Securing your admin section
Now, it's time to secure the admin section so that only authorized users can log in.
An important thing to note here is that we will need to secure both the client-side admin section and also our server-side APIs, because it is relatively easy to bypass client-side validations.
We will start with securing our server-side code. ExpressJS comes with its own session management and encryption modules.
We will enable cookieParser in our app by adding the following line to our angcms/app.js file:
app.use(express.cookieParser('secret'));Using bcrypt to encrypt passwords
To encrypt confidential data such as passwords, we will use a popular utility called bcrypt to hash the password before it is stored in the database.
Let's download and install the bcrypt-nodejs package using the following terminal command from the root of the project folder:
npm install bcrypt-nodejs
Next, we will include this in our ExpressJS app. As we will be securing our routes, we'll include the bcrypt...
