Express JS Assignment- 4

Basic Questions

  1. Create two demo routes /auth-demo and /authz-demo to illustrate authentication (user login) vs authorization (role check).
  2. Implement session-based authentication using express-session.
  3. Store and retrieve a session value (e.g., userId) in Express.
  4. Generate a JWT token in Express, then decode and log its header, payload, and signature separately.
  5. Generate a JWT token using the jsonwebtoken library.
  6. Create an Express middleware that verifies JWT tokens.
  7. Protect a route /dashboard so only users with valid tokens can access.
  8. Implement login route that issues a JWT upon successful authentication.
  9. Add token expiry of 15 minutes while signing JWT.
  10. Decode a JWT token and display its payload.
  11. Build a route /stateless-demo that returns a response only if a valid JWT is sent, proving stateless session handling.
  12. Implement a logout route for session-based authentication.
  13. Implement both session‑based login (/session-login) and JWT‑based login (/jwt-login) in the same app to compare behavior.
  14. Create a roles field in a user object and print it on login.
  15. Add middleware that blocks users without the admin role.
  16. Create two routes: /rbac-dashboard accessible only by role=admin and /pbac-orders accessible only if permission delete:orders exists.
  17. Create an Express route /profile protected with role-based access.
  18. Secure the /login route by validating email and password.
  19. Store encrypted passwords using bcrypt in MongoDB.
  20. Implement a simple “forgot password” endpoint (just input email).

Intermediate Questions

  1. Configure session cookies to be HTTP-only and secure.
  2. Implement session storage using connect-mongo with MongoDB.
  3. Create a JWT with custom claims (like isPremiumUser: true).
  4. Write middleware that extracts JWT token from Authorization header.
  5. Implement refresh tokens along with access tokens in Express.
  6. Store refresh tokens in DB and validate them on token renewal.
  7. Revoke a JWT token manually (invalidate refresh token in DB).
  8. Write middleware that enforces role-based authorization for /admin.
  9. Extend role-based system to permission-based access control (PBAC).
  10. Implement a permission check: /orders/delete requires delete:orders.
  11. Secure an endpoint with multiple roles (e.g., admin OR moderator).
  12. Build a registration route that hashes passwords using bcrypt.
  13. Add password strength validation in registration.
  14. Implement a password reset route that verifies a reset token.
  15. Implement email-based password reset link with expiry.
  16. Implement two JWT tokens: one /short-token with 1‑minute expiry and another /refresh-token with 15‑minute expiry, then log expiry results.
  17. Create MySQL table users with encrypted password storage.
  18. Write an Express route to authenticate users from PostgreSQL.
  19. Implement MongoDB User model with schema validations.
  20. Secure sensitive routes (/settings, /billing) with token checks.

Advanced Questions

  1. Build a complete login + registration system with JWT authentication.
  2. Implement access + refresh token flow with automatic renewal.
  3. Add role-based and permission-based access to multiple endpoints.
  4. Build a middleware that checks role hierarchy (admin > manager > user).
  5. Implement two-factor authentication using OTP + JWT.
  6. Build a “forgot password” + “reset password” system with email + expiry.
  7. Secure JWT by storing refresh tokens in DB + blacklist revoked tokens.
  8. Implement session-based login with persistent store + auto-expiry.
  9. Integrate authentication system with MySQL, MongoDB, PostgreSQL and demonstrate login from each.
  10. Create a mini project:
    • Registration + Login with JWT
    • Role-based access control
    • Refresh tokens
    • Password reset
    • Database integration