Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Backend: User Auth etc #15

Open
ashishkarki opened this issue Oct 1, 2024 · 0 comments
Open

Backend: User Auth etc #15

ashishkarki opened this issue Oct 1, 2024 · 0 comments

Comments

@ashishkarki
Copy link
Owner

1. User Authentication (Login)

  • Why: After registration and OTP verification, users should be able to log in securely.
  • What to Use: Implement a login feature using JWT (JSON Web Tokens) or session-based authentication. This will allow users to authenticate and access protected routes.
  • Next Step: Implement a login mutation that verifies the user's email and hashed password, and returns a JWT for subsequent authenticated requests.

2. Token-Based Email Verification (Optional)

  • Why: OTP-based verification is already in place, but for future scalability, you could also implement token-based email verification (for example, sending a link that users click to verify their account).
  • What to Use: You could create a unique verification token linked to the user and send it via email.
  • Next Step: This is an optional enhancement but could replace or supplement OTP verification for email verification in the future.

3. Password Reset Flow

  • Why: Allow users to reset their password if they forget it. This is a standard feature in modern applications.
  • What to Use: Implement a password reset feature that allows users to request a password reset email containing a token, which they can use to reset their password.
  • Next Step: Add a mutation to send a password reset email and handle password reset tokens.

4. Rate Limiting and Security Enhancements

  • Why: To protect against brute-force attacks or abuse of the OTP or login systems.
  • What to Use: Use rate-limiting middleware to limit requests from a single IP address (especially for sensitive routes like login and OTP verification).
  • Next Step: Integrate rate-limiting and consider adding CAPTCHA to prevent bot abuse.

Summary of Next Steps:

  1. User Authentication – Implement a login feature using JWT or session-based authentication.
  2. Password Reset Flow – Allow users to reset their passwords.
  3. Security Enhancements – Add rate limiting and other security measures like CAPTCHA
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant