DEV Community: SIYUM

Authentication and Authorization with NodeJS Nethsara Siyum

SIYUM — Wed, 13 Sep 2023 09:10:29 +0000

Hey guyss!!

In this tutorial I am going to show you the Authentication and Authorization, how to use it and what is the different between that two.

Authentication

Authentication is the process of verifying the identity of a user, system, or entity trying to access a resource or perform an action. It ensures that the claimed identity is legitimate and not forged.

Authorization

These two are little bit same so we are mostly confusing with the two words, While we are verifying the identity using Authentication we are using Authorization to determine who will have the access to the Service.

For example we can have role based system, where the regular user cant edit or delete the product while Admin can. Both of them must be verify identity using the Authentication

Hope that make sense.

In here on I am showing you a example project that we can used to Authentication and Authorization using NodeJS.

Lets make our environment first. I hope to use NodeJS + MongoDB for this.

We will run our NodeJS Application with Express and use the MongoDB as our Database.

.env File

PORT = 8000 MONGO_URI = YOUR URI TO MONGODB

We need these dependencies

bcrypt, dotenv, express, mongoose, morgan

So our package.json will look like this

{ "name": "authentication-and-authorization", "version": "1.0.0", "description": "", "main": "index.js", "scripts": { "dev": "nodemon index.js" }, "keywords": [], "type": "module", "author": "SIYUM", "license": "ISC", "dependencies": { "bcrypt": "^5.1.1", "dotenv": "^16.3.1", "express": "^4.18.2", "mongoose": "^7.5.1", "morgan": "^1.10.0" } }

Lets move to the index.js

`import express, { json } from "express";
import morgan from "morgan";
import { config } from "dotenv";
import mongoose from "mongoose";
import authRouter from "./api/auth.js";

config();

const PORT = process.env.PORT || 3000;

const app = express();

app.use(json());
app.use(morgan("dev"));

app.use("/api/v1/auth", authRouter);

mongoose
.connect(process.env.MONGO_URI)
.then(() => app.listen(PORT))
.then(() => {
() => {
console.log(Server is running on port ${PORT});
};
})
.catch((err) => {
console.error(err);
});`

What I did here is I created our server on the Port I mentioned in the env file or 3000. Then I imported my route “./api/auth.js” for routing. In there Implemented the routing for the users authentication
Lets begin the Authentication

Here is auth.js I created the registration route.

`import { Router } from "express";
import { register } from "../controller/userController.js";

const authRouter = Router();

authRouter.route("/").post(register);
export default authRouter;`

Whenever We got api/v1/auth POST request our registration will be fired

Here is the Register Logic

`import User from "../models/User.js";
import bcrypt from "bcrypt";

export const register = async (req, res) => {
const salt = await bcrypt.genSalt(10);
const hasPassword = await bcrypt.hash(req.body.password, salt);

const user = new User({ ...req.body, password: hasPassword });
try {
await user.save();
res.send(user);
} catch (err) {
res.status(500).send(err);
}
};`

We are creating a Model name User.js.

`import mongoose from "mongoose";

import { Schema } from "mongoose";

const userSchema = new Schema(
{
email: {
type: String,
required: true,
},
password: {
type: String,
required: true,
},
status: {
type: Number,
unique: true,
default: 1,
},
},
{ timestamps: true }
);

const User = mongoose.model("User", userSchema);

export default User;`

Lets go basic here, whenever we want to create a user from the request, we are reading his body and adding the database relevant values, such as Email and Password. We are using bcrypt to encrypt the password before it stored in the DB. This way we are making our passwords safe to store. After saving our first user it will look like this.

Now moving to login logic.

We are saving the data in the DB, but how can we access it. Lets see.

I am hoping to do like this, Whenever we get hit to /api/v1/login we will decrypt our password and verify whether this is the legitimate user. Lets gooo.

We need to install additional dependency called jsonwebtoken, and we need to add additional attribute to our .env file.

