What to ensure is setup & considered when building from scratch.
- Visitors - can only view the homepage
- Logged In User - can only view the their page
- Admin User - can view any page; can de-activate users;
- JS
- Vue
- Add auth router
- Create user with POST /auth/signup
- validate required fields
- Check if email is unique
- hash password with bcrypt
- insert into db
- Set a cookie with user_id after creating user
- Best Practices
- Cross origin cookie!
- Create sign up form; show errors; redirect;
- Validate required fields
- Login user with POST /auth/login
- check if email in db
- compare password with hashed password in db
- set cookie
- check if email in db
- Create login form; show errors; redirect;
- validate required fields
- Visitors can only see the homepage
- create middleware to redirect visitors without a user_id cookie set
- redirect to sign up form and show an error message
- Logged in users can only see their page
- check user_id cookie in route handler
- show an unauthorized error message
- redirect to user page if they visit the homepage
- Admin page that lists all users
- admin table with user_id (unique constraint)
- de-activate users
- Admin can see any page on site
- Use sessions instead of cookies!
- Use JWTs instead of sessions!
- Push Notifications (APNS + FCM),
- Emails (just integrate an SMTP client for starting)
- SMS
*NOTE - Have two channels for sending SMS, transactional and promotional. Never send a promotional SMS on a transactional channel, as there are chances that you will be sued by a well informed and motivated user.
- Airbrake / sentry
- Elkstack - https://www.elastic.co/what-is/elk-stack
*NOTE - While logging request and responses, take care of the following: Do not log passwords. Do not log tokens (the access tokens which are used for Authentication) Do not log OTPs
- Rabbit MQ/SQS - https://www.rabbitmq.com/
Scenario - You just launched your product and you need to send recommendations to your users about new products on your platform. You'll send these on the basis of their purchase history each weekend.
So what's the difference between hard and soft updates?
Hard updates refer to when the user is forced to update the client version to a higher version number than what is installed on their mobile.
Soft updates refer to when the user is shown a prompt that a new version is available and they can update their app to the new version if they want to.
There are a lot of options available in the market. You can either chose to implement one on your own (Jenkins CI/CD), or you can use TravisCI, CircleCI, etc for the same.
Optional
Create a Dockerfile and docker-compose.yml for your application so that everyone runs the application using Docker from the start. One of the main reasons to use such an approach is to have consistency across your local/staging/production environment, so that no developer can ever say this again:
An Application Monitoring Tool is a must have if you want to monitor your application's APIs, transactions, database connections, and so on.
- New relic - https://newrelic.com/
Here's a good overview of Elasticsearch to get you started: https://www.freecodecamp.org/news/go-elasticsearch/
And the ElasticSearch Docs - https://www.elastic.co/guide/index.html
- close all the ports except the ones to be used for APIs (https connections)
- Route the API endpoints using a reverse proxy web server, like NGiNX or Apache
**NOTES Why you should use NGiNX: https://www.nginx.com/resources/wiki/community/why_use_it/ https://blog.serverdensity.com/why-we-use-nginx/ https://www.freecodecamp.org/news/an-introduction-to-nginx-for-developers-62179b6a458f/