This project is a web application that allows users to register, log in, and view confidential information (secrets). It focuses on implementing authentication and security practices. The app is currently at Level 6 Authentication, utilizing Google OAuth 2.0 with Passport.js for user authentication, as well as session management.
- Node.js
- Express.js
- MongoDB
- EJS (Embedded JavaScript Templating)
- Mongoose-encryption
- dotenv
- md5
- bcrypt
- Passport.js
- express-session
- passport-local-mongoose
- mongoose-findorcreate
- Google OAuth 2.0
- User Registration: Allows new users to register by providing their email and password.
- User Login: Registered users can log in using their credentials.
- Secrets Page: After logging in, users can view the secrets page.
- Password Security: User passwords are securely stored in the database using hashing and encryption techniques.
- OAuth 2.0 with Google: Users can log in with their Google account using OAuth 2.0.
- Session Management: Uses sessions for maintaining authentication status across routes.
- Submit Secrets: Authenticated users can submit their own secrets to the app.
- Salting and Hashing: Ensures passwords are salted and hashed before storing in the database.
In this basic level, user passwords are stored in the database in plain text. This is highly insecure and should not be used in production.
In this level, passwords are encrypted before being saved in the database. This protects the passwords in case the database is compromised.
At this level, passwords are hashed using md5 before being stored. Hashing is a one-way function, but md5 is outdated and vulnerable to attacks.
At this level, the app uses bcrypt to salt and hash passwords. Bcrypt is a more secure algorithm that makes it difficult for attackers to reverse the hash or use precomputed attack tables.
In this level, the app uses Passport.js with a local strategy for authentication. It manages user sessions, allowing users to log in with a username and password.
At the highest level, Google OAuth 2.0 is integrated using Passport.js. Users can authenticate with their Google account, and the app either finds an existing user or creates a new one using findOrCreate.
-
Clone the repository.
git clone https://github.com/sabhisharma-ise/Secrets.git cd Secrets/
-
Install the necessary dependencies:
npm install
-
Set up a .env file to store your secrets, including Google OAuth credentials:
MONGO_URI=mongodb://localhost:27017/userDB SECRET=yourSecretKey CLIENT_ID=yourGoogleOAuthClientID CLIENT_SECRET=yourGoogleOAuthClientSecret
You can get your Google OAuth credentials from Google Developer Console.
-
Start your MongoDB server:
mongod
-
Start the application:
node app.js
-
The application will be running at:
http://localhost:3000
- /views: Contains the EJS templates for different web pages.
- home.ejs: Home page
- login.ejs: Login page
- register.ejs: Registration page
- secrets.ejs: Page shown after successful login.
- submit.ejs: Page where users can submit their secrets.
- /public: Static files (e.g., CSS).
- /css: Contains styles.css for styling the web pages.
- /views/partials: Contains reusable parts like the header and footer (header.ejs, footer.ejs).