Continued my web security studies. I finished building the example login / logout project. The last step was to add hashing to the passwords before storing them in the database and then comparing those hashes instead of the actual passwords when handling login attempts. Now with my mechanical keyboard lets keep going and take this new toy for a real spin with some more projects.
There is one more project in the section which seems to be dealing with similar features. This will be the big challenge for me since it will test whether I can reproduce the authentication features with some additional authorization features. I am super excited to try and tackle this as a professional LOL.
TLDR;
Okay, so here are the highlights of what I did:
- Backend -> Finished the example authentication login / logout app. Now on to the last project in the web security section of the course. There is not much left in the course. I just have to keep going and not get hung up with the rest. The web security section was one that I had wanted to tackle for a while. This was my excuse to cover it. Now it’s time to keep moving forward. I will be back tho!
Main App Code from example Project
const path = require("path")
const mongoose = require("mongoose")
const express = require("express")
const session = require("express-session")
const passport = require("passport")
const bcrypt = require("bcryptjs")
const LocalStrategy = require("passport-local").Strategy
const Schema = mongoose.Schema
const mongoDb = 'mongodb://127.0.0.1:27017/login_logout_example'
mongoose.connect(mongoDb, { useUnifiedTopology: true, useNewUrlParser: true })
const db = mongoose.connection
db.on("error", console.error.bind(console, "mongo connection error"))
const User = mongoose.model(
"User",
new Schema({
username: { type: String, required: true },
password: { type: String, required: true }
})
)
/* Add Passport Local strategy for later authentication */
passport.use(
new LocalStrategy((username, password, done) => {
User.findOne({ username: username }, (err, user) => {
if (err) return done(err)
if (!user) return done(null, false, { message: "Incorrect username" })
// Check user passwords match
bcrypt.compare(password, user.password, (err, res) => {
if (res) {
// passwords match! log user in
return done(null, user)
} else {
// passwords do not match!
return done(null, false, { message: "Incorrect password" })
}
})
})
})
)
/* Add Serializer and Deserializer for the Session Data */
passport.serializeUser((user, done) => {
done(null, user.id);
// User id will be stored
// passport sessionmanager.js: done = function(err, obj)
// passport sessionmanager.js: req.session[self._key].user = obj;
})
passport.deserializeUser((id, done) => {
User.findById(id, (err, user) => {
done(err, user)
})
})
const app = express()
app.set("views", path.join(__dirname, 'views'))
app.set("view engine", "ejs")
app.use(session({ secret: "cats", resave: false, saveUninitialized: true }))
app.use(passport.initialize())
app.use(passport.session())
app.use(express.urlencoded({ extended: false }))
/*
* In express, you can set and access various local variables
* throughout your entire app (even in views) with the locals object.
* */
app.use((req, res, next) => {
res.locals.currentUser = req.user
next()
})
app.get("/", (req, res) => res.render("index", {user: req.user}))
app.get("/sign-up", (req, res) => res.render("sign-up-form"));
// Login users
app.post(
"/log-in",
passport.authenticate("local", {
successRedirect: "/",
failureRedirect: "/"
})
)
app.post("/sign-up", (req, res, next) => {
bcrypt.hash(req.body.password, 10, (err, hashedPassword) => {
const user = new User({
username: req.body.username,
password: hashedPassword
}).save(err => {
if (err) return next(err)
res.redirect("/")
})
})
})
app.get("/log-out", (req, res) => {
req.logout((err) => {
if (err) return next(err)
res.redirect("/")
})
})
app.listen(3000, () => console.log("app listening on port 3000!"))
Goal For Round 8 of the #100DaysofCode Challenge
This is my eighth round of the “#100daysofcode” challenge. I will be continuing my work from round five, six, and seven into round eight. I was working through the book “Cracking the Coding Interview” by Gayle Laakmann McDowell. My goal was to become more familiar with algorithms and data structures. This goal was derived from my goal to better understand operating systems and key programs that I use in the terminal regularly e.g. Git. This goal was in turn derived from my desire to better understand the fundamental tools used for coding outside of popular GUIs. This in turn was derived from my desire to be a better back-end developer.
I am currently putting a pause on the algorithm work to build some backend/full stack projects. I primarily want to improve my skills with the back-end from an implementation perspective. I have improved tremendously in terminal and CLI skills but I lost focus due to how abstract the algorithm concepts got. I wanted to work on things that were more tangible until I can get to a position where I could directly benefit from improving my algorithm skills and theoretical knowledge. So that’s the focus right now. Build my backend skills and prove my full stack capabilities by building some dope projects.
Again, I still have no idea if my path is correct but I am walking down this road anyways. Worst case scenario I learn a whole bunch of stuff that will help me out on my own personal projects. Best case scenario I actually become one of those unicorn developers that go on to start a billion dollar company… You never know LOL.