Project Introduction: How to Roll Your Own Auth
The "How to Roll Your Own Auth" project serves as a guide for developers aiming to implement custom authentication systems. It is accompanied by a detailed YouTube tutorial available here, which provides a visual walkthrough of the processes involved. Below is a concise overview of the components and steps required to build a robust authentication system using this guide.
Discord OAUTH with passport.js
One of the core features of this project is integrating Discord OAUTH authentication using passport.js
. This is achieved through a strategy configuration:
- Client Details: Set up using Discord's Client ID and Secret.
- Profile Handling: Retrieve the user's Discord ID from their profile.
- Database Interaction: Look for the user in the database; if not present, create a new user entry.
- Completion: Once a user is retrieved or created, they are handed back for further processing.
This ensures a seamless authentication experience for users logging in with Discord.
Using JWTs (JSON Web Tokens)
JWTs are a significant part of the authentication process, ensuring secure, token-based interactions:
- Token Creation: Upon user authentication, both refresh and access tokens are generated:
- Access Token: Valid for 15 minutes.
- Refresh Token: Valid for 30 days.
- Token Contents: Embedded with user ID and token version data for enhanced security.
These tokens allow users to authenticate and perform actions within the system securely.
Leveraging Cookies
Cookies play a crucial role in storing and managing session data:
- Security Options: Cookies are secured using HTTP-only settings, and additional options are configured based on the environment (production or development).
- Expiration: They are designed to last up to ten years, ensuring persistent session management.
- Cookie Dispatch: Tokens are sent to the client as cookies when a user successfully logs in.
This setup improves user experience by maintaining session data without constantly requiring login credentials.
Server Deployment on VPS
Deploying a server is made straightforward with the help of a Virtual Private Server (VPS):
- VPS Provider: Hostinger is recommended, offering promotional discounts.
- Dokku Setup: Install Dokku for deployment management, providing zero-downtime deployments.
- App Essentials: Create and configure applications and databases directly on the VPS using commands, link services, and manage Docker images for deployment.
- Environment Variables: Set necessary variables to manage application behavior seamlessly.
This comprehensive guide takes users through the setup process and ensures their server is efficiently deployed.
Custom Domain Configuration
To personalize deployment further:
- DNS Setup: Align your domain to point accurately to the VPS.
- Secure Connection: Use Let’s Encrypt to enable HTTPS, ensuring secure transactions and data protection over the network.
This adds a layer of professionalism and security to the deployed application.
Ensuring VPS Security
For adequate server protection, users are directed to detailed resources on VPS security. Following these guidelines helps safeguard against potential vulnerabilities.
Frontend Deployment
Cloudflare Pages is recommended for frontend deployment, offering a fast and efficient way to deliver the frontend application to users.
Debugging Cookies
To maintain and troubleshoot cookie-related issues, users are pointed to resources specifically designed for debugging cookies, facilitating smoother operations.
This project guide equips developers with the tools and knowledge necessary to implement custom authentication systems across various platforms securely and efficiently.