Add JWT-based authentication to a Node/Express/Mongo app.
- Create Server
- Add auth router
- Create user with POST /auth/signup
- validate required fields
- Check if username is unique
- hash password with bcrypt
- insert into db
- Create Landing Page
- Link to Sign Up Page
- Create Sign Up Page
- Form with: username and password
- When form is submitted
- Validate username
- Display errors
- Validate password
- Display errors
- POST request to server
- Display errors
- If succesful sign up
- Redirect to login page
- Validate username
- Login user with POST /auth/login
- validate the user
- check if username in db
- compare password with hashed password in db
- Create and sign a JWT
- Respond with JWT
- Create Login Page
- Form with: username and password
- When form is submitted
- Validate username
- Display errors
- Validate password
- Display errors
- POST request to server /auth/login
- Display errors
- If succesful login
- Store the token in localStorage
- Redirect to the "dashboard"
- Validate username
- If a logged in user visits the signup or login page, redirect them to the dashboard
- If a non logged in user visits the dashboard, redirect to the login page
- After sign up, immediately login
- Show username on dashboard
- On homepage, show go to dashboard button instead of signup/login button
- If logged in:
- Show logout button in header
- Show user icon and username in header
- Visitors can only see the homepage
- checkTokenSetUser middleware
- get token from Authorization header
- if defined ---
- Verify the token with the token secret
- Set req.user to be the decoded verified payload
- else - move along
- if defined ---
- get token from Authorization header
- isLoggedIn middleware
- if req.user is set - move along
- else - send an unauthorized error message
- redirect to login form
- checkTokenSetUser middleware
- Logged in users can only see their page
- Create notes form on client
- Title
- Description
- POST /api/v1/notes
- Must be logged in
- Logged in Users Can Create Notes
- Title
- Description -- markdown
- Set user_id on server with logged in users id
- GET /api/v1/notes
- Must be logged in
- Logged in Users Can request all their notes
- Get all notes in DB with logged in users user_id
- List all notes on client
- Render description with Markdown
- Store date of note in DB
- Sort notes by date created.
- View user profile
- Users can mark notes as public
- Notes show up on profile
- Admin page that lists all users
- admin table with user_id
- de-activate users
- Admin can see any page on site
- Rate limiting
- Prevent brute force logins
- Lock out account after too many login attempts
- Prevent brute force logins
- Password strength meter!
- reCaptcha for signup/login
- Password reset with email
- Forgot password
- Reset with email
- Reset by answering security questions
- Testing...
- Move the server package.json to the root of the folder
- Update start script for server to be a relative path
- post-deploy script to server that will build Vue.js
- Add a static serve to the server that serves '../client/dist'
- Environment variable for DB connection and token secret
- Update calls in client from localhost:5000 to be your-app.herokuapp.com
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent