Professional Documents
Culture Documents
By Chandan Naresh
AUTHENTICATION –
AUTHORIZATION
Process of validating if the user is genuine /valid to access sensitive data/resources.
Process of providing access only to applied area of the web application.
Common authentication strategies
Window auth
LDAP Auth
Email-Id/Password Auth
Token Auth
Google Auth
Facebook Auth
Phone Number Auth
OpenID
Authentication Libraries
Passport.js, Auth0 SDK, firebase sdk, firebase admin
JWT TOKEN AUTH FLOW
GET: http://localhost:3000/user/data
POST: http://localhost:3000/login Token: 383802899899
1. Validate and
sanitize input
2. Check
id/password
exists in db
3. Generate jwt
token
4. Send the token
JSON WEB TOKEN
Open standard RFC 7519 implementation to represent claims securely between two
parties
Use SHA246/RSA algoritm to sign the token
Generated on Server – Send to client
Cannot be tampered
Use for authorization on subsequent client request over resources/routes/endpoint
Jsonwebtoken package to generate token
NODE JS – EXPRESS
VALIDATOR
Middleware library for input validation and sanitization
npm i express-validator
Features includes
Sanitization [example, normalizeEmail(), trim(), escape(), toBoolean()]
Validation [example, check(),body(),cookie(),header(),param(),query(),oneOf(),checkSchema()]
Example
import { body, validationResult } from 'express-validator';
app.post(
'/user',
// username must be an email
body('username').isEmail(),
// password must be at least 5 chars long
body('password').isLength({ min: 5 }),
(req: express.Request, res: express.Response) => {
// Finds the validation errors in this request and wraps them in an object with handy functions
const errors = validationResult(req);
if (!errors.isEmpty()) {
return res.status(400).json({ errors: errors.array() });
}
User.create({
username: req.body.username,
password: req.body.password,
}).then(user => res.json(user));
},
);
BCRYPT
Hashing library to hash password
Bcrypt npm
Used on Server
Example:
bcrypt.hash(myPlaintextPassword, saltRounds, function(err, hash)
{ // Store hash in your password DB. });