Formed in 2009, the Archive Team (not to be confused with the archive.org Archive-It Team) is a rogue archivist collective dedicated to saving copies of rapidly dying or deleted websites for the sake of history and digital heritage. The group is 100% composed of volunteers and interested parties, and has expanded into a large amount of related projects for saving online and digital history.
vault-express project - ALPHA stage
A simply secure sign-up/sign-in implementation for web app. You may consider this as runnable guideline for your implementation.
This project demonstrates the secure web app by using 3 public web pages and 1 protected user profile page
Public pages
- /landing
- /signup
- /signin
Protected page
- /secure/profile
Why?
After I went through for many programming tutorials, I thought It was time to create some web app myself.
The first thing in my head was "What should I create?" (the big question in my life) and then the next question was "Which framework should I use for frontend, backend and database?" and then again and again many questions pop into.
But a big common question for most web application that is "How can I secure the content inside my app?"
Sound easy at first for newbie as me, just create a page for sign-in. BUT the truth never be easy like that.
I did search for this topic and found scattered information spreads all over internet. Those infomation will give me wrinkles, I don't want to be an expert on this topic, I just want to create an app with acceptable secure.
Then I create this project with hope that opensource community will help me out, as always. and also to help people with the same situation as me to solve this issue.
Features
- A secure Sign-up/Sign-in implementation
- Validate input on Client side
- Validate input on Server side
- Detect && Protect abnormal usage ???
- Security logging
- Detect/Protect DoS attack ???
- Protect Cross-site Scripting (XSS)
- Protect SQL injection
- EU's General Data Protection Regulation Compliance ??? (trying to achieve)
Getting Started
These instructions will get you a copy of the project up and running on your local machine for development and testing purposes. See deployment for notes on how to deploy the project on a live system.
Prerequisites
If you just want to check this project out, you don't need anything special; just Git, npm and Node.js.
Anyway, if you want to see how we implement DB-tier, You gonna need to install PostgreSQL or MongoDB. Check Deployment for more info
Installing
git clone https://github.com/VaultExpress/vault-express.git
cd vault-express
npm install
We use .env file for setting environment variables which you can see what we use in .env-example For quick start you may
cp .env-example .env
and then you can start the server by
npm start
Running the tests
npm test
Deployment
Coming soon...
Built With
- Express.js - Fast, unopinionated, minimalist web framework for Node.js
- Helmet - Helmet helps you secure your Express apps by setting various HTTP headers
- Passport - Simple, unobtrusive authentication for Node.js
Contributing
Please read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests to us.
Versioning
We use SemVer for versioning. For the versions available, see the tags on this repository.
Contributors
See also the list of contributors who participated in this project.
License
This project is licensed under the MIT License - see the LICENSE file for details