Authentication FundamentalsLesson 1.5
Setting up an Express project for auth development
Express setup, middleware stack, environment variables, dotenv, project structure, nodemon, basic route skeleton
Project Scaffold
Every code example in this course runs on a minimal Express server. Set this up once and use it throughout.
mkdir auth-from-scratch && cd auth-from-scratch
npm init -y
npm install express dotenv bcrypt
npm install -D nodemon
Create index.js:
require('dotenv').config();
const express = require('express');
const app = express();
app.use(express.json());
app.get('/health', (req, res) => res.json({ status: 'ok' }));
const PORT = process.env.PORT || 3000;
app.listen(PORT, () => console.log(`Server running on port ${PORT}`));
Create a .env file:
PORT=3000
JWT_SECRET=change-this-to-a-long-random-string
DB_URL=your-database-url
Key Conventions
Never commit .env to version control — add it to .gitignore immediately. All secrets live in environment variables, never hardcoded in source files. Routes go in /routes, business logic in /controllers, database models in /models. This structure keeps auth logic testable and separate from HTTP wiring.