Simple web application made while learning authentication and security.
6 Levels of security were implemented starting from basic comparison of plain text from database to OAuth 2.0 and Google authentication.
Install my-project with npm
First make a local copy of the project
MongoDB server instance required running at PORT : 27017
> Git CLI
gh repo clone D3N2-A/Secrets-App
> npm i
cd /path
> mongod
> nodemon app.js
This method simply compares the user entered password in with plain text pass stored in database
user.findOne({ em: req.body.username }, (err, foundUser) => {
if (!err) {
if (foundUser) {
if (foundUser.pwd === req.body.password) {
res.render("secrets");
}
}
} else {
console.log(err);
}
});
This method mongoose-encryption to automatically encrypt and decrypt password and strores secret key in form of enviornment variable.
userSchema.plugin(encrypt, { secret: secret, encryptedFields: ["pwd"] });
This method stores passwords in form of md5 hashes in database and and then compares input password by converting into md5.
user.findOne({ em: req.body.username }, (err, foundUser) => {
if (!err) {
if (foundUser) {
if (foundUser.pwd === md5(req.body.password)) {
res.render("secrets");
}
}
} else {
console.log(err);
}
});
This method uses advanced hashing method bcrypt for hashing and salting multiple times.
> bcrypt.hash(req.body.password, 13, (err, hash)=>{
//Storing password into DB
};
> user.findOne({ em: req.body.username }, (err, foundUser) => {
if (!err) {
if (foundUser) {
bcrypt.compare(
req.body.password,
foundUser.pwd,
function (err, result) {
if (result) {
res.render("secrets");
}else{
res.send("WRONG PASSWWORDDD!!!")
}
}
);
}
} else {
console.log(err);
}
});
This method uses passport js for authentication processes such as salting, hashing, registration, authentication and ending user session.
> userSchema.plugin(passportLocalMongoose);
//saltiing and hashing
> user.register(
{ username: req.body.username, active: false },
req.body.password,
function (err, user) {
if (err) {
console.log(err);
res.render("register");
} else {
passport.authenticate("local")(req, res, () => {
res.redirect("/secrets");
});
}
}
);
> req.login(user, function (err) {
if (err) {
console.log(err);
res.redirect("/login");
} else {
passport.authenticate("local")(req, res, () => {
res.redirect("/secrets");
});
(passport,passport-google-oauth2, passport-local-mongoose ,mongoose-findorcreate)
This method uses passport js for authentication processes such as salting, hashing, registration, authentication and ending user session.
> passport.use(
new GoogleStrategy(
{
clientID: process.env.CLIENT_ID,
clientSecret: process.env.CLIENT_SECRET,
callbackURL: "http://localhost:3000/auth/google/secrets",
passReqToCallback: true,
},
function (request, accessToken, refreshToken, profile, done) {
user.findOrCreate({ googleId: profile.id }, function (err, user) {
return done(err, user);
});
}
)
);
> const tr = new user({
username: req.body.username,
password: req.body.password,
});
req.login(tr, function (err) {
if (err) {
console.log(err);
res.redirect("/login");
} else {
passport.authenticate("local")(req, res, () => {
res.redirect("/secrets");
});
}
}); //login method