Homework 4 Reflection

UI

1. What did you struggle with when adding logins and authorization to your front-end?

I struggled a lot with managing the cookies and ensuring that the only books a user can edit or delete are the books that they added themselves. It was also difficult managing the username until I realized I was overcomplicating it.

Login Endpoint

1. What did you struggle with when adding logins and authorization to your back-end?

I did not have as much trouble with my backend. The only thing I really struggled with was using authorize for each of the api calls that needed permissions. Even then, I referenced Activity 4b a lot, which made the process easier.

Security Audit

1. If your app was vulnerable to XSS attacks, explain what you did to mitigate them. If it wasn’t, explain why.

My app was not vulnerable to XSS attacks because I used helmet which added HTTP headers.

2. If your app was vulnerable to CSRF attacks, explain what you did to mitigate them. If it wasn’t, explain why.

My app was not vulnerable to CSRF attacks because the cookies are strictly limited to the same-site context as specified in my cookieOptions.

3. If you added rate limiting with a firewall, include what commands you ran/packages you used. If you added rate limiting to your application code, indicate this.

I added rate limiting to my application code using express-rate-limit. I then limited it to 100 requests every 15 minutes.

4. Explain what HTTP headers you set, what they do, and why they’re useful.

The HTTP headers that were set was everything that came defaulted with helmet. I did not set any headers other than this.

5. If you did anything else to secure your app, explain what you did and why.

I did not add anything else to secure my app.