Develop an authentication system for SoulSync using JSON Web Tokens (JWT). This system will secure the platform by validating and managing user access. The implementation will include two key endpoints: login and signup. Upon successful authentication, the system will respond with a token that users can use to access protected resources.
Detailed Requirements:1. Endpoints to Implement:
- Signup Endpoint:
Allow new users to register on the platform.
Validate input fields (e.g., email, password, and additional user details).
Hash the password securely before storing it in the database.
Respond with a JWT token upon successful registration.
- Login Endpoint:
Authenticate existing users by validating their email and password.
If credentials are valid, generate and return a JWT token.
If credentials are invalid, respond with an appropriate error message.
2. Authentication Flow:
- Signup:
User submits registration details (e.g., name, email, password, role).
Backend checks for existing accounts with the same email.
If unique, hashes the password (e.g., using bcrypt) and stores the user data in the database.
Generates a JWT token containing the user’s unique ID and role.
Responds with the token and a success message.
- Login:
User submits login credentials (email and password).
Backend checks if the user exists and validates the password.
If valid, generates a JWT token.
Responds with the token and a success message.
If invalid, returns an error response.
3. JSON Web Token (JWT):
Use JWT for stateless authentication.
Include the following claims in the token payload:
userId: Unique identifier for the user.
role: Role of the user (e.g., mentor or mentee).
iat (Issued At): Timestamp of token creation.
exp (Expiration): Token expiration time to ensure security.
Sign the token with a secure secret key (stored securely in environment variables).
4. Security Considerations:
Password Hashing: Use a strong algorithm like bcrypt to hash passwords.
Token Validation: Protect sensitive endpoints by verifying JWTs. Reject invalid or expired tokens.
Rate Limiting: Implement rate limiting to prevent brute-force attacks on the login endpoint.
Environment Variables: Store sensitive information (e.g., secret keys) in environment variables.
5. Error Handling:
Provide clear and secure error messages:
Invalid credentials for login.
Email already exists for signup.
Token expired or invalid for protected routes.
Testing:
Write unit tests for:
Successful and unsuccessful login/signup scenarios.
Token generation and validation.
Test the authentication flow using tools like Postman or Rest client.
Expected Deliverables:
Fully functional login and signup endpoints.
JWT token generation and validation system.
Code integrated into the backend and tested for security and performance.
Develop an authentication system for SoulSync using JSON Web Tokens (JWT). This system will secure the platform by validating and managing user access. The implementation will include two key endpoints: login and signup. Upon successful authentication, the system will respond with a token that users can use to access protected resources.
Detailed Requirements: 1. Endpoints to Implement:
- Signup Endpoint:
- Login Endpoint:
2. Authentication Flow:
- Signup:
- Login:
3. JSON Web Token (JWT):
Use JWT for stateless authentication.
Include the following claims in the token payload:
Sign the token with a secure secret key (stored securely in environment variables).
4. Security Considerations:
5. Error Handling:
Testing:
Write unit tests for:
Expected Deliverables: