Build a logging system that tracks which PATH was accessed at which time.
Example:
/logs/requests.txt
GET /users/mo [Sat Jan 12 2019 01:18:43 GMT+0000 (UTC)]
PUT /users/mo [Sat Jan 12 2019 01:18:43 GMT+0000 (UTC)]
Use the following function to help you:
const fs = require('fs');
const appendToLogFile = (fileName, stringData) => new Promise((resolve, reject) => {
fs.appendFile(`./logs/${fileName}.txt`, `${stringData}\r\n`, (err) => {
if (err) reject(err);
resolve('Saved');
});
});You will always probably will need to use the following:
req.originalUrlto get the current PATHreq.methodto get the HTTP Method for the request
Build a middleware that checks if the user making the request is logged in or not. You will be using req.header to check the auth-token key in the header.
Don't let user continue!
HTTP STATUS 401 // Client Not Authenticated
{
"type": 401,
"message": "Client Not Authenticated."
}
Continue to whatever request!
Build a middleware that checks if the right user is making changes to their account. So for example, user mo should only be able to update the information for mo.
- Before coding think about which routes need to be protected.
- Think about what information do we have on the client that can help authenticate
Carry on and let them continue
HTTP STATUS 403 // Access Denied
{
"type": 403,
"message": "Access denied at resource."
}