Professional Documents
Culture Documents
PROJECT
TEAM MEMBERS
Aditya Ruhatiya (18BCE0582)
Aditya Agrawal (18BCE0586)
TITLE
Secured Form Authentication and Securing Routes with Cookies
INTRODUCTION OF THE PROJECT
• Information Exchange: JSON Web Tokens are a good way of securely transmitting
information between parties. Because JWTs can be signed—for example, using
public/private key pairs—you can be sure the senders are who they say they are.
Additionally, as the signature is calculated using the header and the payload, you
can also verify that the content hasn't been tampered with.
JSON Web Token structure
In its compact form, JSON Web Tokens consist of three parts separated by dots (.),
which are:
• Header
• Payload
• Signature
Therefore, a JWT typically looks like the following.
xxxxx.yyyyy.zzzzz
Let's break down the different parts.
Header
The header typically consists of two parts: the type of the token, which is JWT, and the
signing algorithm being used, such as HMAC SHA256 or RSA.
For example:
Then, this JSON is Base64Url encoded to form the first part of the JWT.
Payload
The second part of the token is the payload, which contains the claims. Claims are
statements about an entity (typically, the user) and additional data. There are three
types of claims: registered, public, and private claims.
• Registered claims: These are a set of predefined claims which are not mandatory
but recommended, to provide a set of useful, interoperable claims. Some of them
are: iss (issuer), exp (expiration time), sub (subject), aud (audience), and others.
• Public claims: These can be defined at will by those using JWTs. But to avoid
collisions they should be defined in the IANA JSON Web Token Registry or be
defined as a URI that contains a collision resistant namespace.
• Private claims: These are the custom claims created to share information between
parties that agree on using them and are neither registered or public claims.
The payload is then Base64Url encoded to form the second part of the JSON Web
Token.
Signature
To create the signature part you have to take the encoded header, the encoded
payload, a secret, the algorithm specified in the header, and sign that.
For example if you want to use the HMAC SHA256 algorithm, the signature will be
created in the following way:
The signature is used to verify the message wasn't changed along the way, and, in the
case of tokens signed with a private key, it can also verify that the sender of the JWT is
who it says it is.
This can be, in certain cases, a stateless authorization mechanism. The server's
protected routes will check for a valid JWT in the Authorization header, and if it's
present, the user will be allowed to access protected resources. If the JWT contains the
necessary data, the need to query the database for certain operations may be reduced,
though this may not always be the case.
If the token is sent in the Authorization header, Cross-Origin Resource Sharing (CORS)
won't be an issue as it doesn't use cookies.
The following diagram shows how a JWT is obtained and used to access APIs or
resources:
Do note that with signed tokens, all the information contained within the token is
exposed to users or other parties, even though they are unable to change it. This
means you should not put secret information within the token.
VS Code comes with a straight-forward and intuitive layout that maximizes the space
provided for the editor while leaving ample room to browse. Additionally, it allows
access to the full context of your folder or project. The UI is divided into five areas, as
highlighted in the above image.
Editor – It is the main area to edit your files. You can open as many editors as possible
side by side vertically and horizontally.
SideBar – Contains different views like the Explorer to assist you while working on your
project.
Status Bar – It contains the information about the opened project and the files you edit.
Activity Bar – It is located on the far left-hand side. It lets you switch between views and
gives you additional context-specific indicators, like the number of outgoing changes
when Git is enabled.
Panels – It displays different panels below the editor region for output or debug
information, errors, and warnings, or an integrated terminal. Additionally, the panel can
also move to the right for more vertical space.
VS Code opens up in the same state it was last in, every time you start it. It also
preserves folder, layout, and opened files.
Visual Studio Code supports the maximum of the modern programming languages. It
provides various features that can be language-specific but are available in almost all
the supported programming languages. Few of them are:
• Syntax highlighting and bracket matching: Syntax highlighting determines the
color and style of source code displayed in the Visual Studio Code editor.
Moreover, it is responsible for colorizing keywords like if or for in JavaScript
differently than strings and comments and variable names.
