https://github.com/adenlall/hiring-project-content-manger

https://github.com/adenlall/hiring-project-content-manger

Last synced: about 2 months ago
JSON representation

• Host: GitHub
• URL: https://github.com/adenlall/hiring-project-content-manger
• Owner: adenlall
• Created: 2024-08-04T02:24:18.000Z (10 months ago)
• Default Branch: main
• Last Pushed: 2024-08-04T18:38:43.000Z (10 months ago)
• Last Synced: 2025-02-12T07:55:44.775Z (4 months ago)
• Language: JavaScript
• Size: 5.27 MB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
# Hiring Test - Janah Bilal

## Features

- **Content Management**: Create, read, update, and delete content entries.

- **Content Analysis**: Automatically generate statistics and insights for each content entry.

- **Web Scraping**: Scrape content from specified web sources for comparison.

- **Content Comparison**: Compare user-generated content with scraped content to identify similarities and differences.

- **User Authentication**: Secure user accounts and content management with full jwt features.

- **API Access**: RESTful API for programmatic access to the system.

## Technology Stack

- Backend: [Node.js, Express]

- Database: [MongoDB]

- Authentication: JWT (JSON Web Tokens)

- API Documentation: OpenAPI 3.0

## Security

 Here are some of the security measures I've implemented:

### HELMET

I use Helmet.js to set various HTTP headers to help protect my app from some well-known web vulnerabilities:

- XSS Protection

- Prevention of clickjacking

- Strict Transport Security

- Content Security Policy

- And more...

Helmet helps in securing my Express apps by setting various HTTP headers.

### HTTP Rate Limiting

To prevent abuse and ensure fair usage of my API, I've implemented HTTP rate limiting. This helps to:

- Prevent brute-force attacks

- Reduce the impact of DoS attacks

- Manage API traffic

I use express-rate-limit to implement this feature.

### Authenticated Routes

All sensitive operations and data access points in my API are protected by authentication. I use JSON Web Tokens (JWT) for stateless authentication. Here's how it works:

1. Users log in with their credentials and receive a JWT.

2. This token must be included in the Authorization header for all protected API requests.

3. The server verifies the token before processing the request.

4. If the token is invalid or expired, the request is denied.

This ensures that only authenticated and authorized users can access sensitive parts of the application.

### Best Practices

- All passwords are hashed using bcrypt before storage.

- I use HTTPS to encrypt all data in transit.

- Regular security audits are conducted to identify and address potential vulnerabilities.

- I keep all my dependencies up to date to ensure I have the latest security patches.

## Getting Started

### Prerequisites

- [Node.js](https://nodejs.org/)

- [npm](https://www.npmjs.com/)

### Installation

1. Clone the repository:

        git clone https://github.com/adenlall/hiring-project-content-manger.git

2. Navigate to the project directory:

        cd hiring-project-content-manger

3. Install dependencies:

        pnpm i

4. Set up environment variables:

    - Copy `.env.example` to `.env`

    - Fill in the required environment variables

5. Start the development server:

        npm run dev

## API Documentation

The API documentation is available in OpenAPI 3.0 format. You can find the YAML file in the `__docs__` directory.