This week focuses on enhancing the e-commerce web application developed in the previous week by adding authentication, user-specific interactions, and improving overall security. The emphasis is on implementing secure user authentication and authorization while expanding React state management techniques.

Workshops

Get Started with AWS CDK

Execute Program

• Finish previous courses

Topics

• User authentication and authorization in web applications

• Secure handling of user registration, login, and logout

• Session management (stateless vs stateful approaches)

Project

Continue developing the e-commerce application with the following new features:

• Implement user authentication (registration, login, logout)

• Create user-specific shopping carts and order history

• Implement session persistence

Additional Skills

• Implementing role-based access control (for admin functionalities)

These resources are helpful extra reading that may clarify or enhance concepts you’re learning in the main curriculum.

• Despite the title this talk actually covers most aspects of web authentication in a very accessible way

Authetication

• Learn how to handle user registration, login, and logout functionality securely (K8, S17, B5)

• Understand the principles of authentication and authorisation in web applications (K8, S17)

• Develop strategies to mitigate security threats such as Cross-site Request Forgery (CSRF) attacks (K8, S5, S13, B3, B5)

React

• Implement navigation between different pages using React Router (S1, S11, S12)

• Understand using the context API and how it can help with complicated state management in React (K7, S1, S16)

• Have working knowledge of the useReducer hook and how it can aid in using useContext for state management (K7, K9, S1, S7)

Project

Your project this week is continue work on the e-commerce shop you started last week and to add authentication and user specific interactions.

Spike

Before you start writing features you need to create a security plan. There should be a section in your README.md that describes how you will secure your app and mitigate different potential attacks.

Questions to consider

• Will you store session info in a token (stateless) or in your database (stateful)?

• How will you check a user’s identity (authentication)?

• How will you control what actions a user can take (authorization)?

Useful resources

User stories

As a shopper, I want to:

• Log into my account using my email and password

• Have my user session persist, so I don't have to log in every time

• Log out of my session

These User Stories from last week should be updated to be linked to a shoppers account

• Add products to a shopping cart

• View and edit items in my shopping cart

• Complete the checkout process to "purchase" products in my cart

Stretch user stories

As an admin, I want to:

• Log into an admin section of the site

• Add, edit and delete products

• View and export reports on site analytics

Acceptance Criteria

• Users must log in to use site

• Each user has their own session with unique carts and order history

• Information stored about users in database is visible on site

• Using the site updates information about users on database

Stretch

• Site has admin functions