TOKEN_SECRET = ILOVEMEDIUM

This can be any word, you can customize it, here is the login logic

`export const login = async (req, res) => {
try {
const user = await User.findOne({ email: req.body.email });
if (user) {
const validPass = await bcrypt.compare(req.body.password, user.password);
if (!validPass)
return res.status(400).send("Mobile/Email or Password is wrong");

  const token = jwt.sign(
    { id: user._id, user_type_id: user.status },
    process.env.TOKEN_SECRET
  );
  res.header("auth-token", token).send({ token: token });
}

} catch (err) {
if (err instanceof NotFoundError) {
res.status(401).send(Mobile/Email or Password is wrong);
} else {
res.status(500).send("Error retrieving User");
}
}
};`

After we send correct password you will get return like this

So my friends that is how you are doing the authentication and authorization. Also we can see it injected our auth-token to header

Authorization

We often used interchangeably, authentication and authorization, but those words represent fundamentally different functions.

In simple terms, authentication is the process of verifying who a user is, while authorization is the process of verifying what they have access to.

We will use middle ware to check whether userLoggedIn or isUserAdmin.

I created authMiddleware.js and add the code below.

`import { TOKEN_SECRET } from "../config/config";
import { verify } from "jsonwebtoken";

export function loggedIn(req, res, next) {
let token = req.header("Authorization");
if (!token) return res.status(401).send("Access Denied");

try {
if (token.startsWith("Bearer ")) {
token = token.slice(7, token.length).trimLeft();
}
const verified = verify(token, TOKEN_SECRET);
if (verified.user_type_id === 2) {
let req_url = req.baseUrl + req.route.path;
if (
req_url.includes("users/:id") &&
parseInt(req.params.id) !== verified.id
) {
return res.status(401).send("Unauthorized!");
}
}
req.user = verified;
next();
} catch (err) {
res.status(400).send("Invalid Token");
}
}

export async function adminOnly(req, res, next) {
if (req.user.user_type_id === 2) {
return res.status(401).send("Access Denied");
}
next();
}`

And you should add the flag to the route , index.js

app.use("/api/v1/user", loggedIn, userRouter);

Folder Structure

Thats how we are doing Authentication and Authorization in the NodeJS App. Hope you like this tutorial.

Final Code : https://github.com/Nethsara/node-authentication---authorization

Thanks for reading.

JS - FAQ

SIYUM — Mon, 26 Jun 2023 12:17:06 +0000

What is javascript.?

JavaScript is scripting language that is usually using to dynamically updating the content.

Explain about the history of JavaScript.

LiveScript(Mocha) is created by Brendan Eich in 10 days, which is later renamed to JavaScript.

Whatis ECMA Script.?

ECMA specification is defining the syntax to how it should work, ensuring consistnce of the script

What are the methods of creating valid identifiers in JS.?

Valid Methods
var firstName; var _privateVariable; var $element; var counter; var camelCaseVariable;

Invalid methods
var 123abc; // Cannot start with a digit var my-variable; // Hyphens are not allowed var if; // Reserved word as an identifier var first name; // Spaces are not allowed

How JS Works

What is bigint.?

The numbers greater than 2^53 - 1

What is the difference between null and undefined?

Undefined mean variable declared, but value is not assigned. Null mean there is no value in it(Empty value).

What is a DOM.? Explain.

Document Object Modal. Programming interface for web document. We can use the JS to manupulate this.

Difference of the For In and For Of

{ a : 1, b : 2 }

For in will return the attributes - {a, b}
For of will return the actual values - {1, 2}

What are literals.? and what is a literal base object.?

What are the two types of functions in JS. Explain with examples.

Named functions - function name(){}
Unnamed(Anonymous) functions - ()=>{}

What is a event object

Event is object that is keep track of the events that is happening in the web page, it contains target...etc.For each event JS is creating E object which is can be passed to a handler function

What is jQuery.?

jQuery is a third party library that make an abstraction layer on the js. It makes write common js function easier. Fast and simple

What are the benefits of using jQuery?

