Docs

Appearance

7: Adding User Accounts

7.1: Password Authentication

Meteor already comes with a basic authentication and account management system out of the box, so you only need to add the accounts-password to enable username and password authentication:

shell
meteor add accounts-password

There are many more authentication methods supported. You can read more about the accounts system here.

We also recommend you to install bcrypt node module, otherwise, you are going to see a warning saying that you are using a pure-Javascript implementation of it.

shell
meteor npm install --save bcrypt

You should always use meteor npm instead of only npm so you always use the npm version pinned by Meteor, this helps you to avoid problems due to different versions of npm installing different modules.

7.2: Create User Account

Now you can create a default user for our app, we are going to use meteorite as username, we just create a new user on server startup if we didn't find it in the database.

js
import { Meteor } from 'meteor/meteor';
import { Accounts } from 'meteor/accounts-base'; 
import { TasksCollection } from '/imports/api/TasksCollection';
import "../imports/api/TasksPublications";
import "../imports/api/TasksMethods";

const SEED_USERNAME = 'meteorite'; 
const SEED_PASSWORD = 'password'; 

Meteor.startup(async () => {
  if (!(await Accounts.findUserByUsername(SEED_USERNAME))) { 
    await Accounts.createUser({ 
      username: SEED_USERNAME, 
      password: SEED_PASSWORD, 
    }); 
  } 

  ...
});

You should not see anything different in your app UI yet.

7.3: Login Form

You need to provide a way for the users to input the credentials and authenticate, for that we need a form.

Our login form will be simple, with just two fields (username and password) and a button. You should use Meteor.loginWithPassword(username, password); to authenticate your user with the provided inputs.

Create a new component Login.svelte in imports/ui/:

html
<script>
  import { Meteor } from 'meteor/meteor';

  let username = '';
  let password = '';

  async function login(event) {
    event.preventDefault();
    await Meteor.loginWithPassword(username, password);
  }
</script>

<form class="login-form" on:submit={login}>
  <div>
    <label for="username">Username</label>
    <input
      type="text"
      placeholder="Username"
      name="username"
      required
      bind:value={username}
    />
  </div>

  <div>
    <label for="password">Password</label>
    <input
      type="password"
      placeholder="Password"
      name="password"
      required
      bind:value={password}
    />
  </div>
  <div>
    <button type="submit">Log In</button>
  </div>
</form>

Be sure also to import the login form in App.svelte.

html
<script>
  import { Meteor } from "meteor/meteor";
  import { TasksCollection } from "../api/TasksCollection";
  import "/imports/api/TasksMethods";
  import Task from "./Task.svelte";
  import Login from "./Login.svelte"; 

  // ... rest of the script
</script>

<!-- markup will be updated in next steps -->

Ok, now you have a form, let's use it.

7.4: Require Authentication

Our app should only allow an authenticated user to access its task management features.

We can accomplish that by rendering the Login component when we don’t have an authenticated user. Otherwise, we render the form, filter, and list.

To achieve this, we will use a conditional block in App.svelte:

html
<script>
  import { Meteor } from "meteor/meteor";
  import { Tracker } from "meteor/tracker";
  import { onMount, onDestroy } from "svelte";
  import { TasksCollection } from "../api/TasksCollection";
  import "/imports/api/TasksMethods";
  import Task from "./Task.svelte";
  import Login from "./Login.svelte";

  let newTask = '';
  let hideCompleted = false;

  // Reactive state
  let currentUser = null;
</script>

<div class="app">
  <header>
    <div class="app-bar">
      <div class="app-header">
        <h1>📝️ To Do List {incompleteDisplay}</h1>                  
      </div>
    </div>
  </header>

  <div class="main">
    {#if currentUser} <!-- // -->
      <form class="task-form" on:submit={addTask}>
        <input type="text" placeholder="Type to add new tasks" bind:value={newTask} />
        <button type="submit">Add Task</button>
      </form>

      <div class="filter">
        <button on:click={toggleHideCompleted}>
          {#if hideCompleted}
            Show All
          {:else}
            Hide Completed
          {/if}
        </button>
      </div>

      <ul class="tasks">
        {#if subIsReady}
          {#each tasks as task (task._id)}
            <Task {task} />
          {/each}
        {:else}
          <div>Loading ...</div>
        {/if}
      </ul>
    {:else} <!-- // -->
      <Login /> <!-- // -->
    {/if} <!-- // -->
  </div>
</div>

As you can see, if the user is logged in, we render the whole app (currentUser is truthy). Otherwise, we render the Login component.

