We started this chapter by installing and configuring the Passport middleware for Node.js. Passport provides us with a framework for authentication, including creating new users, logging in, and securing specific routes. We then built out local authentication strategies for logging in and signing up.

We created routes and view templates for logging in and signing up, and redirected successful attempts to our main dashboard URL. We were able to reduce database lookups by relying on Passport caching our user in-session.

Finally, we enhanced the security of our application by using Helmet to add security headers to requests, and using csurf to mitigate CSRF attempts. We closed by discussing a few additional security concerns when moving the ...