Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Simple Auth Work Plan
- ### Overview & Weekly
- - This week I will accomplish the implementation of authenication using express-session. I will also implement bcrypt for added security during the authenication.
- ### Specifications
- - Authenication
- + A user can sign up using a signup page
- + A user can log in using a login page
- + A user is redirected when not logged in to the login page (Not logged in users can't see pages or data other than login and signup pages)
- + Someone new to the app can create a "new-user" in the database.
- + When a user logs in, their username and password are validated in the user table. If the username/password combo doesn't exist or is invalid, user receives an error.
- + Users Passwords are encrypted with bcrypt
- + Users session is saved, Express-session is used to store sessions on the server side. Notice the differences between storing sessions on client side(using cookie-session vs storing sessions on the server side(using express-session).
- - Authorization
- + A user should have a role associated to it. The values are admin or regular.
- + Only a user with an admin role should be able to create a new contact. If the logged in user is not an admin, going to the route "/contacts/new" should return a status code 403.
- + Only a user with an admin role should be able to delete contact. If the logged in user is not an admin, goin to the route /contacts/delete/:contactId should return a status code 403. The delete links on the page should not be shown if the logged in user is not an admin.
- ### Implementation Plan
- #### Authenication
- - A user can sign up using a signup page
- + create users table
- + create signup route
- + create signup form view
- + link to login page in view
- + write functions that checks if input is valid.
- - A user can log in using a login page
- + create login route
- + create login form view
- + link to signup page in view
- - A user is redirected when not logged in to the login page (Not logged in users can't see pages or data other than login and signup pages)
- + implement express-session to check if user is logged in or not.
- + if user is logged in, redirect to "/" route, or else redirect to "/signup" page.
- - Someone new to the app can create a "new-user" in the database.
- + create addNewUser function that adds new user in database.
- #### Authenication
- - A user should have a role associated to it
- + add role column to user table.
- + add role option to form
- + create function to check if user has role of admin or regular, if regular show edit and delete button,
- otherwise dont show buttons.
- + add condition that checks if user has role of admin or regular, if regular going to route "/contacts/delete/:contactId" will produce 403 error.
Add Comment
Please, Sign In to add comment