Creating Sign up and login routes and controller

Girl-Code-It / Opportunity-Calendar-Backend

Opportunity Calendar is the one-stop place to refer important opportunities available in tech-space like newly posted jobs, internships, hackathons, tech-conferences, scholarships, etc.

https://opportunity-calendar.herokuapp.com/

MIT License

15 stars 30 forks source link

Creating Sign up and login routes and controller #5

Closed udaymittal7 closed 3 years ago

udaymittal7 commented 3 years ago

I would like to work on creating the sign up and login routes and controller for this project as a participant of GSSOC'21. Please assign this to me and add the relevant tags.

abdus commented 3 years ago

It would be great if we split this issue into two.

implement SignUp
implement SignIn

Aryaman1706 commented 3 years ago

Hey @abdus ! I would love to work on this!

Ideas

Multiple auth strategies like GitHub, Google, and email/phone number.
We can use passport but if we want to inculcate more scopes then we can use API offered by respective platforms like google's people API gives a ton of information like phone number, birthday, organizations, etc (complete list here)
We can maintain cookie sessions stored in a Redis store rather than in memory with proper secret and TTL.
Appropriate email/phone number verification using some sort of mailing and SMS services like SendGrid or nodemailer.
Restricting users from making too many unsuccessful attempts. We can do this either going way simple and using express-rate-limiter or we can go with the token bucket approach.
Checking appropriate CSRF token with each login/signup request.

I would love to discuss it further.

udaymittal7 commented 3 years ago

@abdus Yes, we can split it. I am up for any of those. Should I create different issues for them separately? Someone else can take the other.

abdus commented 3 years ago

@Aryaman1706 thanks for the input. it helps! @udaymittal7 sure. go ahead and split it into two issues. You can work on one and @Aryaman1706 may take the other.

Manvityagi commented 3 years ago

@udaymittal7 @Aryaman1706 Can you make two separate issues for and take one of them each?

Manvityagi commented 3 years ago

Hey @abdus ! I would love to work on this!

Ideas

Multiple auth strategies like GitHub, Google, and email/phone number.

We can use passport but if we want to inculcate more scopes then we can use API offered by respective platforms like google's people API gives a ton of information like phone number, birthday, organizations, etc (complete list here)

We can maintain cookie sessions stored in a Redis store rather than in memory with proper secret and TTL.

Appropriate email/phone number verification using some sort of mailing and SMS services like SendGrid or nodemailer.

Restricting users from making too many unsuccessful attempts. We can do this either going way simple and using express-rate-limiter or we can go with the token bucket approach.

Checking appropriate CSRF token with each login/signup request.

I would love to discuss it further.

Let's start with Google Oauth for this issue, will extend it further for github etc @Aryaman1706

CC: @abdus

rohithmsr commented 3 years ago

What are all the things I must work on? There are so many issues given in this single issue @abdus @Manvityagi

Manvityagi commented 3 years ago

What are all the things I must work on? There are so many issues given in this single issue @abdus @Manvityagi

Hi @rohithmsr #33 is taking care of this issue, left it opened mistakenly.