added login/signup page with basic functionality #27
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- login/signup page with basic functionality, query the database to register/authenticate a user - password hashing with bcrypt - currently there is no validation for email and password in the sign up form, it just inserts the user into the db as long as the password and confirm password fields match - will have to create sessions in the future, add form validation and send authentication links to emails
xTrig
requested changes
Oct 15, 2021
web/utils/query.js
Outdated
| export async function query(q, values) { | ||
| try { | ||
| const results = await pool.query(q, values) | ||
| await pool.end() |
There was a problem hiding this comment.
We actually don't want to ever close this pool. It should always be available for the lifecycle of the server.
web/utils/query.js
Outdated
| @@ -0,0 +1,21 @@ | |||
| require('dotenv').config(); //Load from the .env file | |||
There was a problem hiding this comment.
This is loaded from the new server.js file, we don't need this anymore.
web/utils/query.js
Outdated
| @@ -0,0 +1,21 @@ | |||
| require('dotenv').config(); //Load from the .env file | |||
| const mysql = require('mysql2'); | |||
There was a problem hiding this comment.
Maybe import mysql2/promise so we can use async/await with the pools/queries
web/pages/api/signin.js
Outdated
| try { | ||
| const results = await query(` | ||
| SELECT password FROM users WHERE email = ? | ||
| `, email) |
There was a problem hiding this comment.
Prepared Statements have to pass in their fields in an array, so you'd have to wrap email in an array.
[email]
xTrig
approved these changes
Oct 15, 2021
web/pages/api/signup.js
Outdated
| - send validation link to email | ||
| */ | ||
|
|
||
| const hashedPW = await bcrypt.hash(password, 10) |
There was a problem hiding this comment.
The salt rounds should probably be a system constant somewhere, in case we decide to change it later for some reason.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
login/signup page with basic functionality, query the database to register/authenticate a user
password hashing with bcrypt
currently there is no validation for email and password in the sign up form, it just inserts the user into the db as long as the password and confirm password fields match
will have to create sessions in the future, add form validation and send authentication links to emails