Task Detail

Activity on Thu Dec 21 2017 20:10:36 GMT+0000 (UTC) I created a temporary sign-in button. I can sign-in through this button as a modal of a page, so the page won't be redirect. I still need to figure out how to send info back to the browser, so I can change the display of the sigin to sign-out after login. 1. Now, when I is not signed in, yet, and use a route that requires authentication, it would take to '/login' page. 2. I don't how to carry the url of the page to the login controller, yet. 3. I should create my own authentication strategy to learn deeper in authentication. Activity on Thu Dec 21 2017 14:48:54 GMT+0000 (UTC) Authenticating: 1. After the validateFunc can't verify the value, it return the call back function with null and false. 2. I don't know how server.auth.strategy does, but from the return callback, it will take in redirectTo: '/login' 3. In the login/index.js, this where the real login happen, and this is created all by myself. 4. During the validating process, I can fill out the session for the next authentication request. 5. IMPORTANT, the cookie-auth is setup a session, and the session will keep the login result in the server side. Therefore, hackers or users have no way to get the login info through my activity on the website. 6. Everytime I send a authentication request, the cookie-auth will validate to see if the value which are my username and hash_pw of the session.id which is set as my username are valid in the session. 7. If the value are valid, it will check to see if the cookie-name and password are match from the request with what were saved for the session. Activity on Wed Dec 20 2017 19:49:59 GMT+0000 (UTC) Before authentication: when request send in from a route that requires authentication: 1. The validateFunc get(session.id) to find a value. 2. The the callback would return to validateFunc undefined value because no id without login. 3. I don't how the authentication take in the redirectTo, yet. 4. The password and cookie only use to check if this is still a same session. 5. The cookie and password is travel back and forth from the server and browser to keep session status. 6. The session has nothing to do with the actual authentication. 7. The authentication happen in my index.js of login controller. Activity on Tue Dec 19 2017 23:47:34 GMT+0000 (UTC) What to do next: 1. Read about Joi module to find out: what Joi do with do with the password and cookie name. 2. Find out how the callback in validateFunc executed in Joi. 3. After compare the value, how the Joi redirect the page, so I can redirect it to the current page. 4. Get a reply after login to indicate the successful authentication then change the sign-in to sign-out in lib.js Activity on Tue Dec 19 2017 23:19:42 GMT+0000 (UTC) Before login, when I go to a route which requires the authentication (/post-new-editor' path for example). { method:'GET', path:'/post-new-editor', config: { auth: { strategy: 'base' }, handler:handlePostNewEditor } }, The method, path, and the config will get to be executed first before handler can be executed. When the config executed, it go to server.register(CookieAuth, (err)=>{}) in server.js file. Important lines of code explain below: 1. const cache = server.cache({ segment: 'sessions', expiresIn: 3 * 24 * 60 * 60 * 1000 }); //to issolate the auth cookie sessions from the rest of the cache //by server.cache segment/name as 'sessions', expire in a day or after quit the browser //all this then add to server.app.cache along with what added from the login page. //The parameter will go from order if they are not well define based on hapi-auth-cookie document 2. server.app.cache = cache; //save the cache into a cache inside server.app storage box 3. server.auth.strategy('base', 'cookie', //The server.auth.strategy take in the first two parameter 'base' and 'cookie' to use cookie authentication //and name the strategy 'base' (which I can name it anything I like). 4. {password: 'supersecretpasswordqqqqqqqqqqqqqq', cookie: 'cookieCookie', redirectTo:'/login', isSecure:false, validateFunc: function(){}) //After take in the first 2 parameters, the strategy takes in the json {password, cookie, ..., and a required validateFunc callback function}. //The password used to encode the cookie by Iron. Requires a length of at least 32 characters. (most important in this json. //cookie: I can name the cookie whatever I like. //** From here I assume what the code would do because I will need to go further in to Joi module to understand more.