{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":799681033,"defaultBranch":"main","name":"Natours","ownerLogin":"yousefzekry","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2024-05-12T21:08:09.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/38738561?v=4","public":true,"private":false,"isOrgOwned":false},"refInfo":{"name":"","listCacheKey":"v0:1715548089.987673","currentOid":""},"activityList":{"items":[{"before":"2c64779af262bddd7ff336bdf9a5eb91c25fe633","after":"d97d42ce110b65cb107317892a22528aa602b8df","ref":"refs/heads/main","pushedAt":"2024-05-13T20:44:15.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"yousefzekry","name":"Youssef Embaby","path":"/yousefzekry","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38738561?s=80&v=4"},"commit":{"message":"Implemented data pollution prevention with hpp package\n\n1. Installed 'hpp' package to prevent HTTP parameter pollution by running: npm i hpp.\n2. Required 'hpp' in the app.js file.\n3. Configured a whitelist to restrict parameters to specific keys:\n   - Whitelist: ['duration', 'ratingsQuantity', 'ratingsAverage', 'maxGroupSize', 'difficulty', 'price'].\n\nData pollution prevention is crucial for maintaining data integrity and security within the application. By whitelisting specific parameters, we ensure that only designated keys are permitted in HTTP requests, mitigating the risk of unintended data manipulation and potential security vulnerabilities.","shortMessageHtmlLink":"Implemented data pollution prevention with hpp package"}},{"before":"4de6a12e826259795d405ecfab19fb533a16673a","after":"2c64779af262bddd7ff336bdf9a5eb91c25fe633","ref":"refs/heads/main","pushedAt":"2024-05-13T20:01:40.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"yousefzekry","name":"Youssef Embaby","path":"/yousefzekry","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38738561?s=80&v=4"},"commit":{"message":"Implemented data sanitization to mitigate NoSQL injection and XSS vulnerabilities\n\n1. Installed 'express-mongo-sanitize' to prevent NoSQL injection via npm using: npm i express-mongo-sanitize.\n2. Installed 'xss-clean' to prevent XSS attacks by sanitizing input data using: npm i xss-clean.\n3. Required 'express-mongo-sanitize' module in app.js file.\n4. Required 'xss-clean' module in app.js file.\n5. Utilized 'express-mongo-sanitize' as global middleware to sanitize incoming data.\n   - Data sanitization ensures that malicious code is removed from user input, enhancing security.\n   - Implemented as a middleware after reading data using body-parser to clean incoming data.\n   - Without data sanitization, attackers could exploit vulnerabilities to execute arbitrary queries, potentially compromising user data.\n6. Implemented 'xss-clean' as global middleware to prevent HTML injection in requests.\n   - XSS attacks are mitigated by sanitizing input data to remove any HTML code.\n\nThese measures protect against NoSQL injection and XSS attacks, enhancing the security of the application and safeguarding user data against malicious exploitation.","shortMessageHtmlLink":"Implemented data sanitization to mitigate NoSQL injection and XSS vul…"}},{"before":"222defa474f53ad12d067ef83cae45b37ed94f5c","after":"4de6a12e826259795d405ecfab19fb533a16673a","ref":"refs/heads/main","pushedAt":"2024-05-13T04:19:59.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"yousefzekry","name":"Youssef Embaby","path":"/yousefzekry","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38738561?s=80&v=4"},"commit":{"message":"Enhanced security with Helmet package and request payload size limit\n\n- Installed 'helmet' package via npm to bolster app security by managing HTTP headers.\n- Implemented Helmet global middleware in 'app.js' to enforce security measures.\n- Limited request payload size to a maximum of 10KB to mitigate potential security risks.\n- Added comments in 'app.js' to document each middleware's purpose and significance, ensuring clarity for future development.\n\nNote: Ensure Helmet middleware is added early in the middleware stack for optimal security protection.","shortMessageHtmlLink":"Enhanced security with Helmet package and request payload size limit"}},{"before":"1feb24810e5eb842ae7b81e2871e0416af1d526c","after":"222defa474f53ad12d067ef83cae45b37ed94f5c","ref":"refs/heads/main","pushedAt":"2024-05-13T04:01:38.