Admin: serveraction and otp form

[ShivanshPlays]

admin auth is now functional.

PR2: #518

PR Justification for Level 3

---

Summary

This PR introduces a new server action for admin functionalities and an OTP form to improve the security and user experience for the admin login process. The changes also include backend modifications to properly handle OTP verification and the handling of the OTP logic on the server side. These updates enhance the login security and overall admin management experience.

---

Key Enhancements and Changes

1. Server Action for Admin Authentication

• Objective: Implement server-side actions to handle admin authentication more securely and efficiently.
• Implementation:
  • Created a server action to handle admin login, which securely verifies the admin's credentials.
  • Integrated OTP (One-Time Password) logic to add an additional layer of security for the admin login process.
  • Ensured that the server-side logic manages OTP generation, validation, and expiration.
  • Error handling has been implemented for both failed login attempts and expired OTPs.

2. OTP Form for Admin Login

• Objective: Develop a secure OTP-based login system for admins to ensure enhanced security during the authentication process.
• Implementation:
  • Designed and developed the OTP form that prompts admins to enter the OTP sent to their registered email or phone number.
  • The form validates the OTP against the server-side stored value and allows access upon successful verification.
  • Included error handling to display appropriate messages for incorrect OTP or expired OTP attempts.
  • Incorporated visual feedback, such as loading states and success/error alerts, to improve the user experience.

3. Backend Modifications

• Objective: Ensure seamless interaction between the frontend OTP form and the backend server action logic.
• Implementation:
  • Modified the backend to accommodate OTP generation and verification.
  • Integrated the OTP logic with the admin login process to ensure that only admins with valid OTPs can access the admin dashboard.
  • Implemented security measures to prevent brute force attacks on the OTP generation process.

4. Documentation Update Required

• Objective: Update documentation to include the new server action and OTP flow for admin authentication.
• Implementation:
  • Revised the admin authentication documentation to include detailed instructions on the OTP-based login process.
  • Updated server action documentation to reflect the changes in the login flow and security mechanisms.

---

Points Justification

This PR meets the 40-45 points level due to the following contributions:

• New Feature (Server Action and OTP Form): Introduced server-side logic for admin authentication, ensuring secure access with OTP-based login.
• Security Enhancements: Added OTP verification to prevent unauthorized access and improve security for admin operations.
• Error Handling: Implemented robust error handling on both the frontend and backend to ensure smooth user experience and provide informative error messages.
• Backend Modifications: Adjusted server-side logic to support the OTP generation, validation, and integration with the admin login process.
• Documentation Updates: Included necessary updates in the documentation to explain the new authentication flow and the OTP process.

---

Conclusion

This PR introduces significant security improvements with the addition of the OTP-based admin authentication system. The changes also ensure that the login flow for admins is both secure and user-friendly, with appropriate error handling and feedback. The backend modifications are designed to integrate the OTP logic seamlessly, ensuring smooth functionality. The addition of documentation updates ensures that developers and users are well-informed about the new changes and how to use the OTP authentication system effectively.

1.mp4

[vercel]

@ShivanshPlays is attempting to deploy a commit to the Piyush's projects Team on Vercel.

A member of the Team first needs to authorize it.

[swarooppatilx]

lgtm

[swarooppatilx]

@ShivanshPlays pull the latest changes

[ShivanshPlays]

okay

[ShivanshPlays]

@swarooppatilx please check now