Node.js session authentication in one file

Below is one file that shows how to do session authentication in node.js and express with a minimal example. The only dependencies on the project are express and dotenv

index.js


require("dotenv").config();
const express = require("express");
const session = require("express-session");

const PORT = process.env.PORT || 8080;
const NODE_ENV = process.env.NODE_ENV || "development";
const SECRET_KEY = process.env.SECRET_KEY || "secret_key";

//user data and methods
const users = [
  {
    id: 1,
    username: "john",
    password: "password",
  },
  {
    id: 2,
    username: "jane",
    password: "password",
  },
];

function getUserById(id) {
  return users.find((user) => user.id === id);
}

function getUserByUsername(username) {
  return users.find((user) => user.username === username);
}

//middleware
const app = express();
app.use(express.json());
app.use(express.urlencoded({ extended: true }));
app.use(
  session({
    resave: true,
    saveUninitialized: true,
    secret: SECRET_KEY,
  })
);

//authentication middleware (used to populate req.user object if user is logged in other wise req.user is null)
app.use((req, res, next) => {
  const id = req.session.userId;
  if (id) {
    req.user = getUserById(id);
  } else {
    req.user = null;
  }
  next();
});

const router = express.Router();

router.get("/", (req, res) => {
  const user = req.user;
  const html = `
    <h1>hello world</h1>
    ${(() => {
      if (user) {
        return `<p>you are logged in as ${user.username}</p>`;
      }
      return `<p>you are not logged in</p>`;
    })()}
    ${(() => {
      if (user) {
        return `<a href="/logout">logout</a>`;
      }
      return `<a href="/login">login</a>`;
    })()}
  `;
  res.send(html);
});

router.get("/login", (req, res) => {
  const html = `
    <form action="/login" method="post">
      <input type="text" name="username" placeholder="username">
      <input type="password" name="password" placeholder="password">
      <button type="submit">login</button>
    </form>
  `;
  res.send(html);
});

router.post("/login", (req, res) => {
  const { username, password } = req.body;
  const user = getUserByUsername(username);
  if (user && user.password === password) {
    req.session.userId = user.id;
    res.redirect("/");
  } else {
    res.redirect("/login");
  }
});

router.get("/logout", (req, res) => {
  req.session.destroy();
  res.redirect("/");
});

app.use("/", router);

function main() {
  app.listen(PORT, () => {
    console.log(`Example app listening on port http://localhost:${PORT}`);
  });
}

//run the app
main();