Simplified DOM Manipulation, Increased productivity, Documentation and Community Support

What are the traversing methods that you have used in jQuery and when do we need them.?

.find(): This method selects all descendant elements that match a specified selector.
.parent(): This method selects the direct parent element of the selected element(s).
.children(): This method selects all direct child elements of the selected element(s).
.siblings(): This method selects all sibling elements of the selected element(s).
.prev(): This method selects the immediately preceding sibling of the selected element(s).
.next(): This method selects the immediately following sibling of the selected element(s).
.closest(): This method selects the closest ancestor element that matches a specified selector.

Why JS is introduced to have first class functions.?

In JavaScript, functions are first-class objects, because they can have properties and methods just like any other object. What distinguishes them from other objects is that functions can be called. In brief, they are Function objects.

HTML FAQ

SIYUM — Mon, 26 Jun 2023 08:21:22 +0000

Here is some most common FAQ in the HTML

What is HTML.?

HTML stands for Hyper Text Markup, Which is commonly used in web pages. It usually provides a strucutre for the web page

Describe the meaning of the word Hyper.

"hyper" refers to the ability to go beyond linear text and navigate to different sections or related content within a document or across different documents.

Give a brief introduction about HTML history.

In 1980 HTML was introduced, now its version in 5 which is introduced in 2008.

What is an IP address.?

IP - Internet Protocol is used to indentify the devices uniquely acoross a same network

Why was IPV 6 introduced.?

It was introduced due to limitations with the IPV4. This gives us access to more devices.

Explain the process of a web server and why do we need it.?

Usually web server provides us some specific functionality

What is a web browser.?

We are using Web Browsers to access a web site that is in the internet

How HTTP works and what does it really do.?

HTTP is also known as Hyper Text Transfer Protocol, which acts a request response server that mainly communicate through TCP in Hyper Text Mode

Describe the anatomy of a HTML element.

Text (Content)

(Closing Tag)

What are meta tags and why do we want meta tags in HTML.?

We are using meta tags for special occasions such as defining meta data that will use by third parties. This helpful when SEO, Sharing links ..etc

What is a domain name.?

Domain name is a human readable name that represents a web site

What is DNS.?

DNS is a decentralised naming system that translate domain name to a IP address

What is a URL.? What parts does it contain.?

URL - Uniform Resource Locator is a location string we are used to refer a remote resource.

Here's an example URL: https://www.example.com:8080/path/page.html?param1=value1&param2=value2#section1

In this example:

Scheme: "https://"
Host: "www.example.com"
Port: "8080"
Path: "/path/page.html"
Query: "?param1=value1&param2=value2"
Fragment: "#section1"

What are HTML attributes.?

We are using HTML attributes more to define a tag.

What is the usage of HTML <!DOCTYPE html> preamble?

The <!DOCTYPE html> declaration, also known as the HTML5 doctype, is used as a preamble at the beginning of an HTML document to specify the version of HTML being used. It informs the web browser about the HTML standard to which the document adheres.

Java Script - Part I

SIYUM — Fri, 19 May 2023 17:45:51 +0000

Java Script, Java Script, Java Script everywhere, If you see here it is JS, If you see there will be JS. So what is really JS? In this article we are going to deep dive into what is JS. This is the part 1 of my JS series.

What is JS.

JavaScript is a scripting or programming language that allows you to implement complex features on web pages — every time a web page does more than just sit there and display static information for you to look at — displaying timely content updates, interactive maps, animated 2D/3D graphics, scrolling video jukeboxes, etc. — you can bet that JavaScript is probably involved. -MDN

In the MDN, they are mentioning that JS is a scripting language, which is programming language that employs a high-level construct to interpret and execute one command at a time. We are mostly using JS for our day to day life, even now you are using JS. JS is used to update the content of the we dynamically.

History of JS

JavaScript was invented by Brendan Eich in 1995.

