Skip to content
/ HEA-B Public
forked from ozohn/HEA-B

H-SENS server repository

0 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

pdvonzoo/HEA-B

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

198 Commits
model
model
 
 
src
src
 
 
.babelrc
.babelrc
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
nodemon.json
nodemon.json
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
server.js
server.js
 
 
util.js
util.js
 
 

Repository files navigation

##HEA-B

H-SENS server repository

Terms

  • Authentication

    • Who are you?
    • signing in / signing out/ verifying passwords

  • Authorization

    • Who can see what
    • Permissions / Access Control

  • Form-based

    • email/password stored in DB

  • OAuth

    • Login w/ Facebook, Twitter, Github, Google

  • Single Sign-On

    • OneLogin
    • Enterprise systems

  • Many more...

Synonyms

"Signup" === "Sign up" === "Register" === "Join" === "Create Account" "Signin" === "Sign in" === "Log in" === "Login" "Signout" === "Sign out" === "Log out" === "Logout"

Signing Up

client --(HTTP POST)--> Server

POST /signup HTTP/1.1 Host: www.example.org

email=[email protected]&password=pass

server --(some code)--> DateBase

Users().where({ email: '[email protected]' })

// watching tom scott hashing password

  • Check that the email is not in use
  • Hash the user's password(w/ BCrypt)
  • Store the email / hashed password in the database

Signing In

Auth for Newbs(Check List)

Add JWT-based authentication to a Node/Express/Mongo app

Authentication

  • Create Server
  • Add auth router
  • Create user with POST /auth/signup
    • validate required fields
    • Check if email is unique
    • hash password with bcrypy
    • insert into db
  • Login user with POST /auth/login
    • check if email in db * [ ] compare password with hashed password in db * [ ] Create and sign a JWT * [ ] Respond with JWT
  • Create login form; show errors; redirect;
    • validate required fields
  • Create sign up form; show errorsl redirect;
    • Validate required fields

Authorization

  • Visitors can only see the homepage
    • isLoggedIn middlewate
      • Validate JWT in header
        • set req.user to be JWT payload
      • send an unauthorized error message
    • redirect to login form
  • Logged in users can only see their page
    • allowAccess middleware
      • id in url must match id in req.user
      • send an unauthorized error message
    • redirect to user page if they visit the homepage
      • set user_id in localStorage after login/signup
  • Add Get /auth/logout to clear user_id cookie
    • redirect to login page

STRETCH

Admin Page:

  • Admin page that lists all users
    • admin table with user_id
    • de-activate users
  • Admin can see any page on site
  • Rate limiting
    • Prevent brute force logins

About

H-SENS server repository

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • JavaScript 100.0%