Is your feature request related to a problem? Please describe.
Authenthication to secure your private short-url service
Describe the solution you'd like
Authenthication to secure your private url shortener service.
To keep it simple, but secure, create env variables in your function environment:
AUTH_USERNAMEAUTH_PASSWORD
Username should be at least 8 characters long.
Password should be at least 8 characters long.
Password should be hashed with argon2 encryption, and then stored in env variable.
Password should be validated with argon2 when trying to sign in.
Input validations should happen both on client side and server side.
Make sure that if AUTH_USERNAME or AUTH_PASSWORD environment variables are set to display sign in page where you will enter your credentials before you can access your url shortener service.
This requires making simple sign in page template.
Implement JWT access token with expiration time of 4 hours.
Behaviour logic
GET
On GET / route, if credentials are set, check if valid JWT token exists. If not, go to sign-in page. Else continue to the service page.
If sign-in page is show, upon entering correct credentials, JWT access token will be generated and you will be redirected to the service page.
Is your feature request related to a problem? Please describe. Authenthication to secure your private short-url service
Describe the solution you'd like Authenthication to secure your private url shortener service.
To keep it simple, but secure, create env variables in your function environment:
AUTH_USERNAMEAUTH_PASSWORDUsername should be at least 8 characters long. Password should be at least 8 characters long. Password should be hashed with argon2 encryption, and then stored in env variable. Password should be validated with argon2 when trying to sign in.
Input validations should happen both on client side and server side.
Make sure that if
AUTH_USERNAMEorAUTH_PASSWORDenvironment variables are set to display sign in page where you will enter your credentials before you can access your url shortener service.Implement JWT access token with expiration time of 4 hours.
Behaviour logic
GET
/route, if credentials are set, check if valid JWT token exists. If not, go to sign-in page. Else continue to the service page.