This server's main role is managing user data and user authentication. We are using JWT authentication for secured API and MySQL Database for the user DB.
- Basic API
- User management
- Token management
- User Authentication
Providing user Information to Front-End side
- Offer user Information to Front-End
The User Database has 3 tables (User table, Clowder table, Clowdee table)
Clowder table and Clowdee table have dependencies to User table. Because of this User table is always handled with either Clowder table or Clowdee table.
As we seperated user tables, it can easily block the malformed request access like when Clowder user request the API to Clowdee API and vice versa.
This makes managing users easy.
- User Sign Up
- User Sign In / Out
- Manage User DB between Clowder & Clowdee
Basically we are using Google Oauth2.0 API.
Our system is multi-server using GO and Express servers. We made the GO server for
fast file processing by maximizing the parellelism. Therefore GO server's authentication should also be fast.
For this, in the GO server, we didn't check the token's user payload. We are just checking whether this token is valid or not.
Doing this speeds up every authentication request by not accessing the database server. But it can be dangerous.
We overcame this problem by: limiting the token's expiry time to be very short, refreshing it many times, and checking the user is valid when refreshing the token in the API server, not the GO server.
- Use Google Oauth2.0
- Check the user's validity in the API server
- Don't check the user's valididity when accessing the GO server
Our server is using Google Oauth2.0 API and token authentication. We get user information from Google and make accessToken and refreshToken. As we mentioned, we limit the access token's expiry time to be very short. This forces the user to refresh the token many times.
- Provide accessToken and refreshToken when sign in
- Refreshing the token when accessToken is expired.
Special Thanks for Taylor Kern (Purdue University CIT)