Just a simple learning project
Setup:
- Set up MVC (using Pug)
- Set up NestJS Config (.env)
- Set up TypeORM
- Set up validation pipeline & class-transformer & class-validator
- Set up express-session
- CSRF to forms https://expressjs.com/en/resources/middleware/csurf.html
- Flash messages
To Do:
- User can sign up with basic validation
- Password should not be returned post creating user (use a DTO to dictate the return value)
- Should display friendly message if duplicate email used when creating user or when validation fails for non-conforming data
- User can login
- User automatically logged in after creation
- User can logout
- Redirect if visiting authenticated routes
- Render if failed to create user
- Render if login failed
- Use Interceptor to add flashMessages and csrfToken to every response
- Testing
Uncertainties:
- Haven't decided where is the best place to implement mappers a.k.a.
toUserDto - Any way to make
toUserDtomore generic and reusable
New Lessons for me:
- Use guards to perform login
- Use guards to perform authorization
- Use exception filters to improve user experience by redirecting when fail to login or when visting unauthorized routes
- Use exception filters to improve UX when user sign up fails by rendering the sign up form page with error messages
- Use flash messages
- Use CSRF
- Use passport.js together with express-session for a "username" / password local strategy
- Use global interceptors in app module to inject csrftoken and flash message to every route handler