Sessional token storage : Previously the auth token stored in redux would be lost everytime a user is to refresh the page, it has now been setup to persist in memory while the tab is open and that window is not closed
Auth middleware : We must protect api routes that are user specific, for this auth tokens must be passed in the header of our api calls (req.header.authorization) and the backend middleware must validate the token, set the user associated with that token in our database, and then move forward to actually serve the API. This has been completed, the auth_token is now also being stored in the authSlice to use in the header of all API's calls for the currently logged in user.
Routes : Routes that need protection have been given it, and all routes now use req.user rather than finding the user in the api route. This is because the auth middleware sets the user as req.user before proceeding with the API controller, and this is the right way to do things.
Things completed in this PR :
Sessional token storage : Previously the auth token stored in redux would be lost everytime a user is to refresh the page, it has now been setup to persist in memory while the tab is open and that window is not closed
Auth middleware : We must protect api routes that are user specific, for this auth tokens must be passed in the header of our api calls (req.header.authorization) and the backend middleware must validate the token, set the user associated with that token in our database, and then move forward to actually serve the API. This has been completed, the auth_token is now also being stored in the authSlice to use in the header of all API's calls for the currently logged in user.
Routes : Routes that need protection have been given it, and all routes now use req.user rather than finding the user in the api route. This is because the auth middleware sets the user as req.user before proceeding with the API controller, and this is the right way to do things.