-1

I am trying to build a Node.js server-side signup function for user authentication. The data for the user is being sent via "req.body" and the authentication database is provided by Appwrite.

The signup function should:

  1. Create a user with the credentials provided in the request body.
  2. Return the user details, such as the username and email.
  3. Generate and return a token (cookie/JWT)

I am encountering issues with the Appwrite documentation and would appreciate guidance on building this function.

When trying to POST a new user using the Users API, an error of

createJWT is not a function

is produced, and when using the Account API, an error of

User (role: guests) missing scope (account)

is produced.

Here's the code I have:

const sdk = require('node-appwrite')

const client = sdk.Client()
client
  .setEndpoint(endpoint)
  .setProject(projectId)
  .setKey('...')

const users = sdk.Users(client)

async function signup(req, res) {
    try {
       const { email, username } = req.body
       let { password } = req.body
    
       password = await bcrypt.hash(password, SALT_ROUNDS) 
       const result = await users.createBcryptUser("unique()", email, password, username)           

       // Create a token
       // Combine data

       res.send(userWithToken)
    } catch (err) {

       error('Failed to signup', err)
       throw new Error(err)
    }
}
TylerH
  • 20,799
  • 66
  • 75
  • 101
Nave Achia
  • 67
  • 4
  • How come you're doing this in node rather than client side? – Steven Nguyen Feb 07 '23 at 18:46
  • After numerous attempts, I decided that my client will handle authentication functions and send a JWT to the backend. The 'node-appwrite' client sets the JWT upon receipt. However, this structure appears to be flawed as all database CRUD operations are handled solely by the backend, and separating both the services (Authentication and Database) seems incorrect. – Nave Achia Feb 07 '23 at 19:33
  • People typically make authentication and database API calls client side. That's why I'm trying to understand your requirement for doing the sign up server side. – Steven Nguyen Feb 07 '23 at 21:55
  • To be honest, I am familiar with working in this manner in MongoDB and MySQL, so this mindset has carried over as I attempted to create my current app. – Nave Achia Feb 08 '23 at 11:19
  • 1
    In those scenarios, you have privileged access to the database to create, read, update, or delete records and you don't want to expose the credentials used for that privileged access. That's why you would create a backend server. In the case of using Appwrite, Appwrite **is** the backend server, so you may not need to create another one. You can create your front end app and use the client SDKs to connect directly to Appwrite. – Steven Nguyen Feb 09 '23 at 23:24
  • Your explanation of the use case is clear. I appreciate your help! – Nave Achia Feb 10 '23 at 00:42

1 Answers1

0

The Users API is intended to be used in an admin perspective rather than as a user. You can use the Account API to execute things on behalf of a user, but the JWT token is typically generated client side and passed to the server, where you can call client.setJWT().

Steven Nguyen
  • 452
  • 4
  • 4