Registration Controller

[00:00:00]
>> Speaker 1: All right, now let's make our controllers to sign people up Let's do that So what we're going to do is go to our code, we're going to make some controllers Inside our source folder, we'll make a new folder called Controllers You might hear these called handlers

[00:00:00]
I switch between the two I just landed on controllers this time for some reason that's what I was using the last few months We're going to make a new one called the Auth Controller And inside of here, these controllers are the handlers that go inside our routes that we made in Express

[00:00:00]
So when this route happens, run this function—this function is a controller We want to make the one for sign up So when someone goes to `//api/auth/register` and they do a POST request to that, we want this function to run, the one we're about to write

[00:00:00]
Let's do that We're going to import types from Express so we can say `request`, `response` We're going to import bcrypt We'll import our database connection and the users from the database schema We'll say `export const register` because this is a handler for Express

[00:00:00]
It's going to take in the request and the response We can type check these as well Inside here, I'm going to do a try-catch We'll do the code in a second, but for now let's just set up this error handling We need to create the JSON Web token functionality and password hashing, and then we'll come back and finish this

[00:00:00]
For now, I'll just capture any errors If there was an error during registration, I'll log the error If something happens here, if this function ran and there was an error, I'm going to set this to a 500 status code, indicating there's something wrong with our system

[00:00:00]
The only other scenario where this isn't our fault is if the database throws an error because someone tried to sign up with an email that was already registered In that case, it would probably be a 400 status code We can detect this because the database will throw a specific error code for duplicate entries

[00:00:00]
This is why it's great to do validation ahead of time If the register function is running, that means all the other checks and middleware passed This allows me to make assumptions in the controller, which makes the code much easier to write and lighter

[00:00:00]
Without those checks and middleware, you'd be writing endless validation if-statements everywhere We'll come back to this We need to write our utility functions for password hashing and JSON Web tokens For the hashing, it's pretty simple We'll make a new file called `passwords` in a `utils` folder

[00:00:00]
I usually have a utils folder for random helper functions We'll import bcrypt and our environment variables We'll export an async function called `hashPassword` It's important to make this async to prevent timing attacks, where attackers might measure hashing time to gain insights

[00:00:00]
The function will use bcrypt to hash the password with a specified number of rounds from our environment configuration.