Is it still valid for use for today's standards ?

[VasilisKosmas]

Is this code still valid and relatively secure for using it today, considering that 4 years have passed since it's been published ?

Any extra advice or footnote ?

[tech-alchemist]

No. few npm module versions are outdated w.r.t syntax in this repo.

[natoine]

Guys, this code needs only few updates to be valid.

Take latest version of npm modules
You will have to change few things for Mongoose :
in server.js : mongoose.createConnection(configDB.url)
instead of mongoose.connect(configDB.url)
in User.js :
var configDB = require('../../config/database.js')
var db = mongoose.createConnection(configDB.url)
module.exports = db.model('User', userSchema)
instead of :
module.exports = mongoose.model('User', userSchema)

And it's allright for local.

For Facebook :
in passport.js :
passport.use(new FacebookStrategy({

    // pull in our app id and secret from our auth.js file
    clientID        : configAuth.facebookAuth.clientID,
    clientSecret    : configAuth.facebookAuth.clientSecret,
    callbackURL     : configAuth.facebookAuth.callbackURL,
    profileFields: ['id', 'displayName', 'link', 'about', 'emails']

},

You only need to add the profileFields

Don't have tried the twitter and google auth right now but will do soon.

@sevilayha maybe you can make a little update of this code ?

[Mydayyy]

Hi,

no, this is not secure at all.

Please read my issue for further information.

#51

[natoine]

Hi Mydayyy

could you be more precise and explain a bit more what changes should be done il the actual project ?

Maybe give some references about good practices ?

Thank for your time.

[Mydayyy]

Hi @natoine,

I updated my original issue and went a little bit more indepth about the security problem here.

#51

~Mydayyy

[EddieOne]

Since this was made for express 3, it's overly complicated in express 4. Skipping passport and using middleware is the way to go if you ask me.