neverovski / nodejs-rest-api Goto Github PK

Is your feature request related to a problem? Please describe.
Users currently face difficulties accessing their accounts when they forget their passwords. This can lead to frustration and a poor user experience.

Describe the solution you'd like
Implement a "Forgot Password" feature that allows users to easily reset their passwords. The solution should include a user-friendly interface with clear instructions and possibly incorporate additional security measures for account recovery.

Describe alternatives you've considered
An alternative could be sending temporary passwords via email, but this method is less secure and may pose a risk to user accounts. The proposed "Forgot Password" feature aligns with industry standards for a secure and efficient password recovery process.

Is your feature request related to a problem? Please describe.
Currently, our platform lacks a dedicated mechanism for managing user sessions. This hinders our ability to track user activity, maintain session security, and implement features such as session timeout.

Describe the solution you'd like
Introduce a "User Session Table" to the database schema. This table will store essential information related to user sessions, including session tokens, user IDs, timestamps of session creation and last activity, and any relevant metadata. The implementation should also include mechanisms to manage session timeouts and ensure secure handling of session data.

Is your feature request related to a problem? Please describe.
Our current session management system relies on PostgreSQL, leading to potential performance bottlenecks and scalability challenges. To address this, I propose migrating session management to Redis for improved performance, scalability, and better support for features like session refreshing.

Describe the solution you'd like
Implement a session management system that uses Redis as the primary storage for user sessions. This includes a mechanism for refreshing sessions, ensuring that user sessions remain active and secure. The implementation should handle the migration of existing sessions from PostgreSQL to Redis seamlessly.

Is your feature request related to a problem? Please describe.
Currently, our platform lacks a robust email address verification system. This poses potential security risks and hampers our ability to ensure the authenticity of user accounts.

Describe the solution you'd like
Implement a comprehensive "Email Address Verification" feature. Upon user registration or updating their email address, a verification email containing a unique link or code should be sent to the provided email address. Users will be required to click the link or input the code to confirm and activate their email addresses.

Describe alternatives you've considered
An alternative approach might involve relying solely on user input without verification. However, this can lead to inaccuracies, potential misuse, and compromise account security. The proposed "Email Address Verification" feature provides a standard and secure method to confirm the validity of user-provided email addresses.