It was developed for Netscape 2, and became the ECMA-262 standard in 1997.

After Netscape handed JavaScript over to ECMA, the Mozilla foundation continued to develop JavaScript for the Firefox browser. Mozilla's latest version was 1.8.5. (Identical to ES5).

Internet Explorer (IE4) was the first browser to support ECMA-262 Edition 1 (ES1).

History in brief

Fun fact - JS is developed in 10 days 😅

How JS is working

Step 1 - Parser

In this step we are checking line by line for the syntax errors. It throws a kind of error and stops execution of the code

Step 2 - AST

Once Parser is completed it's task, it will create a data structure called AST. (it stands for Abstract Syntax Tree)

Step 3 - Converting to Machine Code

Once the Abstract Syntax Tree is created by the parser, the JavaScript engine converts the JavaScript code into the machine code (or in the language that machine can understand).

Step 4 - Machine code

When the program written in the JavaScript gets converted in the machine language (or in byte code), the converted code is sent to the system for execution, and finally, that byte code run by the system/engine just like we observe in our first example.

That's end of the today's article. Let's meet next week.

Software Engineering - FAQ

SIYUM — Thu, 20 Apr 2023 08:06:48 +0000

What is Software Engineering?

Engineering discipline that concerned with every stage of software development and maintenance

What is a Software

A set of instructions to perform a specific task

Software Developer

A highly skilled profession with coding skills

Software Engineer

A highly skilled profession with coding skill mathematical skills

Software Engineering Activities

Specification
Development
Validation
Evolution

Types of software products

Generic
Bespoke

Software Engineering Diversity

Entertainment System
Transactional System
Simulations
Embedded Control System
Data collection system

Software Engineering team roles

FE/BE Engineer
QA Engineer
Tester
Tech Lead

Software Engineering Ethics

Confidentiality
Competency
Intellectual Property rights
Computer Misuse
Computer Science VS Software Engineering
Computer science is focusing on Theories and fundamentals.
SE is focusing on Practicalities

SDLC

SDLC is the process of Planning to implementation and operation.
It consists of documentation

Planning Feasibility Study Areas
- Technical
- Operational
- Legal
- Schedule
- Economical

2.Gathering requirements

3.Design and Prototype

Architecture
UI
Programming
Platform
Communication
Security

4.Developing
5.Testing
6.Deployment
7.Maintainance and Operation

Uses of SDLC

Assure the quality of the product
Easy for developers to develop

Attributes of a Good Software

Maintainability
Efficiency
Acceptability
Dependability
Security

Types of requirements

Functional - It is required for the system’s function(They are must for operation)
FaceBook
- User login for the system(Authentication)
- Adding posts
- Commenting
- Liking the post
Non Functional - It is not required directly, but it is required circulatory.
- Allow users to use either mouse or keyboard
- Allow user to change focus
- Providing feedback

User requirements and System requirements

User Requirements - The requirements that users need, in natural language
- Functional : Account create, Account Login
- Non Functional : Dark Mode, Loading speed, Ads, Animation
System Requirements - The requirements that need for the system’s function
- Functional : Login data secure, Should be able to register a customer
- Non Functional : Ability to change the mode

Software Process Model

Set of related activities to the software development
- V Model
- Waterfall
- Spiral
- Prototype
- Iteractive
- Incremental

Process Maturity Approach

Agile Approach : Focus on iterative development and reduction of overhead
Process Maturity Approach : Focused on improving process and project management

Hibernate Part 1

SIYUM — Thu, 20 Apr 2023 07:41:12 +0000

From the today's post we are going to talk about the ORM and Hibernate.

What is ORM?

ORM is Standing for Object Relational Mapping. We are using this to reduce the gap between the Relational Databases and Objects we are creating on the Object Oriented Programming language.

What is JPA

JPA Commonly known as Java Persistence API which is Java Specification for ORM Frameworks. It provide high level API for managing relational data, simplifying the task of persisting Java Objects to Database.

