Milestone 7: Authentication and Authorization for Property Management System.
Table of contents
In my previous milestone (milestone 6), I create the API endpoints for CRUD(Create, Read, Update, and Delete) functionalities for user and house entities, In addition, I enhance the integrity and reliability of the system by implementing associations between the related tables and validation on the attribute on each entity.
Continuing with the progress, in this milestone, I have enhanced the security of the system by implementing authentication and authorization mechanisms.
Authentication mechanism
To ensure secure user authentication, I used the JWT(JSON Web Token) technology to generate a token when the user signs up or logs in. This token helps the server to know which user is making a request. Below is a screenshot of a generated token when a user logs in.
I wrote an article that provides step-by-step instructions on implementing JWT-based authentication in Rails. Here is the link
Authorization mechanism
To maintain strict control over system access, I implemented an authorization mechanism. In the application controller, I created a method that verifies:
The user's role
Whether the user is the owner of a house
Only registered users can create a house.
This approach ensures that only registered users can create a house, and only the admin and house owners have permission to modify or delete a house. Below is the screenshot of the method.
In addition to the above security measures
I incorporated active storage functionality to facilitate the uploading of images and videos for the house entity, as well as avatars for the user entity. I wrote an article on how to implement active storage in an application here is the link.
I optimized the API format to the json_api standard. This format offers a straightforward and user-friendly approach to working with APIs
Lastly, I wrote the tests for the controllers and models using
rspec
to write the test, andfaker
to generate fake data.
Challenges faced
- I encountered some challenges, particularly in optimizing the API format to json_api. However, I managed to overcome these difficulties with the help of a video tutorial that provided valuable insights and solutions.
For the next milestone, I will reveal the UX design I will be using in the front end of the application. Stay tuned!!