DEV Community: Akanksha Agrawal

Aws S3 Bucket Deployment

Akanksha Agrawal — Wed, 10 Jul 2024 13:31:14 +0000

*Steps: *

Create Angular App ---- ng new angular-app-new
Build Angular app for production----> ng build --prod
Then dist. folder has been created. Inside we have all the
files that we deploy.
Sign in to the AWS management console
Create s3 bucket

S3 service-> create bucket name-> bucket name-angularnew12-app-> uncheck block all public
access.-> other will be default-> hit create button.

Upload Angular build files to an S3 bucket
Click on that particular bucket:
Add files -> dist. folder-> select all -> open-> successfully uploaded.
Deploy on AWS S3 service
go to properties-> static website hosting -> enable-> then we have index document ->
index.html -> save changes

or you can add a bucket policy :
{
"Version": "2022-06-22",
"Statement": [
{
"Effect": "Allow",
"Principal": "",
"Action": [
"s3:GetObject"
],
"Resource": "arn:aws:s3:::angularnew12-app/"
}
]
}
go to objects-> select all files -> actions -> make it public.

The project is deployed on AWS s3.

Authentication and Authorization in Node.js

Akanksha Agrawal — Sun, 07 Jul 2024 08:43:41 +0000

The authentication process confirms a user's identity using credentials by validating who they claim to be. Authentication assures an application's security by
guaranteeing that only those with valid credentials can access the system. Authentication is the responsibility of an application's backend.
Three popular authentication methods in Node.js include:

Session-based
Token-based
Passwordless

Let's explain a little bit about each of these methods and compare them.

Session-based
Session-based authentication is the oldest form of authentication technology. Typically, the flow of a session is as follows:

The user uses their credentials to log in.
The login credentials are verified against the credentials in a database. The database is responsible for storing which resources can be accessed based on the session ID.
The server creates a session with a session ID that is a unique encrypted string. The session ID is stored in the database.
The session ID is also stored in the browser as a cookie.
When the user logs out or a specified amount of time has passed, the session ID is destroyed on both the browser and the database.

Token-based
Token-based security entails two parts: authentication and authorization. Authentication is the process of providing credentials and obtaining a token that proves the user's credentials.

Authorization refers to the process of using that token so the resource server knows which resources the user should have access to.

Token-based Authentication
Token-based authentication uses access tokens to validate users. An access token is a small piece of code that contains information about the user, their permissions,
groups, and expirations that get passed from a server to the client. An ID token is an artifact that proves that the user has been authenticated.

The token contains three parts, the header, the payload, and the signature.

The header contains information about the type of token and the algorithm used to create it.

The payload contains user attributes, called claims, such as permissions, groups, and expirations.

The signature verifies the token's integrity, meaning that the token hasn’t changed during transit. A JSON web token, pronounced "jot" but spelled JWT, is an internet standard for creating encrypted payload data in JSON format.
A user's browser makes a call to an authentication server and gets access to a web application. The authentication server then passes back an ID token which is stored
by the client as an encrypted cookie. The ID token is then passed to the app on the web server as proof that the user has been authenticated.

Token-based Authorization
This flowchart shows the workflow of a token through the authorization process.
The authorization process gets executed when the web application wants to access a resource, for example, an API that is protected from unauthorized access. The
user authenticates against the Authorization server. The Authorization server creates an access token (note that the ID token and access token are two separate
objects) and sends the access token back to the client, where the access token is stored. Then when the user makes requests or resources, the token is passed to the resource, also called an API server.

The token gets passed with every HTTP request. The token contains embedded information about the user's permissions without
the need to access those permissions from the authorization server. Even if the token is stolen, the hacker doesn't have access to the user's credentials because the token is encrypted.

Passwordless

With passwordless authentication, the user does not need login credentials, but rather, they gain access to the system by demonstrating they possess a factor that
proves their identity. Common factors include biometrics such as a fingerprint, a "magic link" sent to their email address, or a one-time passcode sent to a mobile
device. Password recovery systems now commonly use passwordless authentication.

Passwordless authentication is achieved using Public Key and Private Key Encryption.

In this method, when a user registers for the app, the user's device generates a private key/public key pair that utilizes a factor that proves their identity, as noted above.

The public key is used to encrypt messages, and the private key is used to decrypt them. The private key is stored on the user's device, and the public key is stored
with the application and registered with a registration service.
Anyone may access the public key, but the private key is only known to the client. When the user signs into the application, the application generates a login challenge, such as requesting biometrics, sending a "magic link", or sending a special code via SMS, encrypting it with the public key.

The private key allows the
message to be decrypted. The app then verifies the sign-in challenge and accepts the response to authorize the user.

In this reading, you learned that:

Authentication is the process of confirming a user's identity using credentials by validating who they claim to be.
Session-based authentication uses credentials to create a session ID stored in a database and the client's browser. When the user logs out, the session ID is destroyed.

Token-based authentication uses access tokens, often JWTs, that get passed between server and client with the data that is passed between the two.

Passwordless authentication uses public/private key pairs to encrypt and decrypt data passed between client and server without the need for a password.

Introduction to Middleware & Routers

Akanksha Agrawal — Sun, 07 Jul 2024 08:01:18 +0000

In this article, we will discuss the terms middleware and routes.

Middleware is software that sits between applications, databases, or services and allows those different technologies to communicate. It creates seamless interactions for the end user in a distributed system.

Express is a messaging framework used to handle routes and write middleware. The front end of an application uses Express to facilitate communication between components on the back end without the front-end and back-end services needing to use the same language. The front end communicates with the middleware, not directly with the back end.

Messaging frameworks like Express commonly contain JSON, REST APIs, and web services. Older messaging frameworks may contain extensible markup language (XML) and simple object access protocols (SOAP) instead of JSON and REST APIs, respectively. The messaging framework provides a standardized way to handle data transfer among different applications.

A web server is an example of middleware that connects a website to a database. The web server handles the business logic and routes the data from the database based on the request. A route is the part of the code that associates an HTTP request, such as GET, POST, or DELETE, with a URL and the function that gets called that handles that URL. Routing is used in web development to split an application’s user interface based on rules identified by the browser’s URL.

Router functions are called “middleware” collectively. Middleware is responsible for responding to an HTTP request or calling another function in the middleware chain. Express handles router functions through the Router class, such as Router.get(). As the name suggests, Router.get() handles HTTP GET requests. Other Router functions include Router.post(), Router.put(), Router.delete() in mostly the same way. These methods take two arguments, a URL path and a callback function.

In addition to routing, middleware is also responsible for providing secure connections among services by encrypting and decrypting data, managing application loads by distributing traffic to different servers, and sorting or filtering data before the data is returned to the client.

AWS React App Deployment steps:-

Akanksha Agrawal — Sat, 13 Feb 2021 08:44:55 +0000