Use JWT Token
signToken = user => {
return JWT.sign({
iss : 'CodeWoker',
// put in user's id
sub : newUser.id,
data : ~,
iat : new Date().getTime(), // current time
exp : new Date().setDate( new Date().getDate()+ 1) // current tiem + 1 day
}, JWT_SECRET) // 2nd paramter : secret password
}
So, When you login,
throught client or Admin ( exclulding the case in which you are logging through google )
0) reg, login process for admin : new Fetch api form applied
1) you apply different, local strategy ,
2) And, whenever you go through verifying processes
you check whether it is
admin login or client login
HOW?
add column "admin" to "member"
add "ISADMIN" Middleware
5) google oauth refresh token의 경우에 대한 error handling