Login

1. Write session migration
2. Write user migration
3. Write user model
4. Write session middleware
5. Write auth middleware
6. Write auth validator
7. Write auth service
8. Write auth controller
9. Write account controller
10. Write auth routes
11. Write account routes
12. Write auth views
13. Write account views

Auth Flow

1. HTTP request hits express entry point
2. Global Middleware runs
   • Payload parsed
     req.body.username
req.body.password
   • Session cookie parse attempted
     req.session = null
   • setCurrentUser attempted
     res.locals.currentUser = null
3. Login Route handler runs
   app.post("/login", loginController);
4. Credentials extracted
   const { username, password } = req.body;
5. Lookup user in database
   const user = await db.find(username);
6. Verify password
   const isValid = await bcrypt.compare(password, user.passwordHash);
7. Authentication success
8. User data stored in session table
   req.session.userId = user.userId;
9. Session cookie generated
10. Response sent with session cookie
    res.redirect("/account");
11. Next request happens
    GET /account
    Session cookie automatically sent
12. HTTP request hits express entry point (starting over)
13. Global middleware runs
    • Payload parsed if any
    • Session cookie parsed
      req.session = {userId: 123}
    • setCurrentUser
      res.locals.currentUser = db.find(userId)
14. Route handlers run now with access to currentUser