Create user authentication / sign up endpoints

[KieranVieira]

Tech:

• Bcrypt
• JWT

Instructions:

• [x] Create POST endpoint to /api/users that takes in x body and creates a user
• [x] Create POST endpoint to /api/users/login that takes in x body and returns authentication token
• [x] Create GET endpoint to /api/users/:userId that returns user information
• [x] Create PUT endpoint to /api/users/:userId that updates user information
• [x] Create auth middleware that takes token as header and processes token validity / resolves with error if token is invalid

[reevesabbas]

Outline:

• in the req.body we need user's: username, email, encrypted password. Since no db yet, store locally.
• Handle cases for when username, email, pw != requirements. Or field not entered.
• use bcrypt to check if password is correct, then give authentication token.

[reevesabbas]

second POST route:

• use email to find user and verify pw.
• create and return authorization token thru jwt package.

[reevesabbas]

auth middlware:

• takes in token from the request header
• handle cases for when:
  • token in header == undefined
  • valid token, but incorrect one.
  • user has valid token to view designated sensitive information
    • in this case, call next()

[reevesabbas]

Note to KR: Error handling is top priority, must handle all cases. Imagine third party looking at code, they need to know what is expecting at certain points in the code for it to work. In some cases error handling is kept vague to prevent sensitive information from being gathered (logging in messages)

[kaydengrant]

GET route:

• use req.params to find user (since already authed by middleware)
• response with json body of user information

[KieranVieira]

GET route:

• use req.params to find user (since already authed by middleware)
• response with json body of user information

You sure about that?

[KieranVieira]

Lets circle back on this in T minus 3 hours

[reevesabbas]

GET route:

• use req.params to find user (since already authed by middleware)
• response with json body of user information

You sure about that?

WHAT DOES THIS MEAN?

[reevesabbas]

PUT req:

• Retrieve user row through findOneOrFail on userId
• Check for updated information in request body, and update it.
  • Don't allow information to be updated if user trying to make it the same thing?
    • nvm
  • if new password sent in request, encrypt it and update it.
  • if new email sent in request, ensure it is unique (done automatically by typeorm??)
• await user.save()
• respond only with updated fields in json body.