A simply secure sign-up/sign-in implementation for web app. You may consider this as runnable guideline for your implementation.
This project demonstrates the secure web app by using 3 public web pages and 1 protected user profile page
Public pages
- /landing
- /signup
- /signin
Protected page
- /secure/profile
After I went through for many programming tutorials, I thought It was time to create some web app myself.
The first thing in my head was "What should I create?" (the big question in my life) and then the next question was "Which framework should I use for frontend, backend and database?" and then again and again many questions pop into.
But a big common question for most web application that is "How can I secure the content inside my app?"
Sound easy at first for newbie as me, just create a page for sign-in. BUT the truth never be easy like that.
I did search for this topic and found scattered information spreads all over internet. Those infomation will give me wrinkles, I don't want to be an expert on this topic, I just want to create an app with acceptable secure.
Then I create this project with hope that opensource community will help me out, as always. and also to help people with the same situation as me to solve this issue.
- A secure Sign-up/Sign-in implementation
- Validate input on Client side
- Validate input on Server side
- Detect && Protect abnormal usage ???
- Security logging
- Detect/Protect DoS attack ???
- Protect Cross-site Scripting (XSS)
- Protect SQL injection
- EU's General Data Protection Regulation Compliance ??? (trying to achieve)
These instructions will get you a copy of the project up and running on your local machine for development and testing purposes. See deployment for notes on how to deploy the project on a live system.
If you just want to check this project out, you don't need anything special; just Git, npm and Node.js.
Anyway, if you want to see how we implement DB-tier, You gonna need to install PostgreSQL or MongoDB. Check Deployment for more info
git clone https://github.com/VaultExpress/vault-express.git
cd vault-express
npm install
We use .env file for setting environment variables which you can see what we use in .env-example For quick start you may
cp .env-example .env
and then you can start the server by
npm start
npm test
Coming soon...
- Express.js - Fast, unopinionated, minimalist web framework for Node.js
- Helmet - Helmet helps you secure your Express apps by setting various HTTP headers
- Passport - Simple, unobtrusive authentication for Node.js
Please read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests to us.
We use SemVer for versioning. For the versions available, see the tags on this repository.
See also the list of contributors who participated in this project.
This project is licensed under the MIT License - see the LICENSE file for details