I've finished a dashboard where I implemented a register and login system with account verification and password recovery. I used react for the frontend, serverless functions and mongodb. It was the first time and even though it worked I'm not sure I did it following the best practices.
Now I have to do something similar, but the company I will work with is using postgres as the db and I haven't used SQL databases in a long time, therefore I'm a bit confused about how to use the tokens for account verification and password recovery, where to store them, and how to implement the access token and refresh token for session management.
This is what I did for account verification when I used mongodb and what I intend to do now with postgres. When a user registers in the frontend, it calls a serverless function that stores the data (name, email, password, isVerified = false, verification Token, and token expiration date) in the db and a verification email is sent to that user with a link containing the verification token. When the user clicks on that link a serverless function compares the token contained in that link with the one from the db and if they are the same the field isVerified in the db is changed to true and the verification token and the token expiry are deleted.
The process is similar for password recovery although in this case the token is created only when the option for password recovery is clicked in the frontend.
Is this a good way to implement it? can I do the same with postgres? I'm not sure how to create the table for users and how to proceed with the tokens.
Thanks a lot in advance.
I haven't tried anything yet with postgres because I don't have access to the db. The company that manages that db has asked me to given them the fields that I need to do the frontend and they'll include them in the db. I don't want to say something wrong.