DEV Community

loading...
Cover image for Build a complete warehouse management system with React and Django.

Build a complete warehouse management system with React and Django.

Desmond
Just do it.
・1 min read

Update

My React Frontend now authenticates successfully with my django backend through Token Authentication. Might change it to JWT's later on.
My only doubt is whether to continue storing the Token in localstorage in the screenshot below(Might be a vulnerability) or request the token on every request to the backend (Delayed responses due to two round trips?). Please comment below with your views .

Caching
Added A Caching layer as well with Redis. It only caches a section of the template rendered by homepage and some other read heavy pages.
This is built into django with the help of the caching templatetags.

#view
from django.views.decorators.cache import cache_page

@cache_page(60 * 15)
def my_view(request):
    ...

 #template file
{% load cache %}
  {% cache menu request.user.email %}

 #menu for logged in user

{% endcache %}

Enter fullscreen mode Exit fullscreen mode

Auth Token

Discussion (20)

Collapse
louy2 profile image
Yufan Lou

Please do not store secrets in the local storage. They'd be accessible by any third party script loaded to your website, and one cross-site scripting attack away from leaking.

For more, please read Please Stop Using Local Storage

Some other considerations regarding session ID security: On Securing Web Session Ids

Collapse
nyamador profile image
Desmond Author

Thank you. I wasn't really sure on it🙏.
I'll checkout the resources.

Collapse
gandalfarcade profile image
Chris Mumford

Definitely avoid storing your token in LocalStorage. Using a HttpOnly cookie might better serve you.

owasp.org/www-community/HttpOnly

I don't know the full context of your token needs but I would usually recommend using a JWT for granting access to an API. For most use cases they are a simple but effective solution.

blog.logrocket.com/jwt-authenticat...

Thread Thread
nyamador profile image
Desmond Author

Thanks Chris⚡

Collapse
zachary profile image
zachary

interest project, if you want collaboration on this, hit me up.

Collapse
nyamador profile image
Desmond Author • Edited

Hey there I'll provide a link to the github repo in my next post. I need to prepare it for collaboration.
May I know what technologies you work with?

Collapse
zachary profile image
zachary

As my Github account mentioned, I am familiar with Python + Django + React | RN or Vue, and PHP + Laravel, Java Spring boot.
Thanks

Thread Thread
nyamador profile image
Desmond Author

Awesome⚡

Thread Thread
nyamador profile image
Desmond Author

Hi Zachary here's the link to the repo

github.com/Nyamador/wms

Collapse
paulbijacho profile image
Paul Bijan Coch

Hey Desmond, amazing product, and of course a very interesting topic.
Would you like to integrate your project into our platform and make it reusable, and scalable for you and your future developments - and maybe even for others? You may earn some easy money from it. Hit me up on paul.coch@generato.com or linkedin.com/in/paul-coch

Collapse
botmrtomtastic profile image
Mr. Tomtastic Hoffmann

Hello, do you have a video available of this project?

Collapse
nyamador profile image
Desmond Author

Not yet. I mean of it's possible I might put up a video soon

Collapse
botmrtomtastic profile image
Mr. Tomtastic Hoffmann

That would be awesome.

Thread Thread
nyamador profile image
Desmond Author

In the mean time you could subscribe and turn on notifications.
youtube.com/channel/UCHclsWHoxEZU0...

Thread Thread
botmrtomtastic profile image
Mr. Tomtastic Hoffmann

Done! Can't wait for the video!!

Collapse
yogigachinmath profile image
Yogi

Use cookies with http only.

Collapse
nyamador profile image
Desmond Author

I resorted to using JWT

Collapse
jayso_o1 profile image
Sowah Joseph Anyetei

Hello, Desmond can you explain the two round trip u mentioned...How is that happening?

Collapse
nyamador profile image
Desmond Author

I mentioned two round trips in the case where the JWT would have to be fetched from the server upon every request and if the refresh token is also expired then that's an extra delay to get a fresh one.