LilyPad

Cordova based app to find the most convenient party city for you and a friend

4 years after

LilyPad Build Status

Overview

Cordova-based app to find the most convenient party city for you and a friend. Targeting iOS and Andriod.

Backend written in Node.js with express for routing, interfaces with a PostgreSQL database.

Backend currently running on a spare desktop in my room running Ubuntu Server 14.04 LTS, as such HTTPS/SSL/whatever are nowhere to be seen. To aliviate the security responsibility, users will be allowed to only use 6 digit PINs, which (hopefully...) will be distinct from their inevitable 'everything' password, making the all too likely event of a data breach affect this service and only this service.

Full integration testing with Mocha, Supertest, and Should.js. Continuous integration testing provided by TravisCI.

Authentication using bcrypt with strength 13 for first contact, followed by an simple-jwt JWT with 3 day expiration. Don't really know to what extent this secures anything, but if some poor soul were to attempt an online attack, it would take about a month to get through bcrypting all 1,000,000 possible passwords per account.

However, in the all too likely event that the database is breached, someone not using glacial hardware, or only checking the 123456 and 808080 I'm sure 90% of users will use, will get through in about a second. #ohwell. Don't know why anyone would do that though, with full database access they'd already have the ability to form all the digital friends they're clearly lacking in the real world. Anyways, probably better off sniffing the plaintext PIN or JWT sent over plain HTTP requests.

Installing

If you'd like to run the backend on your own computer for whatever reason, first npm, nodejs, and psql must be installed, then

$ git clone https://github.com/JacksonKearl/LilyPad.git
$ cd LilyPad/LilyPadBackend/
$ npm install
$ cd models/postgres/
$ ./refresh.sh
$ vim config.js
$ npm start

The config.js file should look something like:

module.exports =
{
    "url":"postgres://[username]:[password]@[host]:[port]/[database name]",
    "secret":"ZfegJZVbb3GtAjkYf5rketps7LZkLaxCLHcUGUr...."
};

Where secret is some random string that will be used as the JSON Web Token key.

Fun tip!

$ xxd -l 28 -p /dev/urandom

Will generate a good secret string for you. You must have vim for this to work. But lets be real, you'd better have vim no matter what.

Related Repositories

Arduino-IRremote

Arduino-IRremote

Infrared remote library for Arduino: send and receive infrared signals with mult ...

optiboot

optiboot

Small and Fast Bootloader for Arduino and other Atmel AVR chips ...

Cosa

Cosa

An Object-Oriented Platform for Arduino/AVR Programming. ...

serial-port-json-server

serial-port-json-server

A serial port JSON websocket server for Windows, Mac, Linux, Raspberry Pi, or Be ...

arduino_sketches

arduino_sketches

Publicly-released sketches for the Arduino microprocessor ...