Implement JWT-based authentication and authorisation mechanisms using Remix full-stack capabilities. This will allow users to securely log in and access protected resources through a dedicated middleware.
Requirements
User Registration
Create route with correct validations.
Hash passwords before storing them in the database.
Generate a JWT upon successful registration.
User Login
Create route with correct validations.
Validate user credentials and generate a JWT upon successful authentication.
JWT Generation
Generate a JWT with a payload containing the user ID and other relevant information.
Sign the JWT with a secret key.
Set an expiration time for the JWT.
JWT Verification
Implement middleware utilities to verify the JWT on protected routes.
Decode the JWT and attach user information to the request object.
Protected Routes
Protect routes in the BFF that require authentication using the JWT verification middleware.
Ensure only authenticated users can access these routes.
Logout
Invalidate the JWT on the client side (e.g., by removing it from local storage).
Steps to Implement
User Registration Endpoint
[ ] Create a registration endpoint (/register).
[ ] Hash the user’s password using bcrypt.
[ ] Store the user information in simulated database.
User Login Endpoint
[ ] Create a login endpoint (/login).
[ ] Validate the user credentials.
[ ] Generate a JWT and return it to the client upon successful login.
JWT Utility Functions
[ ] Create utility functions in the BFF to generate and verify JWTs.
[ ] Use the jsonwebtoken library to handle JWT operations.
JWT Middleware
[ ] Implement middleware to verify JWTs on protected routes.
[ ] Decode the JWT and attach user information to the request object.
Protecting Routes
[ ] Apply the JWT middleware to routes that require authentication.
[ ] Ensure unauthorised requests receive an appropriate response.
Integration with Remix WebAPP
[ ] Ensure the Remix web application uses the JWT for authenticating users.
[ ] Update the web application to store the JWT in a secure cookie upon successful login.
Logout Functionality
[ ] Implement client-side logout functionality in the web application.
[ ] Ensure the JWT is removed from cookie upon logout.
Documentation and Testing
[ ] Document relevant methods.
[ ] Write tests for the registration, login, and JWT verification processes.
Resources
jsonwebtoken - Library for generating and verifying JWTs.
Implement JWT-based authentication and authorisation mechanisms using Remix full-stack capabilities. This will allow users to securely log in and access protected resources through a dedicated middleware.
Requirements
User Registration
User Login
JWT Generation
JWT Verification
Protected Routes
Logout
Steps to Implement
User Registration Endpoint
/register
).User Login Endpoint
/login
).JWT Utility Functions
jsonwebtoken
library to handle JWT operations.JWT Middleware
Protecting Routes
Integration with Remix WebAPP
Logout Functionality
Documentation and Testing
Resources
Acceptance Criteria
Additional Information