/oauth_game_finder

NodeJS RESTful Web Server with OAuth authentication support

Primary LanguageCSS

OAuth Games finder

This is a Node.js RESTful project used in conjunction with my Oauth2 server as an OAuth2 PoC for the Security of Web Oriented Architectures course. It is based on a previous version of another university project, a videogames discovery platform.

Old features:

  • Discover games based on popularity, score and hype
  • Search games by keyword
  • Open an in-depth page of a selected game

New features:

  • Authentication to a custom OAuth server using authorization code and refresh token grants
  • Authentication via third party OAuth server using client credentials grant
  • Favorite games management system for authenticated users
    • View your favorite games when logged in
    • Add/Remove game for favorites list
    • Favorites page is blocked when not authenticated (when no access token is found)
  • HTTPS secure communication between client, Web Server and OAuth Server

Tech

  • Client
    • HTML5, CSS, Javascript for structure, graphics and usability
    • JQuery to dynamically get data to fill the page
  • Web Server
    • Node.js + Express: runtime system and framework for a RESTful routing
    • Handlebars for web pages templates
    • Apicalypse to query the external database
  • Database
    • MongoDB to save OAuth data and favorites
    • External IGDB to retrieve data via APIs following OAuth authentication on Twitch
  • Data
    • RESTful architecture
    • HTTPS to secure confidentiality and integrity
    • JSON as data exchanging format

Setup and Installation

  1. Clone this Repo
  2. cd into the project root folder, and run npm install
  • If npm is not installed, install it and then run npm install
  1. Register the webiste into the OAuth server (retrieve client_id and client_secret)
  2. Register the website on Twitch
  3. Rename .env.example to .env and fill it with all parameters
  4. Generate certificate and key for SSL support (see below)
  5. Start the OAuth Server
  6. Run npm start to boot up the client
  7. open https://localhost and enjoy!

Database

The favorites functionality on the webiste requires a MongoDB connection. The DB structure can be seen in utils/DB. The string on the .env file should be like this

CONNECTSTRING = mongodb://127.0.0.1:1234/dbname

Keep in mind that writing "localhost" instead of 127.0.0.1 will not work for some reason.

SSL support

By default the webiste handles redirects all the connections to HTTPS. In order to use SSL you have to create a folder named cert and put inside the server.cert and server.key files. You can generate them using the command:

openssl req -nodes -new -x509 -keyout server.key -out server.cert

Using HTTP instead of HTTPS

If you don't want to use HTTPS (e.g. you need to sniff traffic or cookies), you need to:

  1. Set the flag NODE_ENV:development in the .env file
  2. Change the OAuth endpoints in the .env file to their respective HTTP versions