Try   HackMD

Project Name: Simple User Management App

Project Description:

This project aims to develop a Django application that provides a simple email and password authentication system to allow users to sign up and log in. Additionally, the application allows listing all registered users. The project will use Django REST Framework (DRF) to develop a RESTful API. SQLite will be used as the database.

Functional Requirements:

  1. User Sign Up: The user should be able to sign up by providing their email and password.
  2. User Login: The user should be able to log in with their email and password.
  3. User List: The application should allow listing all registered users.
  4. Authentication: The application should verify the user's credentials before granting access to their account.
  5. Authorization: Only authenticated users should be able to access the user list.

Non-functional Requirements:

  1. Security: User passwords should be stored in a secure manner using encryption.
  2. Scalability: The application should be designed to handle a large number of users.
  3. Usability: The application should have an intuitive and easy-to-use user interface.

Technology Stack:

  • Django: Python web framework
  • Django REST Framework (DRF): To develop the API
  • SQLite: As the database

API Endpoints:

  • POST /api/signup/
  • POST /api/login/
  • GET /api/userlist/

Data Models:

  • User: email (CharField), password (CharField)

Authentication:

  • JWT-based authentication

Authorization:

  • Only authenticated users can access the user list.

Future Scope:

The following features can be added to the application in the future:

  1. User profile management
  2. Email verification for new users
  3. Password reset functionality
  4. User role-based access control.

How we will pivot to using it with Spock

We will add in another functionality (as an endpoint). The browser extension makes JWT_token, as such. This is written in Python, but this would happen in JavaScript extension logic defined in the gH for Spock.

import jwt
from datetime import datetime, timedelta

def create_jwt_token(user_id):
    # Define the payload to be included in the token
    payload = {
        'user_id': user_id,
        'exp': datetime.utcnow() + timedelta(days=1), # Set expiration time to 1 day from now
    }
    
    # Sign the token with a secret key
    token = jwt.encode(payload, 'secret_key', algorithm='HS256')
    
    return token

Once we generate this, we will verify this via a function on the backend as such:

import jwt

def verify_jwt_token(token):
    try:
        # Attempt to decode the token with the secret key and the HS256 algorithm
        payload = jwt.decode(token, 'secret_key', algorithms=['HS256'])
        
        # If the token is successfully decoded, return the payload (which should contain the user_id)
        return payload
    
    except jwt.ExpiredSignatureError:
        # If the token has expired, raise an exception or return an error message
        raise Exception('Token has expired')
    
    except jwt.InvalidTokenError:
        # If the token is invalid (i.e. signature verification fails), raise an exception or return an error message
        raise Exception('Invalid token')

To verify a JWT token in an actual application, you can use the jwt.decode() method provided by the PyJWT library. Here's an example implementation:

import jwt

def verify_jwt_token(token):
    try:
        # Attempt to decode the token with the secret key and the HS256 algorithm
        payload = jwt.decode(token, 'secret_key', algorithms=['HS256'])
        
        # If the token is successfully decoded, return the payload (which should contain the user_id)
        return payload
    
    except jwt.ExpiredSignatureError:
        # If the token has expired, raise an exception or return an error message
        raise Exception('Token has expired')
    
    except jwt.InvalidTokenError:
        # If the token is invalid (i.e. signature verification fails), raise an exception or return an error message
        raise Exception('Invalid token')

This function takes a token as input and attempts to decode it using the jwt.decode() method. If decoding is successful, the function returns the payload (which should contain the user_id). If the token has expired or is invalid, the function raises an exception or returns an error message.

In our application, we would typically call the verify_jwt_token() function to verify a token before granting access to a protected resource or performing an action on behalf of the user. For example, we could use it as follows:

token = request.headers.get('Authorization').split()[1]

# Verify the token
payload = verify_jwt_token(token)

# Use the user_id from the payload to perform some action on behalf of the user
user_id = payload['user_id']

And with this, we can convert it to an SDK (in Python) by packaging this in a library format (here and in Rust or something).

Last changed by 
Abhinav Srivastava
0
371

Read more

Clay

Support responses

Apr 13, 2024
The state of statelessness

Statelessness is important in Ethereum as it allows for nodes that sync fast to be used, increasing trust assumptions for users due to an increased decentralised verification system. It is also great for state resurrection should we ever decide to prune out the stale state or even delete less relevant states. We will likely keep a state stored elsewhere instead of on full nodes, and should we ever need it, clients can use stateless blocks for execution and verification.

Jun 18, 2023
Notes on NetSec

Perfect secrecy

May 12, 2023
Dual Approximated Reachability

Abhinav Srivastava

Apr 4, 2023
Read more from Abhinav Srivastava
Published on HackMD