aeciorc
commented
4 years ago - simple password validation (>6 chars)
- Use trusted library for hashing and verifying
- Implement a middleware for protected routes ( checks token, returns appropriate response if invalid)
- Use httpOnly cookies
- On successful auth: return token and user object