Authorization server for future projects.
https://auth.kamide.re
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Robert
b8466f442d
updating/linting register.js, add eslint with airbnb style
|
1 month ago | |
|---|---|---|
| routes | 1 month ago | |
| test | 4 months ago | |
| utils | 1 month ago | |
| .eslintrc.js | 1 month ago | |
| .gitignore | 4 months ago | |
| LICENSE | 4 months ago | |
| README.md | 1 month ago | |
| index.js | 1 month ago | |
| package-lock.json | 1 month ago | |
| package.json | 1 month ago |
README.md
README.md
kamidere-oauth2server
Authorization service for future projects. ref. oauth2orize-example
TODO
- Learn about good hashing practice and implement it
- sodium
or libsodium-wrappers(ref. https://crackstation.net/hashing-security.htm) - clinet-side prehashing (ref. https://download.libsodium.org/doc/password_hashing)
- sodium
- /register endpoint with both GET and POST
- /client, /me, endpoints
- Good looking front-end
- Vue.js?
IDEA
- Minimal information about user [username, email, password].
- Client-side tokens (stored on client-side but generated on server side).
- End-to-End encryption user ←→ server, client ←→ server.
- Two-Factor Authentication (optional).
- Support to 3rd Party Authorization Google, Anilist, etc.
FEATURES
- Secure users even when security breach:
- E-mail hashing.
- Password hashing.
- Hashing specified in .env file.
- Tokens stored only on client side.
- Unique hash for user/client to secure tokens.
- Changing this hash will automatically disable every token connected with it. Will logout you from every website or will logout every user from your service.
.env
KAMIDERE_MONGOURI= mongoDB URI.
KAMIDERE_JWTSECRET= JWT secret.
KAMIDERE_COOKIESECRET= Cookeies secret.
KAMIDERE_SEEDSINDEX= Seeds index array [PASSWORD SEED, CLIENT SIDE SEED, EMIAL SEED]. ex. [0,1,2]