The website has account features but they were disabled when the website first launched until we got a TLS certificate. So the important part of this PR is just enabling uncommented client code. For the other changes:
I updated the JWT to HS512 since it's more secure than the default HS256
I extended the JWT to have a 30h token (1 day plus a 6 hour buffer) instead of the previously very restrictive 1 hour
I added some explicit variables in case the defaults change on the jsonwebtoken package
I added a privileges field that will query the currently not-in-use priv field on the accounts table. I am planning for it to be used to give certain users on the website administrative functions.
Commented out the "New Account" button on the accounts tab (The API endpoint is currently intentionally short circuited)
Updated ts-node-dev that was showing an error when trying to npm i
Added a missing forward slash in a route on the client
Testing
Logged in and out 2 times.
Examined the network tab in the developer console and exampled my JWT payload
Clicked changed email and change password and canceled (did not execute requests)
Description
The website has account features but they were disabled when the website first launched until we got a TLS certificate. So the important part of this PR is just enabling uncommented client code. For the other changes:
jsonwebtokenpackageprivilegesfield that will query the currently not-in-useprivfield on theaccountstable. I am planning for it to be used to give certain users on the website administrative functions.ts-node-devthat was showing an error when trying tonpm iTesting