https://github.com/pawansankalpa/secrets-full-stack
web application built with Node.js, Express, PostgreSQL, and EJS, featuring both local login (with hashed passwords via bcrypt) and Google OAuth2 authentication using passport.js.
https://github.com/pawansankalpa/secrets-full-stack
bcrypt ejs express nodejs oauth2 passport postgresql
Last synced: 3 months ago
JSON representation
web application built with Node.js, Express, PostgreSQL, and EJS, featuring both local login (with hashed passwords via bcrypt) and Google OAuth2 authentication using passport.js.
- Host: GitHub
- URL: https://github.com/pawansankalpa/secrets-full-stack
- Owner: PawanSankalpa
- Created: 2025-05-16T05:29:38.000Z (about 1 year ago)
- Default Branch: main
- Last Pushed: 2025-05-16T05:51:03.000Z (about 1 year ago)
- Last Synced: 2025-05-16T06:31:52.574Z (about 1 year ago)
- Topics: bcrypt, ejs, express, nodejs, oauth2, passport, postgresql
- Language: CSS
- Homepage:
- Size: 0 Bytes
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# ๐ Secret Sharing App with Authentication
This is a Node.js + Express-based web app that allows users to **register**, **log in**, and **share their secrets** securely. It supports authentication via:
- Local strategy (username + password)
- Google OAuth 2.0
Only authenticated users can view or submit secrets.
---
## ๐ Features
- ๐งโ๐ป User registration and login (with hashed passwords using bcrypt)
- ๐ Google OAuth 2.0 login integration
- ๐ Session-based authentication using Passport.js
- ๐งพ Secrets stored securely in PostgreSQL
- ๐งผ Route protection: only logged-in users can view or submit secrets
- ๐ฆ Environment variables support via `.env`
---
## ๐ Tech Stack
- **Node.js** + **Express**
- **PostgreSQL** (via `pg`)
- **Passport.js** for authentication
- **bcrypt** for password hashing
- **EJS** for templating
- **dotenv** for managing environment variables
---
## ๐ง Setup Instructions
### 1. Clone the repo
```bash
git clone https://github.com/your-username/secret-auth-app.git
cd secret-auth-app
```
2. **Install dependencies**
```bash
npm install
```
3. **Set up PostgreSQL**
```sql
CREATE TABLE users (
id SERIAL PRIMARY KEY,
email TEXT UNIQUE NOT NULL,
password TEXT,
secret TEXT
);
```
4. **Create .env file**
```env
PG_USER=your_pg_username
PG_PASSWORD=your_pg_password
PG_HOST=localhost
PG_PORT=5432
PG_DATABASE=your_database_name
SESSION_SECRET=your_random_session_secret
GOOGLE_CLIENT_ID=your_google_client_id
GOOGLE_CLIENT_SECRET=your_google_client_secret
```
5. **Run the app**
```bash
node index.js
```
Visit http://localhost:3000 in your browser.
## ๐ Available Routes
| Route | Method | Description |
| ---------------------- | ------ | ------------------------------------ |
| `/` | GET | Homepage |
| `/register` | GET | Registration form |
| `/register` | POST | Register a new user |
| `/login` | GET | Login form |
| `/login` | POST | Log in existing user |
| `/secrets` | GET | View secret (authenticated only) |
| `/submit` | GET | Submit a secret (authenticated only) |
| `/submit` | POST | Save a secret to DB |
| `/logout` | GET | Log out the user |
| `/auth/google` | GET | Start Google OAuth2 |
| `/auth/google/secrets` | GET | Callback after Google auth |
## ๐ก Security Notes
- Passwords are hashed with bcrypt before storing.
- Session cookies are used for authentication.
- Routes like /submit and /secrets are protected server-side (not just in the UI).
## ๐โโ๏ธ Author
*Developed by Pawan Sankalpa.*
*Feel free to contribute or fork this project!*
## Screenshots
**Home Page**
![Home Page]()
**Login Page**
![Login Page]()
**Register Page**
![Register Page]()
**Secret Page**
![Secret Page]()
**Submit Page**
![Submit Page]()