Read these instructions carefully. Understand exactly what is expected before starting this Sprint Challenge.

This challenge allows you to practice the concepts and techniques learned over the past sprint and apply them in a concrete project. This sprint explored Authentication and Testing. During this sprint, you studied authentication, JSON web tokens, unit testing, and backend testing. In your challenge this week, you will demonstrate your mastery of these skills by creating a dad jokes app.

This is an individual assessment. All work must be your own. All projects will be submitted to Codegrade for automated review. You will also be given feedback by code reviewers on Monday following the challenge submission. For more information on the review process click here.

You are not allowed to collaborate during the sprint challenge.

• Run npm install to install your dependencies.
• Build your database executing npm run migrate.
• Run tests locally executing npm test.

Dad jokes are all the rage these days! In this challenge, you will build a real wise-guy application.

Users must be able to call the [POST] /api/auth/register endpoint to create a new account, and the [POST] /api/auth/login endpoint to get a token.

We also need to make sure nobody without the token can call [GET] /api/jokes and gain access to our dad jokes.

We will hash the user's password using bcryptjs, and use JSON Web Tokens and the jsonwebtoken library.

Your finished project must include all of the following requirements (further instructions are found inside each file):

• An authentication workflow with functionality for account creation and login, implemented inside api/auth/auth-router.js.
• Middleware used to restrict access to resources from non-authenticated requests, implemented inside api/middleware/restricted.js.
• A minimum of 2 tests per API endpoint, written inside api/server.test.js.

IMPORTANT Notes:

• Do not exceed 2^8 rounds of hashing with bcryptjs.
• If you use environment variables make sure to provide fallbacks in the code (e.g. process.env.SECRET || "shh").
• You are welcome to create additional files but do not move or rename existing files or folders.
• Do not alter your package.json file except to install extra libraries. Do not update existing packages.
• The database already has the users table, but if you run into issues, the migration is available.
• In your solution, it is essential that you follow best practices and produce clean and professional results.
• Schedule time to review, refine, and assess your work and perform basic professional polishing.

• Submit via Codegrade by pushing commits to your main branch on Github.
• Check Codegrade before the deadline to compare its results against your local tests.
• Check Codegrade on the days following the Sprint Challenge for reviewer feedback.
• New commits will be evaluated by Codegrade if pushed before the sprint challenge deadline.

Be prepared to demonstrate your understanding of this week's concepts by answering questions on the following topics.

1. Differences between using sessions or JSON Web Tokens for authentication. the main differnece between session based and web token based authentication is that session stored most of its details in the server but web tokens store the data on the client-side. The concept of sessions is that the id is being shared from server to client threw a cookie and all the data is stored in the server. the concept of web tokens is that you only need a certain token to be passed to the server that is verified threw a signature.

2. What does bcryptjs do to help us store passwords in a secure manner? bcrypt helps us store password in a secure manner because it has a built in function that hashed the password into a certain long random string and also add a salt that is random on every password. This make it more secure because attacker needs to have the hash, know the algorithm used, and how many rounds were used to generate the hash.

3. How are unit tests different from integration and end-to-end testing? unit tests are test on small specific peices of code that only does on thing. then since its small tasks these tests are efficient and fast.

4. How does Test Driven Development change the way we write applications and tests?

Test driven development changes the way we right code because it makes us right tests before the actual code. Wrighting test before righting the code will then make our code more high quality and plus well be able to find error and bugs alot easier and faster.