Skip to content

MongoDb, Express, React, Node (MERN Stack) with TypeScript (JavaScript) && Passport; OAuth 2.0 (Local Strategy included), Server-Side Authentication, Authorization and more...

Notifications You must be signed in to change notification settings

ratta2ii/mern-stack-authorization

Repository files navigation

MERN Stack Authentication

Landing Page

 Screenshot of Project

Dashboard

 Screenshot of Project

Login

 Screenshot of Project

Description:

The purpose of this application is to demonstrate a working knowledge of various Auth Services, and the different security levels for each implementation. The application includes Salting and Hashing, Cookies and Sessions, as well as OAuth services.

A Google OAuth strategy offers users a way to be authenticated, and then authorized, to access the backend API using OAuth 2.0 protocols; This strategy is considered the most secure for this application (Security level 6). I have also added a "local" strategy as well, that allows a user to register a new account with a username and password -instead of using the more secure OAuth services. The password will be hashed, with salt (Security level 4), and then stored in a MongoDB database.

In addition to the Auth services, the application also demonstrates a working knowledge on how to both build, and deploy, a full-stack MERN application to a production environment.

Project Details:

  • MongoDB, Express, React, Node.js (MERN Stack), w/ Passport.js middleware
  • Database hosted on AWS S3 through MongoDB Atlas (DBaaS)
  • Both the Express API and the React client are hosted side-by-side on Heroku (PaaS)
  • The Express application is serving the React build/ folder as a static file
  • All authentication is done server-side using passport.js to authenticate users
  • The Mongoose Schema, and code logic, is configured in a way to allow all sign-in methods (OAuth and Local) to persist while always returning the same user object. (In order to demo multiple log-in strategies in this project.)

Security

Register Users (TEXT)

(Security: Level 1)

Database Encryption

(Security: Level 2)
-npm install mongoose-encryption

Hashing Passwords

(Security: Level 3)
- npm install md5

Hashing and Salting

(Security: Level 4)
- npm install bycrypt

Cookies and Sessions

(Security: Level 5)
- npm install passport
- npm install passport-local
- npm install passport-local-mongoose
- npm install express-session (NOT sessions)

OAuth 2.0

(Security: Level 6)
(Example: Google, Facebook, GitHub, etc.)

An "Auth Code" can be likened to an admit one ticket, whereas an "Access Token" can be likened to a year pass.

About

MongoDb, Express, React, Node (MERN Stack) with TypeScript (JavaScript) && Passport; OAuth 2.0 (Local Strategy included), Server-Side Authentication, Authorization and more...

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published