/nodeSecurity

Primary LanguageJavaScript


nodeSecurity

Made by Carlos Daniel Top Language Last Commits Top Language

🗂 Table of Contents

📑 About

This is a Javascript project created in order to learn about security methods using node.js. Creating this application i could learn about:

Branch V1

  • identify vulnerabilities
  • What is a Hashing Function
  • The differences between hashing functions
  • How the bcrypt hashing function works
  • Implement password protection in the database using bcrypt
  • Different types of login systems;
  • The advantages of a token login system;
  • How JSON Web Token Works;
  • How to implement sessionless local authentication.
  • How to generate JSON Web Tokens;
  • How to configure an authentication strategy for tokens;
  • How to generate random passwords;
  • How to store values in an environment variable;
  • How to handle authentication errors.
  • How to create tokens with expiration time;
  • How to invalidate JSON Web Tokens with a blacklist;
  • How to use Redis on Node to create a blacklist;
  • How to use Redis methods on Node;
  • Implement a token logout system.

Branch V2

  • Limitations of using a single JWT token for sessions
  • How to use refresh tokens for authentication
  • How to implement a refresh token
  • What are opaque tokens
  • How to use moment.js to set the token expiration time
  • How to perform search and delete operations in Redis
  • How to create an interface for manipulating a generic list
  • How to create an allowlist for refresh tokens
  • How to manually interact with redis from the command line
  • How to refactor the blocklist
  • How to check refresh tokens
  • How to Implement the Token Update Route
  • How to Implement the Refresh Tokens Logout Route
  • How to modularize token creation
  • How to modularize token verification
  • How to modularize token invalidation
  • How email verification is important
  • How the email verification process works
  • How to send emails on Node.js
  • How to Create Email Verification Emails
  • How to store information that a user's email is verified
  • How to Modify a User's Email Verification State
  • How to implement the email verification route
  • How to generate dynamic addresses using tokens
  • How to send emails in a production environment

Branch V3

  • coming soon

✨ Installation

Open a terminal and run the following commands:

# To copy this repository
git clone https://github.com/CarlosDanielS3/nodeSecurity.git

# To move to project directory
cd nodeSecurity

# To install the dependencies
yarn

🔥 Running

You can run the application in development mode with the command:

#Run the Server
yarn start