Develop authentication endpoints for the backend web server, including "/auth/login" and "/auth/register". These endpoints will handle user authentication processes such as user registration, user login, and session management.
Implementation Details
Create auth file which contains methods for user registration and user login.
Registration method should validate input, hash passwords, and store user details in the database.
Login method should validate input, compare hashed passwords, and create a session for the authenticated user.
Use middleware for validating incoming data using a library like express-validator.
Ensure proper error handling for cases such as user already exists, incorrect credentials, etc.
Implement express-cookie for session management. Upon successful login, the server should issue a cookie to the client.
Use environment variables to store sensitive information such as secret keys.
Design
Create auth.js in the routes directory within the backend module.
Implement register(req, res) and login(req, res) methods.
Use passport.js for handling user authentication with cookie strategy.
Tasks
Create auth.js and set up routes for "/auth/login" and "/auth/register".
Create register and login methods.
Implement input validation in the methods.
Set up Passport with the local strategy in passport.js.
Expected Output
The registration endpoint (/auth/register) accepts user details, performs validation, stores the new user in the database, and returns a success message.
The login endpoint (/auth/login) accepts user credentials, performs validation, checks credentials against the database, and returns a cookie upon successful authentication.
Acceptance Criteria
The endpoints must be tested and verified to handle user registration and login correctly.
Passwords must be hashed before storing them in the database.
Cookies must be issued to clients upon successful authentication.
Proper validation and error handling must be in place for both endpoints.
The implementation must follow security best practices to prevent common vulnerabilities.
Task Description
Develop authentication endpoints for the backend web server, including "/auth/login" and "/auth/register". These endpoints will handle user authentication processes such as user registration, user login, and session management.
Implementation Details
Create auth file which contains methods for user registration and user login. Registration method should validate input, hash passwords, and store user details in the database. Login method should validate input, compare hashed passwords, and create a session for the authenticated user. Use middleware for validating incoming data using a library like express-validator. Ensure proper error handling for cases such as user already exists, incorrect credentials, etc. Implement express-cookie for session management. Upon successful login, the server should issue a cookie to the client. Use environment variables to store sensitive information such as secret keys.
Design
Create auth.js in the routes directory within the backend module. Implement register(req, res) and login(req, res) methods. Use passport.js for handling user authentication with cookie strategy.
Tasks
Create auth.js and set up routes for "/auth/login" and "/auth/register". Create register and login methods. Implement input validation in the methods. Set up Passport with the local strategy in passport.js.
Expected Output
The registration endpoint (/auth/register) accepts user details, performs validation, stores the new user in the database, and returns a success message. The login endpoint (/auth/login) accepts user credentials, performs validation, checks credentials against the database, and returns a cookie upon successful authentication.
Acceptance Criteria
The endpoints must be tested and verified to handle user registration and login correctly. Passwords must be hashed before storing them in the database. Cookies must be issued to clients upon successful authentication. Proper validation and error handling must be in place for both endpoints. The implementation must follow security best practices to prevent common vulnerabilities.
Screenshots