Client side authorization

[alexbeletsky]

Authorization API has been implemented in #12, but it's still not utilised by client. This could be rather big task, let's discuss it and split for something smaller.

What need to done:

1. Create a simple signup page (form with username and password).
2. Create simple login page.
3. Update all existing API endpoints with middleware.access.validateToken.
4. Update client side to use token while accessing any API methods.
5. Update README with all knowledge we gather through implementation.

Scenarios:

• If used has not logged on, it's not possible to open any application routes ('/tasks', '/contacts'), it should redirect to login.
• Once user logged on, put access token to to localstore.
• Use the code from README to to augment all requests with Authorize header (it reads token from localstore)
• Once token is invalidated (recieve 401 from any API method), user have to re-login.

Anything missing?

[Vijar]

This looks thorough. I can't think of anything else.

I did mention in #20 my one concern with a hacker potentially spoofing the refreshing of the token. Although that seems very fringe

[alexbeletsky]

Sounds great, let's start then.

I will take server side part, update all current endpoints. If you don't mind please take login/signup forms. As this is in place, we can integrate your Backbone.ajax magic in :)

[s-stude]

Any luck on this?