Now, it's time to secure the admin section so that only authorized users can log in.
An important thing to note here is that we will need to secure both the client-side admin section and also our server-side APIs, because it is relatively easy to bypass client-side validations.
We will start with securing our server-side code. ExpressJS comes with its own session management and encryption modules.
We will enable cookieParser
in our app by adding the following line to our angcms/app.js
file:
app.use(express.cookieParser('secret'));
To encrypt confidential data such as passwords, we will use a popular utility called bcrypt to hash the password before it is stored in the database.
Let's download and install the bcrypt-nodejs
package using the following terminal command from the root of the project folder:
npm install bcrypt-nodejs
Next, we will include this in our ExpressJS app. As we will be securing our routes, we'll include the bcrypt...