Develop authentication and authorisation mechanisms for WebAPP

[almeiphi]

Implement JWT-based authentication and authorisation mechanisms using Remix full-stack capabilities. This will allow users to securely log in and access protected resources through a dedicated middleware.

Requirements

1. User Registration

   • Create route with correct validations.
   • Hash passwords before storing them in the database.
   • Generate a JWT upon successful registration.

2. User Login

   • Create route with correct validations.
   • Validate user credentials and generate a JWT upon successful authentication.

3. JWT Generation

   • Generate a JWT with a payload containing the user ID and other relevant information.
   • Sign the JWT with a secret key.
   • Set an expiration time for the JWT.

4. JWT Verification

   • Implement middleware utilities to verify the JWT on protected routes.
   • Decode the JWT and attach user information to the request object.

5. Protected Routes

   • Protect routes in the BFF that require authentication using the JWT verification middleware.
   • Ensure only authenticated users can access these routes.

6. Logout

   • Invalidate the JWT on the client side (e.g., by removing it from local storage).

Steps to Implement

1. User Registration Endpoint

   • [ ] Create a registration endpoint (/register).
   • [ ] Hash the user’s password using bcrypt.
   • [ ] Store the user information in simulated database.

2. User Login Endpoint

   • [ ] Create a login endpoint (/login).
   • [ ] Validate the user credentials.
   • [ ] Generate a JWT and return it to the client upon successful login.

3. JWT Utility Functions

   • [ ] Create utility functions in the BFF to generate and verify JWTs.
   • [ ] Use the jsonwebtoken library to handle JWT operations.

4. JWT Middleware

   • [ ] Implement middleware to verify JWTs on protected routes.
   • [ ] Decode the JWT and attach user information to the request object.

5. Protecting Routes

   • [ ] Apply the JWT middleware to routes that require authentication.
   • [ ] Ensure unauthorised requests receive an appropriate response.

6. Integration with Remix WebAPP

   • [ ] Ensure the Remix web application uses the JWT for authenticating users.
   • [ ] Update the web application to store the JWT in a secure cookie upon successful login.

7. Logout Functionality

   • [ ] Implement client-side logout functionality in the web application.
   • [ ] Ensure the JWT is removed from cookie upon logout.

8. Documentation and Testing

   • [ ] Document relevant methods.
   • [ ] Write tests for the registration, login, and JWT verification processes.

Resources

• jsonwebtoken - Library for generating and verifying JWTs.
• bcrypt - Library for hashing passwords.

Acceptance Criteria

• [ ] Users can register with a username and password.
• [ ] Users can log in and receive a JWT.
• [ ] JWTs are verified on protected routes.
• [ ] The Remix web application uses the JWT for authenticated requests.
• [ ] Appropriate error messages are returned for invalid credentials and unauthorised access.
• [ ] Tests are written and passing for the new functionality.

Additional Information

• This task is part of Phase 2 of our development roadmap.
• Ensure the JWT secret key is stored securely in environment variables.
• Focus on the integration with the Remix web application for user login and accessing protected routes.

---

[teixeped]

Edited ticket to reflect Astro to Remix change