Book Image

A Blueprint for Production-Ready Web Applications

By : Dr. Philip Jones
Book Image

A Blueprint for Production-Ready Web Applications

By: Dr. Philip Jones

Overview of this book

A Blueprint for Production-Ready Web Applications will help you expand upon your coding knowledge and teach you how to create a complete web application. Unlike other guides that focus solely on a singular technology or process, this book shows you how to combine different technologies and processes as needed to meet industry standards. You’ll begin by learning how to set up your development environment, and use Quart and React to create the backend and frontend, respectively. This book then helps you get to grips with managing and validating accounts, structuring relational tables, and creating forms to manage data. As you progress through the chapters, you’ll gain a comprehensive understanding of web application development by creating a to-do app, which can be used as a base for your future projects. Finally, you’ll find out how to deploy and monitor your application, along with discovering advanced concepts such as managing database migrations and adding multifactor authentication. By the end of this web development book, you’ll be able to apply the lessons and industry best practices that you’ve learned to both your personal and work projects, allowing you to further develop your coding portfolio.
Table of Contents (13 chapters)
Part 1 Setting Up Our System
Part 2 Building a To-Do App
Part 3 Releasing a Production-Ready App

Adding multifactor authentication

Our app allows users to log in by providing an email and a password. This means we allow them to authenticate with something they know (i.e., the password). We could also allow them to use other factors of authentication such as using their fingerprint (i.e., something they are), or a specific mobile device (i.e., something they have). Requiring a user to authenticate using multiple factors makes it much harder for an attacker to gain access to their account, however, it also makes it harder for the user to authenticate themselves. Therefore, it is best to allow users to opt into multifactor authentication.

Users are most familiar with using their phones as an additional factor, which we will implement using time-based one-time passcode (TOTP) tokens based on a shared secret. The shared secret, on the user’s phone, is an additional factor. It is also common to use SMS messages sent to the user’s phone; however, this method is increasingly...