Dev 1 #7
Merged
Dev 1 #7
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…elements for seamless admin authentication.
This commit implements functionality to generate and manage user session IDs, refresh tokens, and access tokens. It includes the following changes: - Implement logic to generate unique session IDs for each user upon login. - Generate refresh tokens to allow users to obtain new access tokens without requiring reauthentication. - Generate short-lived access tokens with limited scope for user authentication and authorization. These changes enhance security and improve user experience by providing a mechanism for managing user sessions and ensuring secure access to protected resources.
This commit addresses the following issues: - Fixed an error in the environment file that was causing configuration inconsistencies. - Added color formatting to console logs for improved readability and debugging. Changes: - Updated the environment configuration to resolve the error related to missing or incorrect variables. - Implemented color-coded console log messages to differentiate between different types of logs and improve debugging efficiency. These changes ensure a more robust and user-friendly development environment, enhancing the reliability and readability of the codebase.
This commit introduces functionality to store access tokens, refresh tokens, and session IDs for users, enhancing authentication and session management capabilities. It also includes modifications to the user model to accommodate these changes. Changes: - Implement logic to store access tokens, refresh tokens, and session IDs for users upon login. - Update the user model to include fields for storing these tokens and identifiers. - Enhance authentication endpoints to return access tokens, refresh tokens, and session IDs during login. - Adjust database schema or data storage mechanism to accommodate the new fields in the user model. These changes improve the security and functionality of the authentication system, enabling better management of user sessions and access control within the application.
This commit introduces an admin client upload form allowing users with administrative privileges to upload music data. Additionally, a list of songs has been implemented to display the uploaded songs. This enhances the functionality of the application and provides administrators with the ability to manage music content.
Describe the problem and steps taken to resolve it: - Investigated why the auth token wasn't being set in response headers - Checked backend configuration and response headers - Confirmed CORS settings allow the Authorization header - Considered using a custom header as a workaround This commit addresses the issue and ensures the auth token is correctly set in the response headers.
… using access token
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
|
|
||
| const router = Router(); | ||
|
|
||
| // Route to get all songs | ||
| router.get("/songs", getAllSongs); | ||
| router.get("/songs", authenticateUser, getAllSongs); |
Check failure
Code scanning / CodeQL
Missing rate limiting High
|
|
||
| // Route to get a specific song by ID | ||
| // router.get("/songs/:id", getSongByID); | ||
|
|
||
| // Route to search songs | ||
| router.get("/songs/search", searchSongs); | ||
| router.get("/songs/search", authenticateUser, searchSongs); |
Check failure
Code scanning / CodeQL
Missing rate limiting High
|
|
||
| // Route to get popular songs | ||
| router.get("/songs/popular", searchSongsByPopularity); | ||
| router.get("/songs/popular", authenticateUser, searchSongsByPopularity); |
Check failure
Code scanning / CodeQL
Missing rate limiting High
|
|
||
| // Route to render song upload form | ||
| router.get("/upload", (req: Request, res: Response) => { | ||
| res.render("SongUploadForm.view.ejs"); | ||
| }); | ||
|
|
||
| // Route to handle song upload | ||
| router.post("/upload", createSong); | ||
| router.post("/upload", authenticateAdmin, createSong); |
Check failure
Code scanning / CodeQL
Missing rate limiting High
|
|
||
| // Route to update a song | ||
| router.put("/songs/:id", updateSong); | ||
| router.put("/songs/:id", authenticateAdmin, updateSong); |
Check failure
Code scanning / CodeQL
Missing rate limiting High
|
|
||
| // Route to delete a song | ||
| router.delete("/songs/:id", deleteSong); | ||
| router.delete("/songs/:id", authenticateAdmin, deleteSong); |
Check failure
Code scanning / CodeQL
Missing rate limiting High
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.