priyam-03
commented
11 months ago Hi @Nayaker I am interested in this issue
Closed NayakPenguin closed 11 months ago
priyam-03
commented
11 months ago Hi @Nayaker I am interested in this issue
NayakPenguin
commented
11 months ago Amazing work @priyam-03
Issue Description:
We currently have Google Signup and Signin functionalities, along with a fully operational backend. However, we want to enhance our security measures and ensure that users can only perform certain tasks if they are authenticated. The primary tasks include securing user tokens for 24 hours, storing tokens as cookies (not in local storage), and restricting the use of the POST method on a specific page only to authenticated users.
Issue Details:
Secure User Token for 24 Hours: Ensure that when a user logs in, their authentication token remains valid and secure for 24 hours from the time of login.
Store Token as a Cookie: Instead of local storage, implement token storage as cookies for enhanced security.
Restrict POST Method Access: Specifically, restrict the use of the POST method to the following page: Page Route: /create-problem-list/sheet-dashboard/:sheetId React Element:
Additional Information:
We need to review and update our frontend and backend code to implement these security measures effectively. Ensure that token expiration and cookie storage are well-documented and accessible for further reference. Review and update user authentication flow as necessary to align with the 24-hour token validity. Consider security best practices while implementing these changes to protect against common vulnerabilities, such as Cross-Site Request Forgery (CSRF) attacks. Expected Outcome:
Users' tokens should be secure for 24 hours. Tokens should be stored as cookies instead of local storage. The POST method should only be accessible to authenticated users on the specified page route.