Authentication 🔐

Introduction:

This application is solely based to understand the principles of Authentication and security and explaining all the levels of security starting from Caesar Cipher to Oauth2.0

---

Technologies:

Oauth 2.0

NPM Packages:

passport

passport-facebook

passport-google-oauth20

passport-local

passport-local-mongoose

bcrypt

md5

mongoose-encryption

dotenv

GIT Version Control

Node

Express

ejs

---

Table of Content:

Commit 1:

Commit Link =https://github.com/Raxy45/Security/commit/6bf6a0830abf1dc08e1806f72edd023f1773da40

In this commit the basic checking of the password is done using the if statement

Commit 2:

Commit Link =https://github.com/Raxy45/Security/commit/12bd9a8bccbb1b007811749863080ef6d586048f

The mongoose-encryption package is used.This package encrypts the entire data while saving in Database and when model.findOne() is used it automatically decrypts the data in order to match the query.

Commit 3:

Commit Link =https://github.com/Raxy45/Security/commit/a00d61ff4b1dc03e8ddac16adb2aa4e04f3f7179

The code is same as commit 2 except the fact that the Secret Key is used using a dotenv package.

Commit 4:

Commit Link =https://github.com/Raxy45/Security/commit/34036674a847c130a4808f47a21bb4bfcbdd9df7

In order to eliminate the need of the Secret Key , the md5 package is used. This package hashes the password while saving in Database and as it is almost impossible to recover password from hash,In .findOne() we again check the password by first hashing and then comparing it to the one in Database

Commit 5:

Commit Link =https://github.com/Raxy45/Security/commit/a4faf9a640aef093f3b6191e6c8ab4839256a565

In this scenario , the bcrypt package is used and salt rounds are added so that the password becomes more immune

Commit 6:

Commit Link=https://github.com/Raxy45/Security/commit/d45e63ae046d51c772c7f0ac27932ac1fd640651

The packages passport,passport-local,passport-local-mongoose are added and all the the heavy weight lifting of salting and hashing part,etc is taken care by Passport !. The express-session package creates a cookie and a session created until the user logs out,Once logged out the cokkie is destroyed.

Commit 7:

Commit Link:https://github.com/Raxy45/Security/commit/25bf0e6950b085d6e7b90d07172728233f325587

The OAuth 2.0 technology is used in ths case and the particularly the passport-google-oauth-2.0 package is used and the authentication is done using "Google Strategy"

Commit 8:

Commit Link:https://github.com/Raxy45/Security/commit/c110cf6f8d2db27cc704de32639b88f6388f9a5f

Using OAuth 2.0 technology, this time the "Facebook Strategy" is implemented using the passport-facebook package

---

Project Status:

The project is implemented solely for learning Authentication and Security and is up to mark.