_node\JWT_mysql_node_tut\node_modules\express\lib\router\index.js:275:10)
    at C:\Users\me\Desktop\env_node\JWT_mysql_node_tut\app\routes\auth.routes.js:10:5
    at Layer.handle [as handle_request] (C:\Users\me\Desktop\env_node\JWT_mysql_node_tut\node_modules\express\lib\router\layer.js:95:5)

    and unable to solve it till now. Any solution would be appreciated. Thank you!

  34. When i use post api -> localhost:8080/api/auth/signup

    {
    “username” : “ahmad”,
    “email” : “ahmad@gmail.com”,
    “password”: “1245678”,
    “roles” : [“admin”, “user”]
    }

    I face this error

    Unhandled rejection Error: WHERE parameter “username” has invalid “undefined” value
    at MySQLQueryGenerator.whereItemQuery (E:\test\node-js-jwt-auth-master\node_modules\sequelize\lib\dialects\abstract\query-generator.js:2184:13)
    at E:\test\node-js-jwt-auth-master\node_modules\sequelize\lib\dialects\abstract\query-generator.js:2173:25
    at Array.forEach ()
    at MySQLQueryGenerator.whereItemsQuery (E:\test\node-js-jwt-auth-master\node_modules\sequelize\lib\dialects\abstract\query-generator.js:2171:35)
    at MySQLQueryGenerator.getWhereConditions (E:\test\node-js-jwt-auth-master\node_modules\sequelize\lib\dialects\abstract\query-generator.js:2583:19)
    at MySQLQueryGenerator.selectQuery (E:\test\node-js-jwt-auth-master\node_modules\sequelize\lib\dialects\abstract\query-generator.js:1315:28)
    at QueryInterface.select (E:\test\node-js-jwt-auth-master\node_modules\sequelize\lib\query-interface.js:1127:27)
    at E:\test\node-js-jwt-auth-master\node_modules\sequelize\lib\model.js:1759:34
    at tryCatcher (E:\test\node-js-jwt-auth-master\node_modules\bluebird\js\release\util.js:16:23)
    at Promise._settlePromiseFromHandler (E:\test\node-js-jwt-auth-master\node_modules\bluebird\js\release\promise.js:547:31)
    at Promise._settlePromise (E:\test\node-js-jwt-auth-master\node_modules\bluebird\js\release\promise.js:604:18)
    at Promise._settlePromise0 (E:\test\node-js-jwt-auth-master\node_modules\bluebird\js\release\promise.js:649:10)
    at Promise._settlePromises (E:\test\node-js-jwt-auth-master\node_modules\bluebird\js\release\promise.js:729:18)
    at _drainQueueStep (E:\test\node-js-jwt-auth-master\node_modules\bluebird\js\release\async.js:93:12)
    at _drainQueue (E:\test\node-js-jwt-auth-master\node_modules\bluebird\js\release\async.js:86:9)
    at Async._drainQueues (E:\test\node-js-jwt-auth-master\node_modules\bluebird\js\release\async.js:102:5)
    at Immediate.Async.drainQueues [as _onImmediate] (E:\test\node-js-jwt-auth-master\node_modules\bluebird\js\release\async.js:15:14)
    at processImmediate (internal/timers.js:456:21)

  35. Hi and thx for very nice tutorial!
    I have problem when I try to login with non-existing user – the node screams about UnhandledPromiseRejectionWarning but I don’t know how and what block should I put inside the try-catch to satisfy node. Do I have to somehow modify app.post(“/api/auth/signin”, controller.signin); ? The findOne already has catch. When I change the exports.signin into exports.signin = async (req, res) => {try {…} catch (err) {..} it isn’t solving the problem. Thank you very much!

    Executing (default): SELECT “id”, “username”, “email”, “password”, “createdAt”, “updatedAt” FROM “users” AS “users” WHERE “users”.”username” = ‘testuser’ LIMIT 1;
    (node:19868) UnhandledPromiseRejectionWarning: Error: WHERE parameter “email” has invalid “undefined” value (…)
    at async Function.findOne (node_modules\sequelize\lib\model.js:1917:12)
    (node:19868) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). To terminate the node process on unhandled promise rejection, use the CLI flag `–unhandled-rejections=strict` (see https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode). (rejection id: 2)
    (node:19868) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

  36. Hey, great work!
    I had a question, How can we directly set roles for the user using a form from the frontend rather than using postman?

  37. Running Ubuntu 20.04

    It returns Cannot GET /api/auth/signin and Cannot GET /api/auth/signup. It does let me have access to the /api/test/user and /api/test/mod and /api/test/admin (these show {“message”:”No token provided!”}) and /api/test/all (shows Public Content.)

    Does anyone know the issue?

    Been trying to integrate the https://bezkoder.com/angular-10-jwt-auth/ into this. Does anyone know how to do it? Please share if you have any example?

  38. hi there,

    i have an error for “message”: “No token provided!” and inside my postman there is no x-access token. is there something that I am missing ? on my postman there is content-type but not x-access

  39. Hello, I;m stuck in “Unhandled rejection Error: WHERE parameter “username” has invalid “undefined” value”
    i do :
    // parse requests of content-type – application/json
    app.use(bodyParser.json());

    // parse requests of content-type – application/x-www-form-urlencoded
    app.use(bodyParser.urlencoded({ extended: true }));

    And below it i put :

    // routes
    require(‘./app/routes/auth.routes’)(app);
    require(‘./app/routes/user.routes’)(app);

    Trying restart “node server.js” several times like a mention in comment before ,but still no luck still getting that error , maybe someone can help to resolve it ?. – Thanks –

  40. Thank you for this tutorial. I’m facing these messages when I try to restart node server.js:
    (node:14036) [SEQUELIZE0004] DeprecationWarning: A boolean value was passed to options.operatorsAliases. This is a no-op with v5 and should be removed.

    Server is running on port 8080.

    (node:14036) UnhandledPromiseRejectionWarning: SequelizeConnectionRefusedError: connect ECONNREFUSED 127.0.0.1:3306
    at ConnectionManager.connect (C:\Users\RARibeiro\OneDrive\ECOSTEEL\node-js-jwt-auth\node_modules\sequelize\lib\dialects\mysql\connection-manager.js:116:17)
    at processTicksAndRejections (internal/process/task_queues.js:97:5)

    (node:14036) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). To terminate the node process on unhandled promise rejection, use the CLI flag `–unhandled-rejections=strict` (see https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode). (rejection id: 1)

    (node:14036) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

Leave a Reply

Your email address will not be published. Required fields are marked *