Into Fire (Server ver.)

[Washiki]

DESCRIPTION

And now, we tackle Authentication. Auth is annoying.
Thankfully, there are many libraries out there that make it much easier.
Every more thankfully, we won’t be using any of them : P

We’ll be implementing our own simple password authentication and storage.
Don’t tell the cybersec wing about this.

As reference, see how the HackerNews login page works.

(We won't be implementing cookies, password retrieval, or encryption. yet)

TASK:

In /server
When a new client joins , change the behavior so that

• If client’s username is NOT in database (new user create case)

  • Add username to DB
  • Hash their password (using Bcrypt or equivalent) and store in the db. ENSURE THAT WE DON"T SAVE THE PASSWORD IN PLAINTEXT!!

• If username is in Database (old user login case)

  • Similarly hash the sent password, and see if it matches the one in the database.
  • If it matches, go through with the connection.
  • If not a match, send a “wrong password” message, and disconnect the client.

For the password implementation, see documentation.md and #108

PR SUBMISSION:

• Ensure that you commit the working, endpoints and document all features in documentation.md
• Please submit a video of the encrypted password being stored in the db when creating a new user, and the application accepting and rejecting an existing user.

This is a COMPETITIVE ISSUE. Submit freely, go wild.

[dwivediprashant]

claim

[Washiki]

@dwivediprashant @Krishna200608 love the enthusiasm lmao, crazy timing, issue's competitive, so no need to claim it