1. SignIn Up Users

Question 1

How do you write a sign up middleware?

Answer 1

const signup = catchAsync(async (req, res, next) => { const user = { name: req.body.name, email: req.body.email, password: req.body.password, confirmPassword: req.body.confirmPassword }; const createdUser = await User.create(user); const data = { name: createdUser.name, email: createdUser.email, _id: createdUser._id }; const token = signToken(data._id); res.status(201).json({ status: ‘success’, data: { data }, token });})

Question 2

When signing up a user, why don’t you just parse the entire body?

Answer 2

It is an attempt to sanitize the data by extracting only what we need from the req.body object, preventing malicious individuals from adding or changing certain properties of the object, e.g. making themselves admin in the req.body object.

Question 3

When signing up a user, the function ‘signToken’ is used, how is that function written?

Answer 3

const signToken = (id) => { return jwt.sign({ id }, process.env.JWT_SECRET, { expiresIn: process.env.JWT_EXPIRES_IN }); }

Question 4

What is the job of the signToken function?

Answer 4

To return a JWT token to the user, which the user can use to prove that they are logged in to the application.

Question 5

When storing user information, it is a security risk to leave their passwords in plain text. How do you hash user passwords in order to protect them?

Answer 5

userSchema.pre(‘save’, async function(next) { if (!this.isModified(‘password’)) { return next(); } this.password = await bcrypt.hash(this.password, 12); this.confirmPassword = null; next(); });

Question 6

How do you stop a property of a document from being saved in the database?

Answer 6

In a document middleware using the ‘pre’ hook, set that property to null.