Skip to content

Authentication and Authorization

Jump to bottom
David White edited this page Dec 20, 2023 · 2 revisions

Introduction

The Community Nostalgia Initiative backend uses Passport.js for authentication, providing a robust set of strategies for authenticating users. It supports Google OAuth for production environments and a mock strategy for testing purposes.

Authentication Flow

Google OAuth Strategy

  • Users are redirected to Google for consent and authentication.
  • Google returns an access token, refresh token, and profile information to the server.
  • After successful authentication a check is performed to see if the user exists in the database using their Google profile ID.
    • If the user exists, their session is updated.
    • If the user does not exist, a new user document is created with the details from the Google profile.

Mock Strategy (Testing)

  • Used when NODE_ENV is set to "test".
  • Bypasses actual authentication for testing purposes.

User Session Handling

  • Passport serializes the user's information into the session upon login.
  • Deserializes the user on subsequent requests, attaching it to req.user.

Authorization Strategy

  • Middleware functions inspect req.user to determine roles and permissions.
  • Access to API endpoints is controlled based on the user's role.

User Roles

Base User

  • Default role for new users.
  • Capabilities: Create, update, delete own posts, react, and flag posts.

Moderator (isModerator = true)

  • Inherits Base User capabilities.
  • In addition, moderators can also:
    • Edit or delete any experience post.
    • Ban users.
    • View and edit flags.

Admin (isAdmin = true)

  • Inherits Moderator privileges.
  • Can modify user roles and manage moderator status.
Clone this wiki locally