DEV Community

Khushiii
Khushiii

Posted on

Building an Express App β€” My Fullstack Girly Era Unlocked (Part 01) πŸ’…πŸ»πŸ› οΈ

#webdev #programming #javascript #backend

aka backend chaos, Postman errors, and drawing tokens with pens 😭✍️

Yess guys, I'm back with another weekly update (or a chaotic blog, same thing at this point).

This week was all about Express.js, learning backend basics and unlocking new dev girl powersπŸ’ͺ🫠.

From setting up servers, hitting Postman with 403s, figuring out tokens, to finally meeting JWTs β€”
it was FULL vibes and full chaos.πŸ₯ΉπŸ«Ά

So let's dive into building a basic Express app for authentication (and yeah, some hand-drawn madness included to explain my logic 😭).and googling google 🌸

🏁 Setting Up: Express Auth App Begins
Let’s initialise an Express app β€” super simple.

npm init -y # Step 1: Start Node project touch index.js # Step 2: Create entry file npm install express # Step 3: Add Express
Enter fullscreen mode Exit fullscreen mode

Open it all in VS Code. IYKYK. πŸ‘©πŸ»β€πŸ’»

πŸ” Basic Auth β€” Signup & Signin
Let’s keep it minimal (but working):

βœ… POST /signup β†’ save user info
βœ… POST /signin β†’ validate + send token
βœ… Use express.json() middleware
βœ… Store users in an in-memory array (no DB rn, just memory lane 🧠)

And here’s what my logic sketch looked like:

Also here's how I planned storing tokens and user info πŸ‘‡
(I added JWT later, ignore that for now πŸ˜…)

🎯/me Endpoint β€” Authenticated Route
So I created an endpoint called /me that returns user details only if they send a valid token.

Because we love some privacy 😌

πŸ“« Hitting It with Postman

  • GET for reading
  • POST for registering or logging in
  • Use http://localhost:3000/me to hit that private route

How I ran it:

node index.js
Enter fullscreen mode Exit fullscreen mode

Now Postman just waits for your requests like:

πŸ”“ Signup Flow
Start with /signup
(yes I made spelling errors at first... dev things πŸ™ƒ)

Then hit /signin to receive your token 🎟️

πŸ”‘ Use the Token in Headers
After you receive the token, you gotta copy it and paste it in the headers when hitting /me.

⚠️ The token changes every time β€” it’s randomly generated by generateToken() in this version.

🧠 Auth in Action
Now when I hit /me using the valid token β€” boom, it works!
Returns only my data πŸ”₯

And yeah, GET method it is πŸ‘‡

Here’s what I get in my terminal too β€” actual user info πŸ”₯

Now unless someone steals my token (pls don’t 😭),
they can’t access my /me endpoint.

πŸ€” Problem β€” But This Isn’t JWT Yet!

This whole setup uses a random token saved in memory.
That means every time we validate, we must query the users array.

Big no-no for real apps πŸ˜Άβ€πŸŒ«οΈ

πŸ§ƒ Solution β€” Enter JWT (JSON Web Tokens)
JWT lets us sign and verify tokens β€” no need to store anything server-side.
It carries its own data and verifies itself πŸ”

Here’s how I understood it (and drew it out πŸ˜…): -

Some more doodles to make it clear πŸ–ŠοΈ ( I drew thatπŸ₯Ή)

πŸ” Replacing Token Logic with JWT

Step 1: Install JWT

npm install jsonwebtoken
Enter fullscreen mode Exit fullscreen mode

Step 2: Remove generateToken()
We don’t need it anymore.

Step 3: Create a secret key

const JWT_SECRET = "USER_APP";
Enter fullscreen mode Exit fullscreen mode

Step 4: Sign JWT
When the user logs in, generate a JWT token like this:

const token = jwt.sign({ username: user.username }, JWT_SECRET);
Enter fullscreen mode Exit fullscreen mode

🧾 Bonus Sketch: Encryption vs Decryption
I found this while figuring out how encryption works in JWT.
Hope it helps someone πŸ˜…πŸ‘‡

πŸ” JWT Verification: The /me Endpoint
Once you’ve switched to JWTs, it’s time to verify them when users hit your protected route.

Here’s how I did it in the /meendpoint using jwt.verify()πŸ‘‡

🌻Running the Final Flow (With JWT Now!)
Now let’s see it in action from start to finish, this time with JWT-powered logic.

πŸ“ Step 1: Sign Up

πŸ” Step 2: Sign In (Get Your JWT Token)
it’s long, has 3 parts separated by dots (.), and carries your data securely : -

🧠 Step 3: Authenticated /me Route
Boom πŸ’₯ β€” you’re in!

This time it works without needing to check the DB β€” JWT handles the identity 🎟️.

And here's how the terminal looks when all things align perfectly ✨

🌸 Wrapping Up (for now...)
This was one wild ride through backend basics, but here’s what we nailed:

βœ… Created a Node + Express app
βœ… Built basic auth logic with random tokens
βœ… Upgraded to secure JWT-based authentication
βœ… Tested it all via Postman
βœ… Cried once, debugged twice, and learned a LOT πŸ˜΅β€πŸ’«πŸ› οΈ

🌸 MY github Repo : - [https://github.com/khushikumari239/Express-APP.git]

🚨 What’s Next?
This was Part 01 of my backend chaos β€” stay tuned for:

πŸ–ΌοΈ Frontend integration
🌿 Real-time form handling
πŸƒ And starting MongoDB (finally unlocking the M in MERN 😭)

Let me know if you vibed with this post (or if Postman scarred you too).
Until then β€” more bugs, more doodles, and more dev girly energy πŸ’…βœ¨

With πŸ’» & β˜€οΈ,
Khushiii❀️

raw and real. just me to you 🌼

Top comments (0)