We have no user authentication system, so every session of the website looks identical regardless of who is using it. Also, this means that every page is accessible to every user, not just registered users.
Solution:
Implement user authentication using JWT (JSON Web Token) and Passport (session-based user authentication that stores information in the browser localstorage). Expose API endpoints for user login and registration that can be called from the frontend.
Testing:
The API endpoints were tested using Postman, a tool that can send HTTP requests with specified payloads and displays the response payload. The cloud database was also checked to ensure that the data was sent properly to the MongoDB instance. Additionally, subsequent registration and login were tested to ensure that once a user registers, they are able to login and receive an authentication token for use throughout the site.
Notes:
In order to use this properly, the config.js that is not tracked by git needs to be updated with a secretOrKey that can be used for JWT.
This utilized Part 1 of the tutorial that is linked in the associated Issue. Parts 2/3 will be used for integration with the frontend.
npm modules were added to the backend, so make sure to run npm i before running the server
Problem:
We have no user authentication system, so every session of the website looks identical regardless of who is using it. Also, this means that every page is accessible to every user, not just registered users.
Solution:
Implement user authentication using JWT (JSON Web Token) and Passport (session-based user authentication that stores information in the browser localstorage). Expose API endpoints for user login and registration that can be called from the frontend.
Testing:
The API endpoints were tested using Postman, a tool that can send HTTP requests with specified payloads and displays the response payload. The cloud database was also checked to ensure that the data was sent properly to the MongoDB instance. Additionally, subsequent registration and login were tested to ensure that once a user registers, they are able to login and receive an authentication token for use throughout the site.
Notes:
config.js
that is not tracked by git needs to be updated with asecretOrKey
that can be used for JWT.npm i
before running the serverCloses #12