awesome-todos.md

Awsome Todos questions and answers guide:

Main questions:

1- What is passport-google-oauth20?

2- Why do we use cookieParser and encryptCookieNodeMiddleware ?

3- How do you let Express app use cookie middlewares (cookieParser, encryptCookieNodeMiddleware) with secret key for handling encryption of cookies *(answer might require code snippets)?

4- How to let your Express app use a middleware function that sends 401 (When not authenticated) error response code for auth errors and 500 (other errors) *(answer might require code snippets)?

5- In the auth.js there is four paths: /google, /me, /google/callback, /logout can you guess what does each path refer too?

Questions to answer while coding for later (not part of the discussion, answer individually later):

6- How do you let your Express app use JWT middleware to be used on all routes starting with /api?

a. How to exclude certain paths from the JWT authentication?

b. How to extract the JWT token from the request?

7- How do you Prepare Google Auth handling configuration?

8- How do you connect and configure Google OAuth 2.0 strategy on PassportJS instance?

9- How do you initialize PassportJS middleware?

Ali, Aween, Ara, Maram, Sarah, Zainab Al-Najjar, Zainab Mirza

1. it's basically a middleware that used by the developers inside node.js to provide more authentications to the user info, so instead of making a new account on the specific website the users can use their google accounts to reach the whole website
   2In simple terms, cookieParser helps to read cookies from the incoming HTTP requests, while encryptCookieNodeMiddleware is a custom security measure to encrypt the cookie data, making it more secure and protecting sensitive information stored in cookies.

3.install the package itself with this command : npm install cookie-parser cookie-encrypter
|||B.|||Set up cookieParser middleware:
const express = require('express');
const cookieParser = require('cookie-parser');

const app = express();

app.use(cookieParser('yourSecretKeyHere'));
}

|||C|||Set up encryptCookieNodeMiddleware:

const { encryptCookie, decryptCookie } = require('cookie-encrypter');

app.use((req, res, next) => {
// Encrypt cookie before sending it to the client
res.encryptCookie = encryptCookie.bind(null, 'yourSecretKeyHere');
// Decrypt cookie received from the client
req.decryptCookie = decryptCookie.bind(null, 'yourSecretKeyHere');
next();
});

||D|| Using the encrypted cookies:
app.get('/setcookie', (req, res) => {
const encryptedValue = res.encryptCookie('cookieName', 'cookieValue');
res.cookie('cookieName', encryptedValue);
res.send('Cookie set successfully');
});

||f||Accessing decrypted cookies:
app.get('/getcookie', (req, res) => {
const decryptedValue = req.decryptCookie(req.cookies.cookieName);
res.send('Decrypted cookie value: ' + decryptedValue);
});

4. Create a middleware function in Express that checks for authentication, and if authentication fails, it sends a 401 status code, and for other errors, it sends a 500 status code.
   // Define your authentication middleware function
   const authenticate = (req, res, next) => {
   // Check if authentication logic fails (you would replace this with your own authentication logic)
   const isAuthenticated = checkAuthentication(req);

   if (!isAuthenticated) {
   // If not authenticated, send 401 error
   return res.status(401).json({ error: "Unauthorized. Authentication required." });
   } else {
   // If authenticated, proceed to the next middleware
   next();
   }
   };

// Define your error handling middleware
const errorHandler = (err, req, res, next) => {
// If the error is not a 401, send a 500 status code
if (err.status !== 401) {
return res.status(500).json({ error: "Internal Server Error" });
}

// If the error is a 401, send the error message
res.status(401).json({ error: err.message });

};

// Register the middleware globally
app.use(authenticate);
app.use(errorHandler);

5. /google - Initiates the Google login process.
   /google/callback - Handles the response from Google after login.
   /me - Retrieves the logged-in user's profile information.
   /logout - Logs the user out of the application.

1- passport-google-oauth20 is a Node.js authentication middleware for Passport, which is an authentication middleware for Node.js. Specifically, passport-google-oauth20 allows you to authenticate users using Google OAuth 2.0 in your Node.js applications. With this middleware, you can easily integrate Google's OAuth 2.0 authentication mechanism into your application, allowing users to log in with their Google accounts. This is commonly used in web applications to provide users with a convenient and familiar way to sign in without requiring them to create and manage separate login credentials for your application.

2- Using cookieParser and encryptCookieNodeMiddleware together provides a secure and convenient way to work with cookies in Node.js applications, ensuring both ease of use and protection of sensitive data

3- To enable an Express app to handle cookies securely with encryption using cookie-parser and express-encrypt-cookie middlewares:

Install the required packages: cookie-parser and express-encrypt-cookie.
Configure cookie-parser middleware to parse cookies, providing a secret key for cookie encryption.
Configure express-encrypt-cookie middleware to encrypt and decrypt cookies, using the same secret key.
Ensure that these middlewares are added to your Express app before any route handling.
Your app is now set up to handle cookies securely with encryption.

4- To enable your Express app to handle authentication errors with a 401 response code and other errors with a 500 response code, create a custom error handling middleware. This middleware checks the error type and sends the appropriate response code and message accordingly. Then, add this middleware to your Express app after other middleware and route handlers.

5- /google: Initiates Google OAuth 2.0 authentication.
/me: Retrieves user information from the server.
/google/callback: Callback URL for Google OAuth authentication.
/logout: Logs out the user from the application.

Abdulrahman muayid
shvan abdulhakeem
ahmed isam
payam R
ahmed jalal