samiurprapon / Aether

New approach to change online Education system.
https://aether-project.pages.dev/
Apache License 2.0
21 stars 25 forks source link

✨ Frontend: Implement JWE-based Authentication with RTK Query #198

Open samiurprapon opened 1 month ago

samiurprapon commented 1 month ago

✨ Feature Request Overview

Implement authentication functionalities using JWE-based tokens, which differ from traditional JWT. It would be preferable to utilize RTK Query for this implementation.


πŸ” Background Context

To enhance our application's security, we need a robust authentication mechanism. JWE (JSON Web Encryption) provides an added layer of security by encrypting the token payload, crucial for protecting sensitive information. This feature should support both access and refresh tokens for effective user session management.


πŸ“‚ Scope

🎨 Design & Mockup


πŸ’‘ Implementation Details


πŸ“˜ Relevant Resources


πŸ› οΈ Expected Outcome

Expected Result:
A secure authentication system using JWE-based access and refresh tokens, integrated with RTK Query for seamless data fetching and management.


πŸ“ Additional Information

d-a-ve commented 1 month ago

Hi, this looks like an interesting issue. I see from the backend dir that the auth apis are ready.

I can take this.

Where are you looking at storing the jwe tokens? I see the current implentation is using localStorage

samiurprapon commented 1 month ago

hey @d-a-ve , Yes for now, localstorage is being used to store the tokens. you can always implement any better way to store it. In the next version authentication process will use we bsockets to add an extra layer for better security. if you find this interesting you can implement it and send a PR

d-a-ve commented 1 month ago

For the tokens, it can be implemented using cookies on the backend side so the frontend never handles the tokens.

Any error that it receives, it just displays it to the user. We can also add that depending on the type of error we can do a silent token refresh among other things.

The APIs will send back the tokens once it's hit right?

P.S: I am talking about the web side of things, I saw after my initial comment that there's an android app

samiurprapon commented 1 month ago

@d-a-ve, I think using Local Storage should work fine for now, and later on, I’m planning to add an extra layer with WebSockets to improve identity protection. If you're up for it, feel free to start working on the authentication process. I’ll aim to have a staging site up by Wednesday so we can showcase where the project is at.

d-a-ve commented 1 month ago

@samiurprapon okay. That's fine.

What I am supposed to work on is the frontend implementation only or work o the backend code too? I cannot write backend code as I am a frontend dev right now.

samiurprapon commented 1 month ago

@d-a-ve, you can go ahead and start with the frontend side. I’ll take care of the necessary APIs for your end. For now, you can structure the RTK query and everything using mock APIs. Once you’ve had a chance to dive in and if you're able to spend more time on this, I’d be happy to guide you through the backend implementation of Aether. Let me know what you think!

d-a-ve commented 1 month ago

@samiurprapon that's great, it sounds fine by me. You can assign it to me.

I will think deeply about what's needed and go through the documentation too.

d-a-ve commented 1 month ago

Hey @samiurprapon, I am sorry that I haven't given update since. I have been tied down at work, this past week has been hectic. It would reduce by next week and I can work on it.

If I can't, I will let you know too.

samiurprapon commented 3 weeks ago

Hi @d-a-ve , any update so far?

d-a-ve commented 3 weeks ago

Hey @samiurprapon, sorry that I didn't drop any update since. I have been busy still. I just got my plate a bit free up. I think I can still work on the frontend part of the auth. Is it too late? And has someone taken the backend part?

d-a-ve commented 3 weeks ago

Hey @samiurprapon I just forked and cloned the app, the frontend has too many styling solutions. I am seeing vanilla css, tailwind, and mui, what's the reason behind having 3 solutions?

Also, it seems the routing does not work. I tried moving to the auth page to see what's there but it's not working

samiurprapon commented 2 weeks ago

Hey @d-a-ve I saw the issue and wanted to chat about the styling approach. For the long term, I’m leaning towards SCSS over MUI, but if you’re comfortable using something else, I’m happy to incorporate that too!

I also noticed the routing issue, but right now, I’m focused on setting up a CI/CD pipeline for both the backend and front end for the Cloudflare deployment. If you have some time to take a look and could send a PR to fix the routing, that would be awesome!

samiurprapon commented 2 weeks ago

@d-a-ve I have fixed the routing issue.

d-a-ve commented 2 weeks ago

Hey @samiurprapon sorry for the late reply.

I am fine with any styling solution you prefer, my CSS is strong so regardless of the choice I believe I can work with it. I use tailwind most times but SASS will work too. I can definitely learn from your experience on that. The only problem I know I will run into will be naming the classes πŸ˜‚πŸ˜‚, which we all have.

I am happy to hear you have fixed the routing issue, I will pull and take a look at it. I'm currently on a call so I can't right now but when I'm free I will do that.

For the CI/CD, is it cloud flare you are using for the deployment using wrangler and all those stuff? Or it's just for the CDN?

samiurprapon commented 2 weeks ago

Yes, will use Github Actions for the CI purposes. And initially use Cloudflare Pages instead of Vercel or Github Pages. Soon, use Cloudflare workers and Database like D1

d-a-ve commented 2 weeks ago

Yes, will use Github Actions for the CI purposes. And initially use Cloudflare Pages instead of Vercel or Github Pages. Soon, use Cloudflare workers and Database like D1

Okay, I haven't deployed to cloud flare pages before, it will work for an spa like this one yes?

Which part of the project will use the workers? The server? Isn't that a runtime that's different from nodejs?