Skip to content

Milestone # 2: Upgrade authentication && api lessons #28807

New issue
New issue
Open
Open
Milestone # 2: Upgrade authentication && api lessons#28807
Labels
Project Node RevampIssues/PRs related to the Node Revamp projectStatus: StaleThis issue/PR has been inactive for over 30 days and will be closed if inactivity continues
Milestone
Node Revamp: Milestone # 2
@01zulfi

Description

@01zulfi
01zulfi
opened on Sep 18, 2024

READ THIS: this is an informal outline for Milestone # 2. this is a living issue i.e. I'll keep editing over. this is not indicative of what the final version of the lessons might cover or where its placed in the course. please refer to the lesson issue for specific details.

GOAL: upgrade auth & api lessons

introduction to auth lesson

  • why webapps need auth
  • what is auth vs authorization
  • auth schemes we'll cover in the curriculum

session based auth lesson

  • implement session based auth from scratch, we can discuss how much hand holding we want the lesson to be. EDIT: we won't be too much handhold-y here and trust our learners to figure it out. the lesson will cover high level concepts of session auth with a few code snippets thrown in
  • dive into persisting sessions in the database
  • explore cookies and its options i.e. 'secure' 'http-only'. most likely will be a separate lesson
  • password hashing. preferably a separate lesson, it could be after members-only project, needs discussion

members only project

now learners get to cover members-only project, but its requirements will be revised. It will just be a mini message board project with auth. No rbac i.e. admin. Primary objective of this project will be for learners to implement session auth

private events project

here we ask learners to implement rbac where a user can be "site admin", "event creator", "event attendee", "event speaker". we could instruct to implement separate logins

now they continue learning Prisma and file uploader project

restful apis lesson

  • restful apis and how to write them guide, covers stuff like http methods, url conventions

[insert new project here]

add a small project here for learners to practice restful apis

json web tokens lesson

  • implement jwts from scratch, again it can be discussed how hand holdeyy we want to be
  • handle cors: preferably a separate lesson

[insert new project here]

we could add another small project here for learners to run jwt before diving into refresh tokens

Refresh tokens lesson

  • imo we need to cover refresh tokens in the curriculum

blog api project

now learners proceed to the blog api project

sessions vs jwts lesson

  • could be a fun lesson, can be discussed

helpful libraries for auth lesson

  • here we can cover Passport.js, Lucia or whatever we like

Metadata

Metadata

Assignees

No one assigned

    Labels

    Project Node RevampIssues/PRs related to the Node Revamp projectStatus: StaleThis issue/PR has been inactive for over 30 days and will be closed if inactivity continues

    Type

    No type

    Projects

    Node Revamp

    Status

    In Progress

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions