Closed frankcollins3 closed 1 year ago
we would not really want to use that method because: astleast in small user count it could be easy to try to pinpoint other userIDs
malicious behavior would only need: array of possible choices enough time to match choices -> users
[5:05pm]
npm i crypto. its not a built-in node module export const JWTsecretKeyMaker = () => { return crypto.randomBytes(64).toString('hex') } [9:50pm]
attempting to do: rebuild login route
error: handling of JWT
proposed approach:
a system such as utils.js -> JWT_SECRET_KEY_ARRAY [water, cupofwater, pool, coldwater, warmwater] concatenate user ID onto one of these above string values.
maybe env -> NEXT_PUBLIC_JWT_SECRET_KEY
// already removed username to login. has to be signed up user.