Open jaredatron opened 7 years ago
@deadlyicon could we roll this into #194?
@tannerwelsh I like that this one's primary focus is authentication.
The learner will have to set up an html form and an express web server as part of the process so there's definitely overlap with #194.
Got it, thanks @jason00111. Let's keep them separate then. :)
Thank you @tannerwelsh !!!!
Basic HTTP Authentication from scratch
Learning objectives
App 1 - Storing a string in a cookies
In App 1 we're going to store a single piece of data in an HTTP cookie.
Using express, make an app that renders an html page that with a form that does a post of the users name and then store in a cookie. Parse cookies using a cookie parsing node package. Display the users name on the page if you have it in the cookie. also have a "clear name" button
Resources
Specs
/app1
/app1/package.json
npm start
node
andexpress
App 2 - Storing data in cookies
In App 2 we're going to store more than one piece of data in a cookie using JSON.
Resources
Specs
/app2
/app2/package.json
npm start
node
andexpress
App 3 - An insecure session
In App 3 we're going to move our cookie logic into an express middleware and use it as a session.
The express middleware should look for the session cookie and if present deserialize it. Then it should place a session object at
request.session
so future request handlers can access the session. It also needs to serialize the session object back into the cookie before the response headers are sent.the session cookie, if present, and makes a session object available at
request.session
Build a middleware that serializes a session object into a session cookie using JSON. look at
session-cookie
as a guide. Each route should have access to the deserialized session cookie object atreq.session
. The cookie needs to be updated on each request. Update the form to store the users name in the session cookie object under the keyuser_name
Resources
Specs
/app3
/app3/package.json
npm start
node
andexpress
homepage
andform post
routes should only read and write data to and fromrequest.session
and not to the cookies header directly.App 4 - A secure session
Encrypt the session cookie using bcrypt
Specs
/app3
/app3/package.json
npm start
node
andexpress
homepage
andform post
routes should only read and write data to and fromrequest.session
and not to the cookies header directly.