In this challenge, you build a real wise-guy application. Dad jokes are all the rage these days. Currently the application is trying to receive some Dad Jokes
, however we are locked out.
Read these instructions carefully. Understand exactly what is expected before starting this Sprint Challenge.
This is an individual assessment, please work on it alone. It is an opportunity to demonstrate proficiency in the concepts and objectives introduced and practiced in preceding days.
If the instructions are not clear, please seek support from your TL and Instructor on Slack.
The Minimum Viable Product must be completed in three hours.
Follow these steps to set up and work on your project:
- Create a forked copy of this project.
- Add your Team Lead as collaborator on Github.
- Clone your forked version of the Repository.
- Create a new Branch on the clone: git checkout -b
firstName-lastName
. - Implement the project on this Branch, committing changes regularly.
- Push commits: git push origin
firstName-lastName
.
Follow these steps for completing your project.
- Submit a Pull-Request to merge
firstName-lastName
branch intomaster
on your fork. Please don't make Pull Requests against Lambda's repository. - Please don't merge your own pull request.
- Add your Team Lead as a Reviewer on the Pull-request
- Your Team Lead will count the challenge as done by merging the branch into master.
Commit your code regularly and use descriptive messages. This helps both you (in case you ever need to return to old code) and your Team Lead.
Demonstrate your understanding of this week's concepts by answering the following free-form questions. Edit this document to include your answers after each question. Make sure to leave a blank line above and below your answer so it is clear and easy to read by your project manager.
-
What is the purpose of using sessions?
To whomever is grading my assignment: I made a front end for this assignment.
My TL Faye saw it in our 1:1 and I should be graded three stars. Thank you!
Sessions allow the server to store information about the client through the use of cookies. We've used them in our projects so that we don't have to re-authenticate the user every time they make a new request to the server.
-
What does bcrypt do to help us store passwords in a secure manner.
bcrypt hashes passwords. This is more secure because 1) they are never stored in plain text and 2) hashes are more secure than encryption. Hashes only go one way: parameters
- input = hash. Encryption uses plain text and private keys to generate encrypted passwords and then reverses the process to arrive at the original password, which is less secure.
-
What does bcrypt do to slow down attackers?
It uses a key derivation function, which adds time to the equation. Hash + time = Key derivation function. Because time is added to the equation, hackers are significantly slowed.
-
What are the three parts of the JSON Web Token?
Header
- contains the algorithm with the token typePayload
- claims (things like permissions for the user) information, or any other data we’d like to store in the token, often user idSignature
- To create the signature, you have to take the encoded header, the encoded payload, a secret, the algorithm specified in the header, and sign that.
Implement an User Authentication System. Hash user's passwords before saving them to the database. Use JSON Web Tokens
or Sessions and Cookies
to persist authentication across requests.
- Implement the
register
andlogin
functionality inside/auth/auth-router.js
. Auser
hasusername
andpassword
. Both properties are required. - Implement the
authenticate
middleware inside/auth/authenticate-middleware.js
. - Write a minimum o 2 tests per API endpoint. Write more tests if you have time.
Note: the database already has the users table, but if you run into issues, the migrations are available.
Build a front end to show the jokes.
- Add a React client that connects to the API and has pages for
Sign Up
,Sign In
and showing a list ofJokes
. - Once you have the functionality down, style it!