• Smart completion (IntelliSense): IntelliSense is a general term for a variety of
code editing features, including code completion, parameter info, quick info,
and member lists. Other names of IntelliSense features are “code completion,”
“content assist,” and “code hinting.” The below gif file shows a sample of the
feature:
Node.js
Node.js is a server-side platform built on Google Chrome's JavaScript Engine (V8
Engine). Node.js was developed by Ryan Dahl in 2009 and its latest version is v0.10.36.
The definition of Node.js as supplied by its official documentation is as follows −
Node.js is a platform built on Chrome's JavaScript runtime for easily building fast and
scalable network applications. Node.js uses an event-driven, non-blocking I/O model
that makes it lightweight and efficient, perfect for data-intensive real-time applications
that run across distributed devices.
Node.js is an open source, cross-platform runtime environment for developing server-
side and networking applications. Node.js applications are written in JavaScript, and
can be run within the Node.js runtime on OS X, Microsoft Windows, and Linux.
Node.js also provides a rich library of various JavaScript modules which simplifies the
development of web applications using Node.js to a great extent.
Node.js = Runtime Environment + JavaScript Library
Features of Node.js
Following are some of the important features that make Node.js the first choice of
software architects.
• Asynchronous and Event Driven − All APIs of Node.js library are asynchronous,
that is, non-blocking. It essentially means a Node.js based server never waits for
an API to return data. The server moves to the next API after calling it and a
notification mechanism of Events of Node.js helps the server to get a response
from the previous API call.
• Very Fast − Being built on Google Chrome's V8 JavaScript Engine, Node.js library
is very fast in code execution.
• Single Threaded but Highly Scalable − Node.js uses a single threaded model with
event looping. Event mechanism helps the server to respond in a non-blocking
way and makes the server highly scalable as opposed to traditional servers which
create limited threads to handle requests. Node.js uses a single threaded program
and the same program can provide service to a much larger number of requests
than traditional servers like Apache HTTP Server.
• No Buffering − Node.js applications never buffer any data. These applications
simply output the data in chunks.
• License − Node.js is released under the MIT license.
Concepts
The following diagram depicts some important parts of Node.js
Application of Node.js
Following are the areas where Node.js is proving itself as a perfect technology partner.
• I/O bound Applications
• Data Streaming Applications
• Data Intensive Real-time Applications (DIRT)
• JSON APIs based Applications
• Single Page Applications
MongoDB Atlas
MongoDB Atlas is a fully-managed cloud database developed by the same people that
build MongoDB. Atlas handles all the complexity of deploying, managing, and healing
your deployments on the cloud service provider of your choice (AWS, Azure, and GCP).
The service is built to handle enterprise workloads, with support for global clusters.
You can store your data with Amazon Web Services (AWS), Google Cloud Platform, or
Microsoft Azure. However, you don’t need to set up an account with any of these
platforms. MongoDB Atlas takes care of all this behind the scenes.
MongoDB Atlas also automatically handles backend administrative processes such as
provisioning resources, setting up clusters, or scaling services. Most of the tasks you
perform are simple point-and-click operations that you carry out through the service’s
centralized web interface.
Features included with MongoDB Atlas free cluster
• 512 MB of storage
• Shared RAM
• Highly available replica sets, end-to-end encryption, automated patches, REST
API
• Max connections: 100
• Network performance: Low
• Max databases: 100
• Max collections: 500
The free tier cluster regions available are:
• N. Virginia (us-east-1)
• Frankfurt (eu-central-1)
• Singapore (ap-southeast-1)
• Mumbai (ap-south-1)
SCREENSHOTS
Initial database
Register
After Login
After login Developer console (Network Tab)
No token stored
EXECUTION VIDEO
https://drive.google.com/file/d/1AFUX93dhA5pew8WG-
Cqrsll_1rBvjyLR/view?usp=sharing
REFERENCES
1. https://jwt.io/introduction/
2. https://www.knowi.com/blog/getting-started-with-mongodb-atlas-overview-and-
tutorial/
3. https://nodejs.dev/learn
4. https://www.toptal.com/web/cookie-free-authentication-with-json-web-tokens-an-
example-in-laravel-and-angularjs
5. https://www.ably.io/tutorials/jwt-authentication
6. https://www.tutorialspoint.com/cryptography_with_python/cryptography_with_pyt
hon_understanding_rsa_algorithm.htm