MERN Stack Authentication: How to Set Up Secure Login Systems

Introduction

In modern web development, ensuring the security of user data and providing a smooth, seamless experience for users is critical. One of the cornerstones of a secure web application is authentication. Authentication is the process of verifying the identity of a user before granting access to resources, and it’s fundamental to almost all web applications.

In this blog post, we’ll walk through how to set up a secure login system using the MERN stack—MongoDB, Express.js, React, and Node.js. We’ll cover the implementation of both front-end and back-end authentication and integrate security practices such as JWT (JSON Web Tokens) for token-based authentication, password hashing, and session management.

---

What is the MERN Stack?

Before diving into the specifics of setting up authentication, let’s briefly discuss the MERN stack:

• MongoDB: A NoSQL database used to store data.
• Express.js: A web framework for Node.js that simplifies backend development.
• React: A JavaScript library for building user interfaces, primarily used for single-page applications.
• Node.js: A runtime environment that allows you to run JavaScript on the server side.

These four technologies work seamlessly together, and authentication is an essential feature in most MERN applications.

---

Setting Up the Backend (Node.js + Express)

First, let’s begin by setting up the backend, where we will handle authentication logic.

1. Install Dependencies

In the backend folder of your MERN project, run the following commands to install necessary dependencies:

bash

 code

npm init -y

npm install express mongoose bcryptjs jsonwebtoken dotenv cors

Here’s what these dependencies do:

• express: The web framework for handling HTTP requests.
• mongoose: MongoDB object modeling for Node.js.
• bcryptjs: A library for hashing passwords.
• jsonwebtoken: A library for creating and verifying JWT tokens.
• dotenv: Loads environment variables from a .env file.
• cors: Handles cross-origin requests.

2. Set Up Express Server

Create a basic Express server in server.js:

javascript

 code

const express = require(‘express’);const mongoose = require(‘mongoose’);const cors = require(‘cors’);require(‘dotenv’).config();

const app = express();

app.use(cors());

app.use(express.json()); // For parsing application/json

// Connect to MongoDB

mongoose.connect(process.env.MONGO_URI, {

  useNewUrlParser: true,

  useUnifiedTopology: true,

}).then(() => {

  console.log(‘MongoDB connected’);

}).catch((err) => {

  console.log(err);

});

const PORT = process.env.PORT || 5000;

app.listen(PORT, () => {

  console.log(`Server running on port ${PORT}`);

});

3. Create User Model

Let’s create a user model to define how user data will be structured in the database. In the models folder, create User.js:

javascript

 code

const mongoose = require(‘mongoose’);const bcrypt = require(‘bcryptjs’);

const userSchema = new mongoose.Schema({

  username: { type: String, required: true, unique: true },

  email: { type: String, required: true, unique: true },

  password: { type: String, required: true }

});

// Hash password before saving user

userSchema.pre(‘save’, async function(next) {

  if (!this.isModified(‘password’)) return next();

  const salt = await bcrypt.genSalt(10);

  this.password = await bcrypt.hash(this.password, salt);

  next();

});

// Compare password with hashed password

userSchema.methods.comparePassword = function(password) {

  return bcrypt.compare(password, this.password);

};

module.exports = mongoose.model(‘User’, userSchema);

4. Create Authentication Routes

In the routes folder, create an auth.js file to handle the login and registration functionality:

javascript

 code

const express = require(‘express’);const User = require(‘../models/User’);const jwt = require(‘jsonwebtoken’);const router = express.Router();

// Register user

router.post(‘/register’, async (req, res) => {

  const { username, email, password } = req.body;

  try {

    const user = new User({ username, email, password });

    await user.save();

    res.status(201).json({ message: ‘User registered successfully’ });

  } catch (error) {

    res.status(400).json({ message: ‘Error registering user’ });

  }

});

// Login user

router.post(‘/login’, async (req, res) => {

  const { email, password } = req.body;

  try {

    const user = await User.findOne({ email });

    if (!user) {

      return res.status(400).json({ message: ‘Invalid email or password’ });

    }

    const isMatch = await user.comparePassword(password);

    if (!isMatch) {

      return res.status(400).json({ message: ‘Invalid email or password’ });

    }

    const token = jwt.sign({ id: user._id }, process.env.JWT_SECRET, { expiresIn: ‘1h’ });

    res.json({ token });

  } catch (error) {

    res.status(500).json({ message: ‘Server error’ });

  }

});

module.exports = router;

In this code:

• We handle user registration and login.
• Passwords are hashed using bcryptjs and compared during login.
• On successful login, a JWT token is created and returned, which the frontend will use for authorization.

