Project Outline
This segment describes the technical aspects of the Open-Source Content Management System that SpaceYaTech is attempting to create.
The SpaceYaTech Content Management system is an opensource application that lets users to quickly publish content and share it with ease to their audience. Inspired by existing CMSes like Hashnode, Wordpress, DEV and Joomla, we felt the need to create an African CMS created by young Africans looking to learn by contributing to Open Source. SpaceYaTech opted for a CMS as the debut open source project because of the technicalities involved in creating, maintaining and scaling a CMS. A CMS poses great technical challenges and a great learning opportunity for those looking to grow their tech skills.
Before rolling out the first edition of the CMS, the backend team should develop a system that at the bare minimum should:
- Let Users Create Multiple Accounts Using Their Email Addresses
- Let Users Sign In Into Their Accounts Using Their Email Addresses and Third-Party Authentication Services
- Let Users Customize Their Profiles/Accounts i.e Change Avatars and Bio-Data
- Let Users Create And Persist Content Containing Different Media
- Users To Edit Previously Published Content To Add Updates
- Let Users Delete Content They Don't Want To Appear On Their Accounts
- Let Users Post Comments On Posts They Find Useful
- Let Users React On Posts And Comments That They Find Useful
- Let Users Own A Domain Prefixed By Their Username e.g username.spaceyatech.com
On the high level, our application should be able to receive requests from client applications (user-facing applications like web browsers, mobile applications and third-party applications) and serve appropriate responses back to them.
The following are the core Models in the application and their attributes:
- User.
- Account
- Role
- BlogPost.
- BlogComment
- Blog Reaction.
- Blog Image
- Blog Category.
The models are represented using the ERD diagram below
The authentication service makes sure that information is accessed only by users who have the access permission or right. The SpaceYaTech OpenSource CMS implements two forms of Authentication - JWT Authentication and Oauth 2.0 for Authentication and Authorization of Users within the Application. Here is a detailed look into the potential implementation of both forms of Authentication forms:
The JSON Web Tokens (JWT) authentication involves the use of generated claims between a client and a server application to check the legitimacy of requests coming to our application. A client makes a request to the application's server's authorization server where their request is checked for legitimacy (system checks if user is who they claim to be and if they really have permission to access our application). If the Authorization Server authenticates the legitimacy of the request, it gives back an access token to the client which the client can use to access resources from our application. Here is a sample workflow of the JWT Authentication;
.
The JWT authorization workflow is as follows:
1.The end user logs in, the client application sends an authentication request to SpaceYaTech's API Gateway(Authorization Server) to obtain a JWT Access token.
2.If the user or application credentials are valid, API Gateway generates the JSON token using a private key that was specified in the JWT configuration, and sends the generated token to the client.
If the user credentials are invalid, API Gateway returns a specific error response.
3.Client sends the generated JSON token in the HTTP Authorization request header as a Bearer token to access the protected API (Protected Resources) in API Gateway.
4.API Gateway first identifies the application based on claims from the JWT, then validates the JWT using the public certificate of the issuer (the issuer can be API Gateway or a third-party issuer) and provides access to the protected resources.
If the validation fails, API Gateway returns a specific error response.
To allow users to use existing accounts on 3rd party service providers such as Google, Facebook, Twitter, Github and Apple, an OATH2.0 service implementation is necessary.
Taking Google's example, here is an example workflow for a user who wants to sign in with their existing Google Accounts: