PassportJS is an authentication middleware for Node.js. It is simple to integrate & are hard to detect. It comes with several different strategies to use. We're going to be looking at the passport local strategy which takes a username, password & authenticates routes with passport sessions. In a later article we're going to be using google oauth 2 for authentication.

We're going to install passport & passport-local with the npm.

Then, we're going to require passport & passport-local.

The passport local strategy is used to authenticate a username & password for login. You use a verification function which takes all of your authentication. The verification function then calls a callback that will create a session if authentication is successful. We can use a passport.use method like you would use an app.use method for the middleware.

The passport local strategy takes 2 parameters, an options object & the verification function. The options object has 3 parameters.

The username property, which takes a string as an alias for the username field on the request object.

The password property, which takes a string as an alias for the password field on the request object.

The passReqToCallback property, which takes a boolean which will have the request object be available in the verification function.

The verification function takes 4 parameters.

The request object, if the passReqToCallback property is true, then you can take the request object as a parameter in the this function.

The username alias, the alias for the username.

The password alias, the alias for the password.

The done callback, this callback logs the user in & creates the session if successful, if unsuccessful then no session is created & the user will not be logged in, if an error occurs the error will accessible within a message, the user will not be logged in & the session will not be created.

Passport has an authenticate method which will authenticate the strategy specified on a particular route. We're going to authenticate the local strategy on the login route. You can also authenticate the strategy on the first parameter of the passport.use middleware.

Normally, this method takes a redirect object which will redirect the user if the method is successful or not. Since we're using fetch we can't redirect the user, we have to send a message back to the browser based off the result. We can use req.isAuthenticated() method, if the login was successful this method will return true, if not the method will return false.

You can check out the project here.