这是一篇美国的pymongo https网页和后台服务器相关计算机作业代写

Objective 1: Visit Counting Cookie

Use a cookie to count the number of times a user has visited your home page. When a user first requests your home page (path “/”), set a cookie to 1 to track the number of times they visited your page. If the cookie is already set (Subsequent visits), read the cookie to check the number of times the user visited, increment this value by 1, then set the cookie with the incremented value.

Only set/update the cookie on requests for the root path “/”.

The cookie must have an expiration time of 1 hour or longer. It cannot be a session cookie.

Add some HTML to your home page that displays the number of visits for the user.

<h1>Number of page visits: 5</h1>

Note: As always, you can personalize these messages if you’d like as long as it’s clear to the

grader that the visit count is displayed.

Testing Procedure

1. Start your server with “docker-compose up”
2. Open a browser and navigate to http://localhost:8080/ (or http://localhost or

https://localhost if objective 5 is complete AND the app doesn’t load on 8080)

3. Verify that somewhere on the page is a visit count of 1
4. Refresh the page
5. Verify that somewhere on the page is a visit count of 2
6. Close the browser window
7. Open a new window of the same browser and navigate to http://localhost:8080/
8. Verify that somewhere on the page is a visit count of 3 (Verifies that the cookie is not a session cookie)
9. Open a different browser and navigate to http://localhost:8080/
10. Verify that somewhere on the page is a visit count of 1

Objective 2: Authentication and Tokens

Add authentication to your app. This must include 2 forms:

• A registration from: Used when a user creates an account by entering a username and password

• A login form: Used to login after a user creates an account by entering the same username and password that was used when they registered

You have much flexibility in how you create these forms. You can use an HTML form element with url or multipart encodings, process the form using JavaScript to send an AJAX request, or any other approach that implements the required features.When a user sends a registration request, store their username and a salted hash of their password in your database.

When a user sends a login request, authenticate the request based on the data stored in your database. If the [salted hash of the] password matches what you have stored in the database, the user is authenticated. When a user is authenticated, display a success message on the page that loads when the form is submitted (or on the current page if you’re using AJAX). For example:

When a user successfully logs in, set an authentication token as a cookie for that user with the HttpOnly directive set. These tokens should be random values that are associated with the user. You must store a hash of each token in your database so you can verify them on subsequent requests.

The auth token cookie must have an expiration time of 1 hour or longer. It cannot be a session cookie.

Whenever a request for your home page is received from a user with a valid authentication token as a cookie, the page must contain a message containing that user’s username. For example:

<h1>Welcome back <username>!</h1>

Security: Never store plain text passwords. You must only store salted hashes of your users’passwords. It is strongly recommended that you use the bcrypt library to handle salting and hashing.

Security: Only hashes of your auth tokens should be stored in your database (Do not store the tokens as plain text). Salting is not required.

Security: Set the HttpOnly directive on your cookie storing the authentication token.

Testing Procedure

1. Start your server with “docker-compose up”
2. Open a browser and navigate to http://localhost:8080/
3. Find the registration form and register a username/password
4. Navigate back to http://localhost:8080/ if a different page loaded after the form submission

5. Find the login form and enter the same username, but an incorrect password
6. Refresh the home page and verify that your username is not displayed
7. Back on http://localhost:8080/, submit the login form again with the correct username and password from the registration step

8. Refresh the page (Go back to the home page if a different page loaded after the form submission) and verify that you can see a message that contains your username

9. Restart the server with “docker-compose restart”
10. Navigate to http://localhost:8080/
11. Verify that the page still acknowledges that you’re logged in and displays your username

12. Open a second browser, register and login with a different username, refresh the page, and verify that your username is displayed

13. Refresh the first browser and verify that your username is still displayed
14. Delete your authentication token in the first browser
15. Refresh the page
16. Verify that your username is no longer displayed17. Security: Check the server code to ensure passwords are being salted and hashed before being stored in the database

18. Security: Look through the code and verify that the tokens are not stored as plain text

19. Security: Verify that the cookies HttpOnly directive is set