Authentication & Authorization

JWT Authentication

Login Flow
- User authenticates through external auth service
- Receives JWT token
- Token contains: user_id, username, store_id (if applicable)

Token Usage

// Token verification in middleware
const token = req.headers.authorization?.split(' ')[1];
const decoded = jwt.verify(token, process.env.JWT_SECRET);

Token Refresh
- Implement token refresh logic in auth service
- Tokens typically expire after 24 hours

Passport Strategies

Basic HTTP authentication for admin/internal endpoints:

// In middleware/passport.js
passport.use(new BasicStrategy(
  function(username, password, done) {
    // Validate credentials
  }
));

Authorization Levels

Public - No authentication required
Authenticated User - Requires valid JWT
Store Owner - Requires JWT with store_id
Admin - Requires Basic Auth or special admin JWT
Affiliate - Requires JWT with affiliate permissions

Middleware Chain Example

app.post(
  '/product/add',
  verifyCross,           // Verify JWT token
  getStoreID,            // Extract store ID
  validator.validate(),  // Validate request
  productController.addProduct
);

Project Overview

Architecture

Getting started

Environment Configuration

Database Setup

Project structure

Core modules

API Documentation

Authentication & Authorization

Features & Integrations

Scheduled Tasks

WebSocket and payment integration

File Upload & Storage

Testing and deployment

Troubleshooting

Best practices

Additional Resources

Appendix

Authentication & Authorization

JWT Authentication

Passport Strategies

Authorization Levels

Middleware Chain Example

No Comments