What is Hibernate

Hibernate is ORM mapping tool for Java Language. It provides a framework for mapping an Object Oriented Domain model to relational database.

What is the difference between JPA and Hibernate?

JPA is responsible in managing relational databases in Java Applications, while Hibernate is an ORM tool used for saving the state of the Java Object in the database

What is RDBMS?

A program which is used to Create, Update and manage relational databases. Most well known RDBMSs are MySQL, MariaDB, PostgreSQL ...etc

What is the difference between RDBMS and Hibernate?

RDBMS is a software that is used to manage relational databases, while Hibernate is an ORM framework that provides layer of abstraction on top of RDBMS. Hibernate is managing data persistence and mapping between Java objects and relational databases. Hibernate is using RDBMS as its underlying data stores, but it provides additional features to make work with databases more conveniently.

What are the advantages and disadvantages of Hibernate?

Advantages

Database independent - We can use any database.
Open source
Better than JDBC
It allows inheritance and polymorphism
Have caching mechanism
Developer friendly

Disadvantages

Hard to debug
Have to study lots of API
Slower than JDBC
Not suitable for Small projects

This is the end of part one on the Hibernate Series. Let's continue others FAQ on the other posts

Introducing CodeBoost: The AI-Powered Code Completion Extension for Visual Studio Code

SIYUM — Mon, 30 Jan 2023 08:43:37 +0000

Join waitlist : https://sago.lk/

AutoCode AI, now known as CodeBoost, is a cutting-edge code completion extension for Visual Studio Code that uses artificial intelligence to help developers write code faster and more accurately. With its AI-powered predictions, developers can write code much faster than they would with traditional code completion tools.

One of the key benefits of CodeBoost is its ability to learn from a developer's coding style and preferences. The more a developer uses the extension, the more accurate its predictions become, leading to even greater efficiency gains. This makes CodeBoost an ideal tool for developers who want to save time and increase their productivity.

CodeBoost also offers improved accuracy compared to traditional code completion tools. Its advanced AI algorithms ensure that the suggestions it generates are accurate and relevant to the code a developer is writing. This reduces the risk of coding errors and helps developers avoid common mistakes that can cause problems later in the development process.

In addition to its speed and accuracy, CodeBoost is also highly customizable. Developers can configure the extension to work with their preferred programming language and set their own preferences for how the AI should generate suggestions. This allows developers to get the most out of the tool and ensures that it integrates smoothly into their development process.

The user interface of CodeBoost is intuitive and user-friendly, making it easy for developers to access the suggestions generated by the AI and insert the right code snippets into their projects with just a few clicks. This means that developers can take advantage of CodeBoost's features without sacrificing the efficiency they've come to expect from traditional code completion tools.

In conclusion, CodeBoost is an excellent tool for developers who want to boost their productivity and increase their coding efficiency. With its lightning-fast code suggestions, improved accuracy, and customizable options, it's the perfect tool for developers who want to stay ahead of the curve. Whether you're a seasoned programmer or just starting out, CodeBoost is the perfect tool to help you write better code, faster.

CodeBoost - Code Completion Tool (VS Code Extension)

SIYUM — Sat, 28 Jan 2023 17:50:39 +0000

What would it look like if we use the power of the AI to create a extension that auto complete your code based on the current code?

Exactly like GitHub CoPilot.

The extension offers inline completion items, which means that as soon as you type a specific trigger phrase or hit a specific key, a list of code snippets will appear for you to select from. This makes it easy to find the code you need without having to manually type it out or search through your files.

Overall, this extension is a powerful tool that can help developers save time and increase their efficiency. Whether you’re a beginner or an experienced coder, this extension is a valuable addition to your development toolkit. So, if you want to boost your productivity, try this extension today!

This extension will soon publish and will available for public for free.

Bear with us.

Affiliate Tracking System for Networks — Part 2

SIYUM — Tue, 17 Jan 2023 10:05:18 +0000

Quick changes on the plan, In the beginning I found that creative-tim's softUI is eyecatching, but now I want to continue with another theme called Sneat. This is also a powerful theme with good amount of components, and it also free. So I am going to use this for the project.

