When setting up users for an app there are two things we need to consider:
- Who is the user? This is authentication.
- Given who the user is, what are they able to do/access? This is authorization.
To deal with the first, authentication, we need to set up the following routes. It is very common to put all of these into a router and have that handle an /auth
path (profile works too, I'd just already written this).
- GET
/register
(show the form for sign-up; don't need this route if the form is on another page) - POST
/register
(checks user info, creates a user, and starts a session) - GET
/login
(shows form for login; again, don't need if this is on a different page)