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"yousefzekry","name":"Youssef Embaby","path":"/yousefzekry","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38738561?s=80&v=4"},"commit":{"message":"Implemented rate limiting to prevent API abuse\n\n- Installed 'express-rate-limit' package to enforce rate limiting.\n- Included rate limit middleware globally in 'app.js' to restrict requests to 100 per hour.\n- Adjusted rate limit based on specific app requirements.\n- Tested rate limiter functionality by inspecting headers in Postman, including 'X-RateLimit-Limit', 'X-RateLimit-Remaining', and 'X-RateLimit-Reset'.\n- Note: Resetting the app also resets the rate limit counters.\n\nRate limiting helps prevent denial of service (DoS) and brute-force attacks by restricting the number of requests from a single IP address within a given timeframe. Adjustments to the rate limit can be made according to the needs of the application.","shortMessageHtmlLink":"Implemented rate limiting to prevent API abuse"}},{"before":"4875487f7f9ce16d1ad11d64d2d4743eb5ba9018","after":"1feb24810e5eb842ae7b81e2871e0416af1d526c","ref":"refs/heads/main","pushedAt":"2024-05-13T03:33:52.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"yousefzekry","name":"Youssef Embaby","path":"/yousefzekry","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38738561?s=80&v=4"},"commit":{"message":"Enhanced security: Utilize secured HTTP-only cookie for JWT transmission\n\n- Implemented 'cookieOptions' function in authController.js to manage cookie settings:\n  - Cookie expires after a configurable duration set in the 'config.env' file.\n  - Set 'secure' and 'httpOnly' properties to true for enhanced security.\n- Added environment check to ensure functionality only applies in production environment.\n- Ensured sensitive user data, such as user Password, is not included in responses for improved security practices.","shortMessageHtmlLink":"Enhanced security: Utilize secured HTTP-only cookie for JWT transmission"}},{"before":"35f4673b44548c1c72bbe509d75e81169ba0a0ff","after":"4875487f7f9ce16d1ad11d64d2d4743eb5ba9018","ref":"refs/heads/main","pushedAt":"2024-05-13T00:46:49.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"yousefzekry","name":"Youssef Embaby","path":"/yousefzekry","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38738561?s=80&v=4"},"commit":{"message":"Merge branch 'main' of https://github.com/yousefzekry/Natours","shortMessageHtmlLink":"Merge branch 'main' of <a href=\"https://github.com/yousefzekry/Natours\">https://github.com/yousefzekry/Natours</a>"}},{"before":"07ae400c82383f4924062d373b157e4e88284532","after":"35f4673b44548c1c72bbe509d75e81169ba0a0ff","ref":"refs/heads/main","pushedAt":"2024-05-12T22:21:21.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"yousefzekry","name":"Youssef Embaby","path":"/yousefzekry","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38738561?s=80&v=4"},"commit":{"message":"Create README.md","shortMessageHtmlLink":"Create README.md"}},{"before":"87a5252e1f8386ddf73dd17df87da0cd86080a4f","after":"07ae400c82383f4924062d373b157e4e88284532","ref":"refs/heads/main","pushedAt":"2024-05-12T21:28:00.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"yousefzekry","name":"Youssef Embaby","path":"/yousefzekry","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38738561?s=80&v=4"},"commit":{"message":"Merge remote-tracking branch 'origin/main'","shortMessageHtmlLink":"Merge remote-tracking branch 'origin/main'"}},{"before":"5de0cd4e116d0c885d99be8629bd8e47abe0d750","after":"87a5252e1f8386ddf73dd17df87da0cd86080a4f","ref":"refs/heads/main","pushedAt":"2024-05-12T21:09:12.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"yousefzekry","name":"Youssef Embaby","path":"/yousefzekry","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38738561?s=80&v=4"},"commit":{"message":"setting up .gitignore","shortMessageHtmlLink":"setting up .gitignore"}},{"before":null,"after":"5de0cd4e116d0c885d99be8629bd8e47abe0d750","ref":"refs/heads/main","pushedAt":"2024-05-12T21:08:09.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"yousefzekry","name":"Youssef Embaby","path":"/yousefzekry","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38738561?s=80&v=4"},"commit":{"message":"Initial commit","shortMessageHtmlLink":"Initial commit"}}],"hasNextPage":false,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAESNAuYAA","startCursor":null,"endCursor":null}},"title":"Activity · yousefzekry/Natours"}