The title says most of it. For authentication, the token gotten from the POST
method can be put as a 'Token' header. It's then validated before being used.
Other changes caused by this update are:
- Fixed a bug where the creation token was unusable due to lacking the
user password hash
- Changed the signing method to HMAC, requiring a string for encryption
This is mentioned in the README.md
Introducing a unified signup and login API. You can post to the /user
route with credentials (so far just name and password), and if the user
doesn't exist, we create the user and return a token. If the user does
exist, if the password inputted matches the database password, we return
a token for that user, else we return an error.
i've never wanted to kms more during a programming session
