Skip to content

Into Fire (Server ver.) #111 #112

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Krishna200608 wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Into Fire (Server ver.) #111 #112

Krishna200608 wants to merge 1 commit into from

Conversation

@Krishna200608
Copy link
Contributor

@Krishna200608 Krishna200608 commented Jan 7, 2026
edited
Loading

Issue: #111

FIX

Implemented password-based authentication on the WebSocket server using bcryptjs hashing.
The fix verifies existing users, rejects incorrect credentials, enforces single active session per user, and introduces an explicit authentication-ready signal to prevent first-message loss.

The client now sends the password after the username and waits for [[AUTH_OK]] before enabling input.
Relevant documentation has been updated accordingly.

Summary

  • Server-side authentication

    • Two-step handshake:
      1. Username
      2. Password
    • Password listener is attached immediately to avoid race conditions.

  • Password storage

    • Passwords are hashed using bcryptjs.
    • No plaintext passwords are stored.

  • Existing users

    • Password is verified against the stored hash.
    • Incorrect credentials result in an error message and immediate disconnection.

  • Single-session enforcement

    • Login is rejected if the username is already online.

  • First-message reliability

    • Server sends an explicit [[AUTH_OK]] signal after all handlers are attached.
    • Client waits for this signal before allowing user input, preventing message loss.

  • Documentation

Changes

  • server.js

    • Added authentication handshake logic
    • Sends [[AUTH_OK]] after successful authentication
    • Disconnects on wrong credentials
    • Enforces single active session per username

  • User.js

    • Added passwordHash field (required)

  • package.json

    • Added bcryptjs dependency

  • chat.go

    • Sends password after username
    • Waits for [[AUTH_OK]] before enabling input
    • Ignores empty messages

  • documentation.md

Verification

A video is attached demonstrating:

  • New user creation with a hashed password stored in MongoDB
  • Successful login with correct credentials
  • Rejection and disconnection on incorrect credentials
  • Normal message flow after authentication
  • Confirmation that the first message is delivered reliably
echo.terminal.3.1.mp4

Run Instructions

Server

  1. Ensure MONGODB_URI is set in .env
  2. Install dependencies and run: 
    cd server
npm install
npm run dev

Client

 cd client
 go run .

Notes

  • Legacy user migration

    • If a user record existed without passwordHash, it is automatically set on the first successful login.

  • Error handling

    • Authentication and validation errors are returned as
      ERROR: ...
      WebSocket frames for clear client-side display.

@OpenGitBot
Copy link

OpenGitBot commented Jan 7, 2026

Hey @Krishna200608

Thanks for opening this PR 🚀. Mentor will review your pull request soon and till then, keep contributing and stay calm.

Thanks for contributing in OpenCode'25 ✨✨!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Krishna200608 @OpenGitBot