Cordova-based app to find the most convenient party city for you and a friend. Targeting iOS and Andriod.
Backend written in Node.js with express for routing, interfaces with a PostgreSQL database.
Backend currently running on a spare desktop in my room running Ubuntu Server 14.04 LTS, as such HTTPS/SSL/whatever are nowhere to be seen. To aliviate the security responsibility, users will be allowed to only use 6 digit PINs, which (hopefully…) will be distinct from their inevitable ‘everything’ password, making the all too likely event of a data breach affect this service and only this service.
Full integration testing with Mocha, Supertest, and Should.js. Continuous integration testing provided by TravisCI.
Authentication using bcrypt with strength 13 for first contact, followed by an simple-jwt JWT with 3 day expiration. Don’t really know to what extent this secures anything, but if some poor soul were to attempt an online attack, it would take about a month to get through bcrypting all 1,000,000 possible passwords per account.
However, in the all too likely event that the database is breached, someone not using glacial hardware, or only checking the 123456 and 808080 I’m sure 90% of users will use, will get through in about a second. #ohwell. Don’t know why anyone would do that though, with full database access they’d already have the ability to form all the digital friends they’re clearly lacking in the real world. Anyways, probably better off sniffing the plaintext PIN or JWT sent over plain HTTP requests.
If you’d like to run the backend on your own computer for whatever reason, first
psql must be installed, then
secret is some random string that will be used as the JSON Web Token key.
$ xxd -l 28 -p /dev/urandom
Will generate a good
secret string for you. You must have vim for this to work. But lets be real, you’d better have vim no matter what.