Backend User Authentication in Nuxt | Full-Stack Web Dev #10
2This is Episode #10 of my Nuxt Full-Stack Web Development series.
In this video, we take a major step forward by adding backend authentication to our Nuxt app.
You’ll learn how to build secure server endpoints for user registration and login, implement bcrypt password hashing, and validate user credentials all directly within your /server/api directory.
We’ll walk through:
Setting up /register and /login API routes
Hashing passwords securely with bcrypt
Validating user credentials on login
Returning structured JSON responses
Understanding authentication flow in a full-stack Nuxt app
By the end, you’ll have a fully functional backend authentication system, a foundation for any secure app.
Subscribe to keep following the series as we continue expanding this project step by step.
00:00 – Intro to authentication
00:34 – Creating the users table in the schema
01:07 – Running Drizzle migrations
01:45 – Verifying database tables
02:00 – Setting up the /api/auth folder
02:20 – Creating the /register.post.ts endpoint
03:10 – Understanding POST requests and event handlers
03:40 – Reading request body data (username & password)
04:10 – Handling missing fields with errors and status codes
05:10 – Installing and explaining bcrypt for hashing passwords
06:00 – Why password hashing and salting matter
07:20 – Hashing user passwords with bcrypt-ts
08:00 – Inserting users into the database securely
09:00 – Testing /register with Bruno (API testing tool)
10:30 – Verifying database insertion and bcrypt hash
11:10 – How bcrypt validation works
11:50 – Creating the /login.post.ts endpoint
12:20 – Fetching user records by username
13:00 – Handling missing users (404 error)
13:40 – Comparing hashed passwords with bcrypt compare
14:20 – Handling invalid login credentials (401 unauthorized)
14:50 – Returning a success response
15:20 – Testing login and invalid passwords in Bruno
16:10 – Summary: backend authentication complete
16:30 – What’s next (JWT tokens & frontend auth in next episode)00:00 – Intro to authentication
00:01 – What is authentication and why build it yourself
00:34 – Creating the users table in the schema
01:07 – Running Drizzle migrations
01:45 – Verifying database tables
02:00 – Setting up the /api/auth folder
02:20 – Creating the /register.post.ts endpoint
03:10 – Understanding POST requests and event handlers
03:40 – Reading request body data (username & password)
04:10 – Handling missing fields with errors and status codes
05:10 – Installing and explaining bcrypt for hashing passwords
06:00 – Why password hashing and salting matter
07:20 – Hashing user passwords with bcrypt-ts
08:00 – Inserting users into the database securely
09:00 – Testing /register with Bruno (API testing tool)
10:30 – Verifying database insertion and bcrypt hash
11:10 – How bcrypt validation works
11:50 – Creating the /login.post.ts endpoint
12:20 – Fetching user records by username
13:00 – Handling missing users (404 error)
13:40 – Comparing hashed passwords with bcrypt compare
14:20 – Handling invalid login credentials (401 unauthorized)
14:50 – Returning a success response
15:20 – Testing login and invalid passwords in Bruno
16:10 – Summary: backend authentication complete
16:30 – What’s next (JWT tokens & frontend auth in next episode)