by Joe Manoela Karwan Yassien Authentication App | Week 3. Authentication
Make sure you have Git and Node (v18) installed.
- Clone this repo and
cdinto the directory - Run
npm installto install all the dependencies - Run
npm run devto start the server.
This uses the nodemon library to auto-restart the server when you save changes.
This app already has example stories seeded into the database.
- As a creative user, I want to submit my own stories for others to enjoy.
- As a nostalgic user, I want to come back to your site later and see the stories I posted are still there.
- As a curious user, I want to see stories other authors have posted.
- As a self conscious user, I want to be the only person allowed to delete my stuff.
A website for users to share stories that they have written and see (and read) stories written by other users.
- To fulfil the requirements of the Week 3 project on authentication.
- To practise skills learnt from server week and database week.
- To build a community of readers and writers.
- To make people smile because of the puns (i.e. authorisation in the sense of an authenticated user being able to do some action vs authorisation in the sense of people authorising themselves by submitting a story and becoming an author)
We are not building a marketplace for books eg Amazon kindle.
We looked at the core user stories and acceptance criteria for this project and prioritised the features that would fulfil these given our limited build time and lack of experience with authentication.
We will be doing a single two-day sprint because that is the only time allocated for this project on the course schedule.
We will build the site in parallel with each pair working simultaneously on a particular route until the full web app comes together.
We did not conduct user research for this project.
We will use semantic html wherever possible and then conduct a google chrome lighthouse analysis as well as checking the a11y accessibility criteria to ensure our project is accessible to as many users as possible.
We are not using cookies to track user behaviour but merely for login and signup purposes so we do not need to worry about GDPR and cookie consent (I think?). We may also need to consider potential copyright issues if a user submits a story that has already been published by someone else.
- We handle security by authenticating users via hashed passwords stored in a database.
- Each login creates a session which has a corresponding cookie and is stored in the database (stateful not stateless).
- Cookies for a particular login auto-expire after 7 days.
- We mitigate Cross-site Request Forgery (CSRF) attacks by using the
SameSite=LaxandhttpOnly: trueattributes.
Yes.
Take more scheduled breaks rather than working until a particular issue has been completed.
Pay more attention to completing the documentation at an earlier stage (rather than just at the end).
We learnt that some of routes were not displaying the css properly. We were able to solve this by changing the path in the href attribute of the link tag in the layout html template.
As part of our stretch goals which we did not have time to get to on this sprint we already identified some extra enhancement features to build next time; allow users to review and rate the stories, filter by rating etc.
Yes.