NB! For the succesfull tests results user with username = admin, and password = admin should be saved into DB.
- +10 Route
/auth/signuphas been amended withpasswordrequirement. - +20 Users' passwords are to be saved into data base as hash, created by
bcrypt(or similar package, for examplebcryptjs). - +10 Route
/auth/loginhas been implemented, logic connected to it is divided between controller and coresponding service. In case ofauth/loginPOST method when user is absent in DB, server replies with 403 (Forbidden) HTTP status. - +20 Access Token is implemented,
JWTconsists ofuserIdandusername, secret key is saved in.env. - +20 Authentication is required for the access to all routes except
/auth/signup,/auth/login,/docand/. - +10 Separate module is implemented within application scope in order to check all routes except
/auth/refreshfor the presence of a valid Access Token that's been appended to a request otherwise 401 (Unauthorized) HTTP status to be received.
- +20 Refresh Token is implemented,
JWTconsists oflogin, secret key is saved in.env. - +10 In case Refresh Token is expired but Access Token is still valid server replies with both tokens -
valid Access Token and new Refresh Token. - +20 In case Access Token is expired, server replies with a valid Refresh Token in the message body
to
/auth/refreshtoken, with new Access Token and same Refresh Token pair.
- -95% of total task score any external tools except
bcryptorbcryptjsor similar,jsonwebtoken,nodemon,dotenv,cross-env,typescript,ts-node,eslintand its plugins,webpackand its plugins,prettier,uuid,@types/*as well as libraries used for testing - -30% of total task score Commits after deadline (except commits that affect only Readme.md, .gitignore, etc.)
- -20 Missing PR or its description is incorrect
- -20 No separate development branch
- -20 Less than 3 commits in the development branch, not taking into account commits, making changes only in
Readme.mdor similar files (tsconfig.json,.gitignore,.prettierrc.json, etc.)