I started by creating the dashboard. For now I already created the Admin and Publisher dashboard.

Take a look 😁

Admin Dash:

This is basic look, I will add more components when I am going further.

Publisher Dash:

Thats it for today, Thanks for your time on reading this.
If you have any comments let me know, that is so much for me.

Affiliate Tracking System for Networks — Part 1

SIYUM — Mon, 16 Jan 2023 16:25:14 +0000

Today I started to building the backend. As technologies I will use NodeJS. I will use the express server and MongoDB as database.

My first function is like this, after affiliate click the link that is generated on the dashboard, should redirect him to relevant offer. Meantime the data also should stored on the database. For example the User agent, OS, Browser …etc must be stored on the database. This will later used to the generate the reports. And when we redirecting the user to the relevant offer, we should be cared the targeting too. If the user has to live on the specific country in order to access the offer.

This is the core concept of the Click. I started creating the Data models. The clicks contains following attributes.

Here is my Click Model:

After basic implementation I might add the other data like SubID1, SubID2 also for that. In the app, I created route like this

/click?a={affiliateID}&o={offerID}. Whenever user clicks on the link if will redirecting to the offer, after registering the relevant data.

And the code will go on. Thats how I determined the relevent data. And for the click ID I used uuid. This must be a unique on as the postbacks are firing to this. Then it will check on the database for the clickID, then it will save a lead on the database. More on that later.

Thats update on the backend, for the front end I might use the bootstrap as I have only few knowledge on the React or any other. So I am comfortable with bootstrap. I will use the handlebars as the view engine.

And I choose a template, I found an eye catching one from creative tim. I really need that.

I really like that design and I am going to use that.

Thats all updates about the current project. I will update more on ASAP. If you have any suggestion please let me know. Thanks for your time on reading this.

I am building publicly

SIYUM — Thu, 12 Jan 2023 06:36:28 +0000

As an affiliate marketer, keeping track of your campaigns' performance can be a daunting task. CPA (cost per action) marketing, in particular, requires a precise and efficient tracking system to optimize efforts and maximize ROI. That's why I am excited to announce the development of a new tracking software for affiliate networks, specifically designed for CPA marketing.

This software will make it easy for businesses and marketers to track the performance of their CPA campaigns in real-time, providing them with the necessary insights to optimize their efforts and achieve their desired results. Whether you're a small business starting with affiliate marketing or an enterprise scaling your efforts, this software will cater to your needs and provide you with the features and functionalities you need to succeed.

One of the key features of this software is its ability to integrate with a wide range of platforms and tools. Whether you're using a popular affiliate network or a custom tracking solution, the software will work seamlessly with your existing setup. This will help you keep all your data in one place, making it easy to analyze and act on the insights you gain.

I am also committed to transparently documenting the progress of this software regularly. You will be able to see the progress of the development and the features that I am working on, which will help you understand what to expect and when to expect it.

Furthermore, I value the feedback of the community, and I will be updating them weekly about the progress of the software. Your feedback is important to me, and I encourage everyone to share their thoughts and ideas as I continue to develop and improve the software.

If you're looking for a powerful and easy-to-use tracking software for your affiliate network that can help you optimize your CPA campaigns and drive more sales, be sure to keep an eye out for my upcoming release. I look forward to helping you take your affiliate marketing efforts to the next level!

Back Story

I recently entered to programming, and I am so much interested in Affiliate Marketing and how it working, So I want to give a test to my newly gained skills, So I am challenging myself to create a app for Affiliate marking networks

Building In Public

This will not only keep me accountable, but will allow me to get feedback on the design and maybe even help for fellow makers.

I will post my weekly progress here, but I will share more frequent updates on my twitter @codercrux.

I will be building this with NodeJS BackEnd and HTML Frontend using Handlebars

Stay tuned!