Giter Site home page Giter Site logo

boilerplate-local-jwt-auth's Introduction

React/Redux client consuming an Express server with Passport local auth using JWTs

This demonstrates a fairly minimal username/password auth scenario that makes use of libsodium/Argon2i password hashing. There's also a tiny API to show how JWTs might be used to secure it.

Setup

npm i
mv .env.example .env
npm start
  • A postinstall script will run a knex migration that creates a users table.
  • Go to http://localhost:3000 to see the site.

Deploying to Heroku

The database migration doesn't run automatically in postinstall on production builds, so you'll need to invoke it manually. Always a good idea to make sure you don't accidentally nuke your production database!

heroku login
heroku create
heroku addons:create heroku-postgresql:hobby-dev
heroku run npm run migrate:prod

More information

The session and JWT secrets are loaded from environment variables.

Password hashing modules often have a native component: they're written in lower-level languages like C or C++ with a JavaScript wrapper. This means they can be trickier to install on some platforms. There are some instructions for how to obtain the necessary tools to build native modules here. If you're using a Mac, be sure you have XCode and Homebrew installed and run brew install libtool autoconf automake.

To use the API, you'll first need to register a user with the web form. Then hit the https://localhost:3000/api/v1/authenticate endpoint with a POST request containing something like:

{ 
  "username": "foo",
  "password": "bar"
}

The server should respond with a token. You can use this token in subsequent requests. You'll need to send an Authorization header:

curl -k -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6OCwidXNlcm5hbWUiOiJub2RleSIsImlhdCI6MTQ4NTM5NDc3MCwiZXhwIjoxNDg1NDgxMTcwfQ.EVo65RYtRlA9HTOiIqaG_aDfSE7xMedbr7JMeDlt5kE" \
  https://localhost:3000/api/v1/quote

Notice the space between Bearer and the token. Compare the response to requests with the token and without it.

Things to think about

This demo omits plenty of things that a production system would have to care about. For example, how could we better validate the registration form? Right now a user can be created with username ' ' and password ' ': hardly ideal!

Also, because the credentials are passed to the server in clear text, this should ONLY happen over SSL/HTTPS in production.

boilerplate-local-jwt-auth's People

Contributors

jae-huh avatar tony-luisi avatar richchurcher avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.