7.5: Login Form style

Ok, let's style the login form now:

css
.login-form {
  display: flex;
  flex-direction: column;
  height: 100%;

  justify-content: center;
  align-items: center;
}

.login-form > div {
  margin: 8px;
}

.login-form > div > label {
  font-weight: bold;
}

.login-form > div > input {
  flex-grow: 1;
  box-sizing: border-box;
  padding: 10px 6px;
  background: transparent;
  border: 1px solid #aaa;
  width: 100%;
  font-size: 1em;
  margin-right: 16px;
  margin-top: 4px;
}

.login-form > div > input:focus {
  outline: 0;
}

.login-form > div > button {
  background-color: #62807e;
}

Now your login form should be centralized and beautiful.

7.6: Server startup

Every task should have an owner from now on. So go to your database, as you learned before, and remove all the tasks from there:

db.tasks.remove({});

Change your server/main.js to add the seed tasks using your meteorite user as owner.

Make sure you restart the server after this change so Meteor.startup block will run again. This is probably going to happen automatically anyway as you are going to make changes in the server side code.

js
...

  const user = await Accounts.findUserByUsername(SEED_USERNAME);

  if ((await TasksCollection.find().countAsync()) === 0) {
    [
      "First Task",
      "Second Task",
      "Third Task",
      "Fourth Task",
      "Fifth Task",
      "Sixth Task",
      "Seventh Task",
    ].forEach((taskName) => {
      Meteor.callAsync("tasks.insert", {
        text: taskName,
        createdAt: new Date(),
        userId: user._id
      });      
    });
  }

...

See that we are using a new field called userId with our user _id field, we are also setting createdAt field.

7.7: Task owner

First, let's change our publication to publish the tasks only for the currently logged user. This is important for security, as you send only data that belongs to that user.

js
import { Meteor } from "meteor/meteor";
import { TasksCollection } from "./TasksCollection";

Meteor.publish("tasks", function () {
  let result = this.ready();
  const userId = this.userId;
  if (userId) {
    result = TasksCollection.find({ userId });
  }

  return result;
});

Now let's check if we have a currentUser before trying to fetch any data. Update the reactive tasks and incompleteCount to only run if logged in:

html
<script>
  // ... other imports and code

  // Reactive state
  let handle;
  let subIsReady = false;
  let currentUser = null;
  let tasks = [];
  let incompleteCount = 0;

  let computation;

  $: incompleteDisplay = incompleteCount > 0 ? `(${incompleteCount})` : '';

  onMount(() => {
    handle = Meteor.subscribe("tasks");

    computation = Tracker.autorun(() => {
      subIsReady = handle.ready();
      currentUser = Meteor.user();

      if (currentUser) {
        const filter = hideCompleted ? { isChecked: { $ne: true } } : {};
        tasks = TasksCollection.find(filter, { sort: { createdAt: -1, _id: -1 } }).fetch();
        incompleteCount = TasksCollection.find({ isChecked: { $ne: true } }).count();
      } else {
        tasks = [];
        incompleteCount = 0;
      }
    });

    return () => {
      computation?.stop?.();
      handle?.stop?.();
    };
  });

  onDestroy(() => {
    computation?.stop?.();
    handle?.stop?.();
  });
</script>

<!-- markup remains the same -->

Also, update the tasks.insert method to include the field userId when creating a new task:

js
...
Meteor.methods({
  "tasks.insert"(doc) {
    const insertDoc = { ...doc };
    if (!('userId' in insertDoc)) {
      insertDoc.userId = this.userId;
    }
    return TasksCollection.insertAsync(insertDoc);
  },
...

7.8: Log out

We can also organize our tasks by showing the owner’s username below our app bar. Let’s add a new div where the user can click and log out from the app:

html
...
  <div class="main">
    {#if currentUser}
      <div class="user" on:click={() => Meteor.logout()}> <!-- // -->
        {currentUser.username} 🚪 <!-- // -->
      </div> <!-- // -->

      ...

Remember to style your username as well.

css
.user {
  display: flex;

  align-self: flex-end;

  margin: 8px 16px 0;
  font-weight: bold;
  cursor: pointer;
}

Phew! You have done quite a lot in this step. Authenticated the user, set the user in the tasks, and provided a way for the user to log out.

Your app should look like this:

In the next step, we are going to learn how to deploy your app!