Authentication (#22)

Browse source

* Authorization added

* added secret to password, md5 hashing, removed promise from verifyToken, deleted links when not authorized

* added dbinsert script

* turned verifyToken to middleware, added description for dbinsert, added hidden csrf field in auth form

* added middlewares, user model and controller

* JSDoc fix

* wrong password processing fix

* added comments to dbinsert script, moved salt and passHash to singe db doc

* Moved salt to .env, upgradedscript for generating password was, fixed comments and JSDoc

* Deleted using salt (now user is only one), changed verifying password to bcrypt.compare, added httpyOnly property to jwt cookie

...

This commit is contained in:

Timur Kazantaev 2019-03-06 13:22:57 +03:00 • committed by GitHub

parent 718be6d2f6

commit 58d3892d8f

No known key found for this signature in database

GPG key ID: 4AEE18F83AFDEB23

33 changed files with 1464 additions and 58 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Download patch file Download diff file Expand all files Collapse all files

1166

yarn.lock

View file

File diff suppressed because it is too large Load diff