Implement user authorization and verification

[Haider8]

No description provided.

[vitokhangnguyen]

Hi, I would like to work on this. I might have questions regarding the workflow later.

[Haider8]

Hello. Sure @vitokhangnguyen, you can work on this, and you can definitely ask anything regarding this. Just let me know how much time will you be needing approximately.

Thank you :)

[vitokhangnguyen]

Hi,
As I am learning Python in the process and I have done this before with JavaScript and C++, does 2 weeks from now sound reasonable to you?

[Haider8]

@vitokhangnguyen Yes sure. Good luck 👍

[vitokhangnguyen]

Hi @Haider8,
I have done some research on the tool and I have a few questions I hope you can help me answer.

1. By "Authorization" and "Verification", what you want is for the program to prompt the user for password every time the user runs it, is that right? (Or you are talking about client certificate?)
2. If so, we will also need a broker that is configurated to accept password and store a password file on its side (instead of using the test/default Mosquitto's broker as right now). Do you want to build that, too?

[Haider8]

This approach will be fine too. You can try doing this by setting up your own broker locally. Otherwise we have one more option of using a REST API just for authorization. Whenever program is started we can check through that API if that user is valid or not.

You can start with setting up the passwords on broker's side.

[vitokhangnguyen]

@Haider8
Thank you for your reply.

The REST API is a good idea. I think I will go this way since it gives us more total control of the authentication/authorization process. I will deliver a new repository for the API soon.

[Haider8]

@vitokhangnguyen Can I create a new repository for that? And what will be the technology stack of that API?

[vitokhangnguyen]

@Haider8 For sure, I am planning to build the API in Python and using Flask. Does that sound good to you? I can also do it in Nodejs...

[Haider8]

@vitokhangnguyen I think Node js can be good in our case. What do you think? We will be using Heroku for deployment as they are having some free plans for the Node js + mongo DB environment. Do you know any other good service which we can use?

[Haider8]

Here is the repository for our API : https://github.com/Haider8/tmessage-api

[vitokhangnguyen]

I had experience with MongoDB and Heroku before so that would be good for me 😄

[Haider8]

That's great. So let's set up the project first. Do you have any tutorials or video series which we can refer to for our API?

[vitokhangnguyen]

Besides tutorial about setting up Nodejs and MongoDB, I do not have any specific pattern out there to follow. I think our API will first have 3 simple routes:

/api/user/checkExist
/api/user/authenticate
/api/user/register

I can get started and set up the nodejs/mongodb template for the project

And thank you for the new repo.

[Haider8]

Yes, those 3 routes can get us started. We will be doing email verification?

[vitokhangnguyen]

I would say let's not, for now, that can be an issue you can add in later for someone to solve

[Haider8]

You are right. That will be a lot to do right now. We can open a new issue once this gets completed. Sounds good?

[vitokhangnguyen]

That's perfect.

[vitokhangnguyen]

Hi @Haider8,
I made a PR to the tmessage-api to set up the RESTApi. After you review that and are ok with that, I can work on the client-side to interact with that API.

[Haider8]

@vitokhangnguyen PR is merged now. You can resume the work for client now 👍

[Haider8]

Fixed by #29