0

I am building a user register system. the logic is

  1. user input username and password
  2. if username has been in db, login
  3. if not, register this provided username and password.

my current code looks like this:

//controller.js
const login = (req, res) => {
    get username and password from req.body;
    const result = lookUpDB using username;
    if (result) {
        //do login in: password verification, etc
    } else {
        //do register: add new username and password to db
    }
}

and in my app.js i did:

import {login} from "controller.js"
app.post("/login", login);

However, prof said login should not use post, because post means create. so my thoughts are change my controller js to :

const user = (req, res) => {
    get username and password from req.body;
    const result = lookUpDB using username;
    if (result) {
        // will return something likle this: return res.status(200).json(msg:"found user");
    } else {
        // will return something likle this: return res.status(404).json(msg:"not found user");
    }
}
const register = (req, res) => {
    //register
}
const login = (req, res) => {
    //login
}

and in app.js:

import {user,register,login} from "controller.js"
app.get("/login", user);
if (status code is 200) {
    app.get("/login", login);
} else if (code is 404) {
    app.post("/login", register);
}

Is there any way to achive this?

Thank you so much!

Estban X
  • 1
  • 1
  • There are conventions but you should opt to create account as a fallback into login endpoint, i really cant see any problems. POST - is a request where you package a request to dealing with create autentication requests PUT - when you will modify somethig such as "edit user" DELETE - when you will remove something. – Aloiso Junior Sep 19 '22 at 18:33

1 Answers1

0

Generally GET requests don't have a body. Technically you can add a body but I just find it weird (Read more about it here) All the required data is passed in the params.

I'm not sure why are you trying to follow this design flow of login unsuccessful -> register user.

You should be isolating these two events. If authentication fails, display error username/password is incorrect then user can sign up via a dedicated link that would send a POST request to create the user.

Generally even login (authentication) is done via POST because you want to securely send the user entered password to backend rather than sending it in Params

GET is generally used to fetch items (and query params is used to apply filters)

You are POSTing to the server to authenticate if the user credentials are valid or not.

But to entertain your possibility of authenticating user using GET you should send the data in params and from there on your first implementation would work

BEWARE THIS IS JUST FOR TESTING PURPOSE, NEVER SEND SENSITIVE INFORMATION OVER PARAMS

//controller.js
const login = (req, res) => {
    get username and password from req.params;
    const result = lookUpDB using username;
    if (result) {
        //do login in: password verification, etc
    } else {
        //do register: add new username and password to db
    }
}

app.js

import {login} from "controller.js"
app.get("/login/:username/:password", login);
Shivam
  • 3,514
  • 2
  • 13
  • 27