5. Connect Routes to the Server

In server.js, import and use the routes:

javascript

 code

const authRoutes = require(‘./routes/auth’);

app.use(‘/api/auth’, authRoutes);

---

Setting Up the Frontend (React)

Now, let’s focus on the frontend where users will interact with the login and registration forms.

1. Install Dependencies

In the React frontend folder, install the following dependencies:

bash

 code

npm install axios react-router-dom

• axios: A promise-based HTTP client for making requests.
• react-router-dom: To handle routing between pages.

2. Create Login and Register Components

Create two React components, Login.js and Register.js.

Login.js:

javascript

 code

import { useState } from ‘react’;import axios from ‘axios’;import { useHistory } from ‘react-router-dom’;

const Login = () => {

  const [email, setEmail] = useState(”);

  const [password, setPassword] = useState(”);

  const history = useHistory();

  const handleLogin = async (e) => {

    e.preventDefault();

    try {

      const response = await axios.post(‘http://localhost:5000/api/auth/login’, { email, password });

      localStorage.setItem(‘token’, response.data.token);

      history.push(‘/’);

    } catch (error) {

      console.error(‘Invalid credentials’);

    }

  };

  return (

    <form onSubmit={handleLogin}>

      <input type=”email” placeholder=”Email” value={email} onChange={(e) => setEmail(e.target.value)} required />

      <input type=”password” placeholder=”Password” value={password} onChange={(e) => setPassword(e.target.value)} required />

      <button type=”submit”>Login</button>

    </form>

  );

};

export default Login;

Register.js:

javascript

 code

import { useState } from ‘react’;import axios from ‘axios’;import { useHistory } from ‘react-router-dom’;

const Register = () => {

  const [username, setUsername] = useState(”);

  const [email, setEmail] = useState(”);

  const [password, setPassword] = useState(”);

  const history = useHistory();

  const handleRegister = async (e) => {

    e.preventDefault();

    try {

      await axios.post(‘http://localhost:5000/api/auth/register’, { username, email, password });

      history.push(‘/login’);

    } catch (error) {

      console.error(‘Registration failed’);

    }

  };

  return (

    <form onSubmit={handleRegister}>

      <input type=”text” placeholder=”Username” value={username} onChange={(e) => setUsername(e.target.value)} required />

      <input type=”email” placeholder=”Email” value={email} onChange={(e) => setEmail(e.target.value)} required />

      <input type=”password” placeholder=”Password” value={password} onChange={(e) => setPassword(e.target.value)} required />

      <button type=”submit”>Register</button>

    </form>

  );

};

export default Register;

---

Conclusion: Ensuring Security

In this blog post, we’ve covered the basic setup of a secure login system using MERN stack:

• Implemented password hashing using bcryptjs to ensure sensitive data is protected.
• Used JWT (JSON Web Tokens) for token-based authentication, which ensures secure and stateless sessions.
• Built a simple React frontend with Axios for communicating with the backend.

Security is an ongoing process, and there are many other techniques you can use to enhance your application, including:

• JWT expiration and refresh tokens to handle long sessions securely.
• Two-factor authentication (2FA) for an extra layer of security.
• Rate limiting and brute force attack protection.

By following best practices and staying up to date with security trends, you can build a secure and user-friendly authentication system for your MERN stack application.

---

Interactive Exercise

1. Set up the backend: Follow the steps above to create the authentication routes.
2. Build the React components: Create the Login and Register forms in your frontend React application.
3. Test the authentication flow: Run your backend and frontend, test the registration and login system, and ensure JWT tokens are being properly stored in localStorage.

Let me know if you need further assistance!

Additional learning resources:

• C LANGUAGE COMPLETE COURSE – IN HINDI – Link
• CYBER SECURITY TUTORIAL SERIES – Link
• CODING FACTS SERIES – Link
• SKILL DEVELOPMENT SERIES – Link
• PYTHON PROGRAMMING QUIZ – Link
• CODING INTERVIEW QUIZ – Link
• JAVA PROGRAMMING QUIZ – Link
• C PROGRAMMING QUIZ – Link