Secure-Software-02 - Gym Rat | Fitness Blog

This project showcases authentication systems as well as methods to secure a web app against common security threats, it is themed as a fitness blog however the web design/development aspect is not the main aim as opposed to the security side.

Prerequisites

Since the project is not going to be on an online server we need to start a local server:

• XAMPP: Used to start a local server, needs to be downloaded onto device.
• Command Prompt: Used to connect to server.

How to run the project

1. Open XAMPP and start the Apache and mySQL servers.
2. Using a browser, navigate to http://localhost/phpmyadmin/ and click on the 'New' button to create a new database, give it the name 'nodejs-login'.
3. Now click on this new database and at the top, click the import button to import the users.sql file given in the project folder, this should create a local users table which will be used by the application to store user data. It will also have some sample users in it.
4. Open the command prompt ('cmd'). Please do not use powershell as it didn't work for us when testing.
5. Navigate to the project folder by using the 'cd' command, eg: cd C:\path\to\file\Secure-Software-02.
6. Connect to the server, type: npm start. This should tell you the port of the server and confirm the mySQL connection as shown:

5. Now go to your browser and in the url bar type: http://localhost:5000/, the '5000' can be changed to any port that you are listening to but it is 5000 by default.
6. This should take you to the website.

Main Libraries & Frameworks

• Bootstrap - Framework that allows quicker creation of clean and responsive websites. Used for frontend.
• Node.js v16.14.2 - Server-side language used for all the backend code, based on JavaScript.
• Express.js - The standard library used alongside Node.js to handle server requests and routing.
• JWT - For creating web tokens, used alongside cookies.
• Bcryptjs - Allows us to salt and hash passwords, as well as comparing using timing safe methods.
• Dotenv - Stores environment variables securely.
• Handlebars.js - Web templating system, contains all the HTML code and allows conditional markdown.
• Mongoose - Handles database for blog posts
• Helmet - Allows us to set some security based http headers
• Csurf - Used to set CSRF tokens
• Nodemailer - Used to send emails to users
• Speakeasy - Generates code for 2 factor-authentication using email

Contributors

• Win Barua - qnk19zxu
• Simon Newton - cgt18tru

References & credits

1. JWT Documentation
2. Node.js Documentation
3. Express.js Documentation
4. CodeShack - Basic login system
5. NiceSnippets.com - Node.js and Express.js login with mySQL example
6. Section.io - Understanding cookies and implementing them in Node.js
7. GeeksforGeeks.com - HTTP cookies in Node.js
8. Youtube - Build a Node.js Authentication with JWT Tutorial
9. Youtube - Node.js Register & Login Tutorial - Learn how to authenticate with Node.js, MongoDB and JWT

Note: Tutorials were followed only as guidelines and so we could learn the basics of how the libraries work and ideas on how to elegantly stitch them together, the creation of the system as a whole required us to take things from each tutorial and documentations and combine them as well as add our own code from scratch for most of the project.