DijitallNotarer is a digital notarization platform using NestJS (backend), Next.js (frontend), and GraphQL APIs. It integrates LocalStack for AWS services, features a monorepo with Yarn workspaces, and includes CI/CD with GitHub Actions. Ideal for showcasing serverless and modern web tech stacks.
Why: After registration and OTP verification, users should be able to log in securely.
What to Use: Implement a login feature using JWT (JSON Web Tokens) or session-based authentication. This will allow users to authenticate and access protected routes.
Next Step: Implement a login mutation that verifies the user's email and hashed password, and returns a JWT for subsequent authenticated requests.
2. Token-Based Email Verification (Optional)
Why: OTP-based verification is already in place, but for future scalability, you could also implement token-based email verification (for example, sending a link that users click to verify their account).
What to Use: You could create a unique verification token linked to the user and send it via email.
Next Step: This is an optional enhancement but could replace or supplement OTP verification for email verification in the future.
3. Password Reset Flow
Why: Allow users to reset their password if they forget it. This is a standard feature in modern applications.
What to Use: Implement a password reset feature that allows users to request a password reset email containing a token, which they can use to reset their password.
Next Step: Add a mutation to send a password reset email and handle password reset tokens.
4. Rate Limiting and Security Enhancements
Why: To protect against brute-force attacks or abuse of the OTP or login systems.
What to Use: Use rate-limiting middleware to limit requests from a single IP address (especially for sensitive routes like login and OTP verification).
Next Step: Integrate rate-limiting and consider adding CAPTCHA to prevent bot abuse.
Summary of Next Steps:
User Authentication – Implement a login feature using JWT or session-based authentication.
Password Reset Flow – Allow users to reset their passwords.
Security Enhancements – Add rate limiting and other security measures like CAPTCHA
1. User Authentication (Login)
2. Token-Based Email Verification (Optional)
3. Password Reset Flow
4. Rate Limiting and Security Enhancements
Summary of Next Steps: