N
Nuxtβ€’2y ago
Lean

New to web dev, need help with authentication system.

To start off, im not completely sure if this is even the right place, but i want to create an auth system for my website. Im using Nuxt and Vuetify for the front and express.js in the back. Ive already created a registration route for my backend which saves the data in a mysql database, the data is sent to the backend using axios. I also have a really primitive login route, that currently, gets the Name, Surname and password(for verification) from the database Now, my problem is that i have no idea how to do the login part. I suppose i have to generate somekind of a token that stores the user info, like name, surname and email in it but dont know how to do that + where to store it and how to use the auth module, or store, or both. The same goes for middleware, as i believe, i need to use that if i need to protect a frontend route.
14 Replies
Lean
LeanOPβ€’2y ago
Right now, i have copied the middleware example from the nuxt docs 
export default function ({ store, redirect }) {
    // If the user is not authenticated
    if (!store.state.authenticated) {
      return redirect('/login')
    }
  }
export default function ({ store, redirect }) {
    // If the user is not authenticated
    if (!store.state.authenticated) {
      return redirect('/login')
    }
  }
Hmm, looks like i can make it so my login route checks for the email existance in the database, if it does exist, return the data associated with it, in this case password, name and surname, we check the hash, and then just populate the store with the name and surname, as well as setting authenticated to true..? is that how its supposed to work ?
Lean
LeanOPβ€’2y ago
Well, looks like my getting user pass/data logic works
No description
Lean
LeanOPβ€’2y ago
And got it so it grabs the users name and surname from the database too So, getting data works. Now i just need to manage sessions i guess Using the store works too. Just learned that it doesnt persist after a page reload tho Well, im generating a jwt_token using the Name and Surname aswell as a state of auth, which in this case i guess will always be true, but now i have no idea what to do. I am returning the jwt_token to the frontend anyone ?
Unknown User
Unknown Userβ€’2y ago
Message Not Public
Sign In & Join Server To View
Lean
LeanOPβ€’2y ago
ye if only it would work I can set the cookie, and i made an endpoint on my backend which im using in my navbar components mounted section to validate it, but i still get logged out after a page reload Getting a 401 unauthorized error in the browsers console whenever i try to access the main page. It loads, but the error is there The same happens on my other page, but its using the same navbar component so thats to be expected
Lean
LeanOPβ€’2y ago
Well, the session id gets sent to the backend whenever the navbar loads , so now my question is why dont i stay logged in and why is it showing me my not authenticated message even if the sessionid should be valid for 24 hours
No description
No description
Lean
LeanOPβ€’2y ago
The session gets saved using req.session.save(), and the data is still accessible when were still at the login route, but it just dissapears when were at the login/validateSession route
No description
Lean
LeanOPβ€’2y ago
Yes i know sending it over body, or whatever its called is not safe. Safety at the moment isnt a concern, right now, all i need it to do is work.
Lean
LeanOPβ€’2y ago
This is a console log after the data has been grabbed from the database by the way, obviously while checking the email and password using bcrypt
No description
Unknown User
Unknown Userβ€’2y ago
Message Not Public
Sign In & Join Server To View
Lean
LeanOPβ€’2y ago
httpOnly is server side You cant, or shouldnt, set it in the frontend
Unknown User
Unknown Userβ€’2y ago
Message Not Public
Sign In & Join Server To View
Lean
LeanOPβ€’2y ago
Should be πŸ˜…
Unknown User
Unknown Userβ€’2y ago
Message Not Public
Sign In & Join Server To View
Want results from more Discord servers?
Add your server