housewarehq / backend-engineering-octernship Goto Github PK

On User 's successful login request ,I am saving tokens as http.cookies from the backend.
When i make login request using postman the cookies are stored in postman's cookies but on the other hand if i make login request through my React.js client from browser they are not stored in browser's cookies section. i.e.(/devtools/application/cookies)

Code:

Storing cookie-

ctx.SetCookie("accesstoken", token, int(AppConstant.TOKEN_COOKIE_EXPIRY), "/", "localhost", false, true)
ctx.SetCookie("refreshtoken", refreshedToken, int(AppConstant.REFRESH_TOKEN_COOKIE_EXPIRY), "/", "localhost", false, true)

Login request from react.js client-

export async function AuthenticateUser  (username,password) {
        const res=await fetch(API_URL+API_LOGIN_ENDPOINT,{
        method:"POST",
        headers:{
            'Accept': 'application/json',   
            "Content-Type":"application/json"
        },
        
        mode:"cors",
        body:JSON.stringify({
            "username":username,
            "password":password,
        }),

    });
    return res.status===200

}

Frameworks used: Gin-Gonic(Backend) ,React.js(Frontend)
Tested on Browsers:Firefox ,brave.

Although i have read and tried some threads on internet that latest browser ignores domain="localhost" and also domain containing less than 2 periods i.e. "api.app.localhost" is valid but "localhost" is not.
One thing i could do is, get tokens from backend and then save them in cookies at client side and then further use them
but that's not good practice as per many people.
Then how can i achieve my goal of storing cookies in browser when domain is localhost ,In order to setup test environment for this assignment ?

Hi @shubh24 @sp35 @nipunj15 @theBstar
My feedback PR created by the github classroom got closed mistakenly after a force push.
Please can i get it reopened as i am unable to

I look forward to your response.

In assignment-update's branch readme file ,it is written that submission should on github classroom,but i am unable to find any classroom related to houseware.
While in feedback branch's readme file it is written that we have to make changes on feedback branch and not merge auto-generated PR on feedback from main.
I have done changes on feedback branch but meanwhile by mistake i have merged the auto-generated PR on feedback from main. What should i do ?
And do i have to commit final changes on main or feedback branch?

Assume a case in our assignment,that a ADMIN removes itself from database.
Now the logic i have wrote,allows this removed ADMIN to access authorised endpoints until access-token expires(happens after 1hr)
and then after 1 hr during refresh token rotation it throws 401:Unauthorised as user doesnt not exist anymore.

I want to know what is the best practice to revoke a token and shutdown user's authorised access?
Is it okay to just stick with the logic i have or there can be something more effective for this assignment purpose.

EDIT:Implemented logic which checks whether user exists in DB or not while validating access-token in authorization middleware.Basically using token's claims ,user's document ID will be provided from token to .findByID() method to query in database if this fails then user no longer exists hence user is now unauthorised

I have completed the assignment, before the deadline, in the private repository that was made for me. Do I have to do anything else except that?

'Note: Do add unit tests(for success & failure) for each API endpoint.' as mentioned in README.md file.
I am trying to add unit tests but i am not understanding what logic should i add for testing endpoints.
For eg
/login -> how can i unit test this endpoint?

Please someone help.

Am I supposed to fork the project and work on the main branch of the fork and push the changes to the main branch and wait for it to be reviewed?

I'm a little bit confused.

I'm trying to import modules but I keep getting same error message: "no required module provides package XYZ"
I'm so tired spending hours on trying to figure this out. I ran "go mod init" but no luck.

Is there any restriction using any Golang Framework and database , orm ?
Shall we use according to our proficiency and past experience?