I'm not a node user so I'm going to be generic. Let's start with a "shopping list" of what you might need:
a database to store the accounts
a library to connect to such database
a user table in the database, the minimum is probably "username", "password"
a library to hash those password
a web framework and HTML/CSS to render the registration and login pages
The registration flow is:
input username, password and password confirmation
check the two passwords, if they are equal hash one and store it in the db with the username, if they are not equal tell the user
redirect the user to a "success" page
The login flow is:
input username and password
hash the password and check it's the same one you have stored
if it is, let the user in, if not, tell them
redirect the user to a "success" page
This is the bare, bare, minimum.
Keep in mind that since there are no sessions in this scenario, the user will have to input their accounts everytime they decide to access the "protected" page.
30+ years of tech, retired from an identity intelligence company, now part-time with an insurance broker.
Dev community mod - mostly light gardening & weeding out spam :)
Probably not directly helpful for what looks like a learning exercise in "things you shouldn't do unless you have to", but in the real world I would always look to delegate this part of an application to something sane like auth0.com, or AzureAD, or Facebook, Google, Twitter... much like your favourite dev website :)
Have an assignment to build account-password system without npm auth package.Whats the best approach
I'm not a node user so I'm going to be generic. Let's start with a "shopping list" of what you might need:
The registration flow is:
The login flow is:
This is the bare, bare, minimum.
Keep in mind that since there are no sessions in this scenario, the user will have to input their accounts everytime they decide to access the "protected" page.
thank you very much for getting me started.
Probably not directly helpful for what looks like a learning exercise in "things you shouldn't do unless you have to", but in the real world I would always look to delegate this part of an application to something sane like auth0.com, or AzureAD, or Facebook, Google, Twitter... much like your favourite dev website :)
More useful - all the stuff @rhymes said!