A comprehensive code snippet management system built with modern technologies and security best practices.
- Secure Backend: ASP.NET Core API with JWT authentication and comprehensive security measures
- Modern Frontend: React Admin interface with custom Material-UI theme
- Clean Architecture: Domain-driven design with CQRS pattern implementation
- Database: MongoDB with proper data modeling and relationships
- Security: Complete security audit with all critical vulnerabilities resolved
- Validation: Comprehensive input validation and sanitization
- Audit Logging: Security event monitoring and suspicious activity detection
- Domain Layer: Core business logic and entities
- Application Layer: CQRS commands/queries and DTOs
- Infrastructure Layer: Data access and external services
- API Layer: Controllers and middleware
- React Admin: Admin interface framework
- Material-UI: Custom theme and components
- TypeScript: Type-safe development
- JWT token-based authentication
- BCrypt password hashing
- CORS policy configuration
- Rate limiting
- Input validation and sanitization
- Security headers (CSP, X-Frame-Options, etc.)
- Audit logging for security events
- Environment variable configuration
- .NET 8.0 or later
- Node.js 18+ and npm
- MongoDB instance
- Git
-
Navigate to the API project:
cd src/Api -
Copy environment template:
cp .env.example .env
-
Configure your environment variables in
.env:JWT_SECRET_KEY=your-super-secure-jwt-secret-key-here MONGODB_CONNECTION_STRING=mongodb://localhost:27017 MONGODB_DATABASE=CodeSnippetManager
-
Run the API:
dotnet run
-
Navigate to the frontend project:
cd src/Web.Api -
Install dependencies:
npm install
-
Start the development server:
npm run dev
| Variable | Description | Required |
|---|---|---|
JWT_SECRET_KEY |
Secret key for JWT token signing | Yes |
MONGODB_CONNECTION_STRING |
MongoDB connection string | Yes |
MONGODB_DATABASE |
Database name | Yes |
ASPNETCORE_ENVIRONMENT |
Environment (Development/Production) | No |
The application includes comprehensive security measures:
- All sensitive data moved to environment variables
- CORS restricted to specific origins
- Rate limiting on authentication endpoints
- Content Security Policy headers
- Input validation middleware
src/
├── Api/ # ASP.NET Core Web API
│ ├── Controllers/ # API controllers
│ ├── Middleware/ # Custom middleware
│ └── Properties/
├── Application/ # Application layer (CQRS)
│ ├── Categories/
│ ├── Snippets/
│ ├── Tags/
│ └── Users/
├── Domain/ # Domain entities and interfaces
│ ├── Categories/
│ ├── Snippets/
│ ├── Tags/
│ └── Users/
├── Infrastructure/ # Data access and external services
│ ├── Repositories/
│ └── Services/
└── Web.Api/ # React frontend
├── src/
│ ├── components/
│ └── theme.ts
└── public/
Run the domain tests:
cd tests/Domain.Tests
dotnet testThis project has undergone a comprehensive security audit. All critical and high-priority vulnerabilities have been resolved:
- ✅ JWT secrets properly externalized
- ✅ CORS policy restricted
- ✅ Secure password hashing (BCrypt)
- ✅ Input validation implemented
- ✅ Security headers configured
- ✅ Audit logging enabled
See src/Api/SECURITY_README.md for detailed security documentation.
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
For support and questions, please open an issue on GitHub.
Note: This project follows security best practices and includes comprehensive documentation. Always review the security configuration before deploying to production.