User Management
Authentication
It is the first and most important component of any platform. Authentication is to validate the user against the credentials provided by him. It acts as the first line of defense to allow access to valuable data only to those who are approved by the organization. It is not only important for the owner of resources but also for user(legitimate) who is accessing those resources.
At Zamp, we are using JWT based authentication. When a user requests Signs-up/Signs-in, an OTP is sent to the email address provided by the user, if OTP is validated, he is provided a JWT which is sent as an Http only cookie in response to the API that validates the user's credentials. This JWT is used in every subsequent API request to Zamp to check if the user if Authorized to access the requested resources.
User Sanity Middleware
When a user Signs-up, a merchant is created for him and a User-Merchant relation is established. A user must be associated with a merchant to perform any action on Zamp platform.
The relation that is established between a User and Merchant is validated in every subsequent API request made to Zamp after a user Signs-up. The validation of this relation is termed as User sanity. And the piece of code that performs this check is called User Sanity middleware.