search

Luson045 / medi-connect

Medi-connect is an online hospital appointment booking website. Visit our website, find vulnerabilities and raise an issue... Make sure the check the announcement related to filtering of spammy PRs.... Also while raising new issues make sure there is no such existing issue, if found your issue will be marked invalid, if there are less than 20 issue
https://medi-connect-in.netlify.app/
MIT License
11 stars 26 forks source link

Add Login and Signup Routes with Passport.js Authentication #36

Open varma-101 opened 14 hours ago

varma-101 commented 14 hours ago

Implement user authentication in the Node.js and Express.js backend using Passport.js. This task involves setting up secure login and signup routes that will handle user registration, login, and session management. The implementation should follow best security practices.

Requirements: Signup Route (/signup):

Create a POST route for user registration. Use Passport.js local strategy to handle user signup. Hash user passwords using PBKDF2 with a salt and store them in the database (e.g., MongoDB). Validate input fields like username, password, and email. Return appropriate success or error messages. Login Route (/login):

Create a POST route for user login. Authenticate users using the Passport.js local strategy. Check credentials against hashed passwords stored in the database. Return appropriate error messages for invalid login attempts. Passport.js Configuration:

Set up Passport.js with the local strategy for username and password authentication. Ensure that passwords are compared securely with the stored hash using the Node.js crypto library. Use passport.serializeUser and passport.deserializeUser to manage user sessions. Session and Security:

Manage user sessions using Express-session. Ensure sessions are secured, especially in production environments (e.g., use HTTPS, secure cookies). Implement necessary middleware for session handling.

Luson045 commented 14 hours ago

I would like to postpone this issue for later updates, as some contributors are working on features related to auth and sessions

for now comment of issue #37 i'll assign you that for now

ShaikHafiza commented 14 hours ago

I would like to work on this along with @varma-101 to make work easier

Luson045 commented 14 hours ago

@ShaikHafiza it's postponed

Luson045 commented 13 hours ago

make sure not to give pr for this right now any pr for this one won't be accepted until the other work in this field are over

varma-101 commented 13 hours ago

Thanks for your consideration. i will try to deliver this fast.i will discuss with @ShaikHafiza and contribute together. And could you please mention me the deadline for this pr.

Luson045 commented 13 hours ago

There's no deadline, i will remove the postponed tag nearly by 7th october, so that things get stable by then, so then you can start working on it

ShaikHafiza commented 13 hours ago

Thankyou @Luson045 I'll do my best.

Luson045 commented 13 hours ago

[IMPORTANT] consider explaining your ideas here and aligning it with others discussion #40