Learn how to protect API roots using basic authentication with username & password! Secure your database and prevent data breaches with Bcrypt. Watch now!
For additional learning materials and updates:
Follow me on Twitter: / dolearning
Sign up for my newsletter: https://kevincunningham.co.uk/newsletter
Find all the code for this video here: https://github.com/doingandlearning/b...
This video demonstrates how to protect API routes using Basic Authentication (basic auth) with a username and password. The process involves encoding the email (used as username) and password through Postman's basic auth authorization tab. The backend API receives the authorization header with a "Basic" prefix and a base64-encoded string. The backend then needs to do the following:
1. Store the password securely in the database.
2. Check if there's an authorization header that begins with "Basic" and has the encoded string.
3. Decode the string, separate the email and password, and check if there's a user with that email in the database.
4. Compare the sent password with the password in the database.
5. If everything is successful, the user can access the protected route; otherwise, return a 401 unauthorized header.
The implementation involves updating the user model to have a password field, then hashing the passwords using a library called Bcrypt. The hashed passwords are then stored in the database alongside a generated salt to further enhance security.
In addition to implementing Basic Auth middleware, the video also highlights the importance of not sending back the password field when requesting users. To fix this, the select attribute in the password field of the model is set to false.
However, using Basic Auth with HTTP can have potential security risks, such as interception by malicious users on the network. To mitigate these risks, HTTPS is recommended, and future videos will explore JSON web tokens (JWTS) as another layer of protection.
00:00 Introduction
00:34 Basic Authentication
02:19 Password Hashing
04:29 Mongoose Hooks
07:42 Protecting Routes
11:38 Middleware Functions
15:36 Compare Password
18:46 Selective Middleware Application
In questa pagina del sito puoi guardare il video online Securing API Routes: Basic Authentication Explained della durata di ore minuti seconda in buona qualità , che l'utente ha caricato Kevin Cunningham 19 giugno 2023, condividi il link con amici e conoscenti, su youtube questo video è già stato visto 2,075 volte e gli è piaciuto 51 spettatori. Buona visione!