- fork this repository & create a new branch for your work
- write all of your code in a directory named
lab-
+<your name>
e.g.lab-susan
- push to your repository
- submit a pull request to this repository
- submit a link to your PR in canvas
- write a question and observation on canvas
- students will be able to create basic authorization middleware
- students will be able to test basic authorization for signup/signin routes
package.json
.gitignore
.env
README.md
- create the following directories to organize your code:
- lib
- model
- route
- test
- create an HTTP server using
express
- using
mongoose
, create a User model with the following properties and options:username
- required and uniqueemail
- required and uniquepassword
- required - this must be hashed and can not be stored as plain text
- Use mongoose middleware to create a pre
'save'
hook that usesbcrypt
to hash a users password if this is the first time the User instance is being saved. - use the express
Router
to create a custom router for allowing users to sign up and sign in
POST
request- The client should pass the username, email and password in the body of the request
- The server should respond with a 200 status code for a proper request that successfully creates a new user.
- The server should respond with 400 Bad Request for a failed request
GET
request- the client should pass the username and password to the server using a
Authorization: Basic Base64(username:password)
header - The string
"username:password"
should be Base64 encoded - the server should respond with a 200 status code for requests containing legitimate usernames and correct passwords.
- the server should respond with HTTP status 401 Unauthorized for non-authenticated users.
- Move the file
basic-auth.test.js
into your lab directory and configure it to run with your sever. - It has tests that check the status code of your signup and signin routes.
/api/signup
POST
- test expects HTTP status 400, if no request body has been provided or the body is invalidPOST
- test expects HTTP status 200, if the request body has been provided and is valid
/api/signin
GET
- test expects HTTP status 401, if the user could not be authenticated due to an incorrect passwordGET
- test expects HTTP status 200, for a request with a valid basic authorization header
Add more routes to the server beyond /api/signin
that check for the
Authorization
header and either allow or prevent users from accessing
additional information.