Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Creating Sign up and login routes and controller #5

Closed
udaymittal7 opened this issue Mar 13, 2021 · 8 comments
Closed

Creating Sign up and login routes and controller #5

udaymittal7 opened this issue Mar 13, 2021 · 8 comments
Labels
GSSOC21 for GSSoC participants LEVEL3

Comments

@udaymittal7
Copy link

I would like to work on creating the sign up and login routes and controller for this project as a participant of GSSOC'21.
Please assign this to me and add the relevant tags.
@abdus
Copy link
Member

abdus commented Mar 13, 2021

It would be great if we split this issue into two.

  1. implement SignUp
  2. implement SignIn

@Aryaman1706
Copy link

Hey @abdus ! I would love to work on this!

Ideas

  • Multiple auth strategies like GitHub, Google, and email/phone number.
  • We can use passport but if we want to inculcate more scopes then we can use API offered by respective platforms like google's people API gives a ton of information like phone number, birthday, organizations, etc (complete list here)
  • We can maintain cookie sessions stored in a Redis store rather than in memory with proper secret and TTL.
  • Appropriate email/phone number verification using some sort of mailing and SMS services like SendGrid or nodemailer.
  • Restricting users from making too many unsuccessful attempts. We can do this either going way simple and using express-rate-limiter or we can go with the token bucket approach.
  • Checking appropriate CSRF token with each login/signup request.

I would love to discuss it further.

@udaymittal7
Copy link
Author

@abdus Yes, we can split it.
I am up for any of those.
Should I create different issues for them separately?
Someone else can take the other.

@abdus
Copy link
Member

abdus commented Mar 16, 2021

@Aryaman1706 thanks for the input. it helps!
@udaymittal7 sure. go ahead and split it into two issues. You can work on one and @Aryaman1706 may take the other.

@Manvityagi
Copy link
Member

@udaymittal7 @Aryaman1706
Can you make two separate issues for and take one of them each?

@Manvityagi
Copy link
Member

Manvityagi commented Mar 20, 2021
edited
Loading

Hey @abdus ! I would love to work on this!

Ideas

  • Multiple auth strategies like GitHub, Google, and email/phone number.
  • We can use passport but if we want to inculcate more scopes then we can use API offered by respective platforms like google's people API gives a ton of information like phone number, birthday, organizations, etc (complete list here)
  • We can maintain cookie sessions stored in a Redis store rather than in memory with proper secret and TTL.
  • Appropriate email/phone number verification using some sort of mailing and SMS services like SendGrid or nodemailer.
  • Restricting users from making too many unsuccessful attempts. We can do this either going way simple and using express-rate-limiter or we can go with the token bucket approach.
  • Checking appropriate CSRF token with each login/signup request.

I would love to discuss it further.

Let's start with Google Oauth for this issue, will extend it further for github etc @Aryaman1706

CC: @abdus

@Manvityagi Manvityagi added GSSOC21 for GSSoC participants LEVEL3 labels Mar 20, 2021
@ay2306 ay2306 mentioned this issue Mar 27, 2021
Closed
@rohithmsr
Copy link
Contributor

What are all the things I must work on? There are so many issues given in this single issue
@abdus @Manvityagi

@Manvityagi
Copy link
Member

What are all the things I must work on? There are so many issues given in this single issue
@abdus @Manvityagi

Hi @rohithmsr #33 is taking care of this issue, left it opened mistakenly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
GSSOC21 for GSSoC participants LEVEL3
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@abdus @Manvityagi @Aryaman1706 @rohithmsr @udaymittal7