Develop authentication and authorisation mechanisms for WebAPP

[almeiphi]

Implement authentication and authorisation mechanisms using Remix full-stack capabilities. This will allow users to securely log in and access protected resources through a dedicated middleware which will be provided by Remix-auth package.

Requirements

1. User Registration

   • Create route with correct validations.
   • Hash passwords before storing them in the database.
   • Store User id in a secure cookie.

2. User Login

   • Create route with correct validations.
   • Validate user credentials.
   • Generate cookie with User id

3. Protected Routes

   • Protect routes with Remix-auth built in methods.
   • Ensure only authenticated users can access these routes.

4. Logout

   • Invalidate the session cookie on the client side.

Steps to Implement

1. User Registration Endpoint

   • [x] Create a registration endpoint (/signup).
   • [x] Hash the user’s password using bcrypt.
   • [x] Store the user information in simulated database.
   • [x] Generate a session cookie with User id.

2. User Login Endpoint

   • [x] Create a login endpoint (/login).
   • [x] Validate the user credentials.
   • [x] Generate a session cookie with User id.

3. Protecting Routes

   • [x] Apply Remix-auth middleware to routes that require authentication.
   • [x] Ensure unauthorised requests receive an appropriate response.

4. Logout Functionality

   • [x] Implement client-side logout functionality in the web application.
   • [x] Ensure the cookie is removed upon logout.

5. Documentation and Testing

   • [ ] Document relevant methods.
   • [ ] Write tests for the registration, login, and JWT verification processes.

Resources

• bcrypt - Library for hashing passwords.
• Remix-auth - Library for Remix authentication

Acceptance Criteria

• [x] Users can register with a username and password.
• [x] A session cookie is generated with the User id
• [x] Appropriate error messages are returned for invalid credentials and unauthorised access.
• [ ] Tests are written and passing for the new functionality.

Additional Information

• This task is part of Phase 2 of our development roadmap.
• Focus on the integration with the Remix web application for user login and accessing protected routes.

---

[teixeped]

Edited ticket to reflect Astro to Remix change

[teixeped]

Updated ticket to include Remix-auth for session authentication and remove JWT. Remix-auth supports OAuth/Auth0 strategy if we want to update in the future