+ 4
How to implement a basic authentication system ?
Consider the user has registered and the details are stored in database with salted password , now the user fills the form for log in , server checks if the new salted password compares to one in database for the username . Is this how it is done or is there more to it? I have read a lot about it like using jwt token and http cookie for passing details and security and session maintaining but no clear idea on how should i include them or if i should even care about it . Also consider the site doesn't have any payments or any sensitive data . It just allows more features access to those who are logged in (but might add payment in future)
4 odpowiedzi
+ 8
Yes, and no.
You described the registration and checking process correctly.
After that you sent a token to the user so that they stay login during the session. The token is in the form of cookie. You then need to query database on contents for this authenticated user, and display contents accordingly.
Http cookie is mean for the token to be stored. If your setting is that the token is reuseable, the user doesn't need to login again the next time they visit your site. If the user clear their cookies, token is lost and he'll need to login again.
JWT is a tool for handling the token. It doesn't encrypt the password so you have to use encrypter yourself. You may choose to salt or not.
Usually, for Node.js, we use passport.js, which you can consider as JWT with encryptions. A one-stop solution.
Here is a tutorial about passport.js :
https://youtu.be/F-sFp_AvHc8
+ 4
Gordon ty ,that was very informative . I try to stay away from the libraries and understand how things work from scratch but i might look into passport .js , thks for the link.
+ 4
Welcome.
Good idea to learn the basic first.
For JWT, Kyle has a tutorial :
https://youtu.be/mbsmsi7l3r4
For even without JWT, he has another tutorial:
https://youtu.be/Ud5xKCYQTjM
In this video, he's encrypting and salting with brcrypt. No token. Just login everytime.
After building the authentication, add middleware to routes to filter the contents, here is how to do it with middleware and modules :
https://youtu.be/jI4K7L-LI58
+ 1
Gordon thanks a lot!