An open API service indexing awesome lists of open source software.

https://github.com/pawansankalpa/secrets-full-stack

web application built with Node.js, Express, PostgreSQL, and EJS, featuring both local login (with hashed passwords via bcrypt) and Google OAuth2 authentication using passport.js.
https://github.com/pawansankalpa/secrets-full-stack

bcrypt ejs express nodejs oauth2 passport postgresql

Last synced: 3 months ago
JSON representation

web application built with Node.js, Express, PostgreSQL, and EJS, featuring both local login (with hashed passwords via bcrypt) and Google OAuth2 authentication using passport.js.

Awesome Lists containing this project

README

          

# ๐Ÿ” Secret Sharing App with Authentication

This is a Node.js + Express-based web app that allows users to **register**, **log in**, and **share their secrets** securely. It supports authentication via:
- Local strategy (username + password)
- Google OAuth 2.0

Only authenticated users can view or submit secrets.

---

## ๐Ÿš€ Features

- ๐Ÿง‘โ€๐Ÿ’ป User registration and login (with hashed passwords using bcrypt)
- ๐Ÿ” Google OAuth 2.0 login integration
- ๐Ÿ— Session-based authentication using Passport.js
- ๐Ÿงพ Secrets stored securely in PostgreSQL
- ๐Ÿงผ Route protection: only logged-in users can view or submit secrets
- ๐Ÿ“ฆ Environment variables support via `.env`

---

## ๐Ÿ›  Tech Stack

- **Node.js** + **Express**
- **PostgreSQL** (via `pg`)
- **Passport.js** for authentication
- **bcrypt** for password hashing
- **EJS** for templating
- **dotenv** for managing environment variables

---

## ๐Ÿ”ง Setup Instructions

### 1. Clone the repo
```bash
git clone https://github.com/your-username/secret-auth-app.git
cd secret-auth-app
```

2. **Install dependencies**
```bash
npm install
```

3. **Set up PostgreSQL**
```sql
CREATE TABLE users (
id SERIAL PRIMARY KEY,
email TEXT UNIQUE NOT NULL,
password TEXT,
secret TEXT
);
```

4. **Create .env file**
```env
PG_USER=your_pg_username
PG_PASSWORD=your_pg_password
PG_HOST=localhost
PG_PORT=5432
PG_DATABASE=your_database_name
SESSION_SECRET=your_random_session_secret
GOOGLE_CLIENT_ID=your_google_client_id
GOOGLE_CLIENT_SECRET=your_google_client_secret
```

5. **Run the app**
```bash
node index.js
```
Visit http://localhost:3000 in your browser.

## ๐ŸŒ Available Routes
| Route | Method | Description |
| ---------------------- | ------ | ------------------------------------ |
| `/` | GET | Homepage |
| `/register` | GET | Registration form |
| `/register` | POST | Register a new user |
| `/login` | GET | Login form |
| `/login` | POST | Log in existing user |
| `/secrets` | GET | View secret (authenticated only) |
| `/submit` | GET | Submit a secret (authenticated only) |
| `/submit` | POST | Save a secret to DB |
| `/logout` | GET | Log out the user |
| `/auth/google` | GET | Start Google OAuth2 |
| `/auth/google/secrets` | GET | Callback after Google auth |

## ๐Ÿ›ก Security Notes
- Passwords are hashed with bcrypt before storing.
- Session cookies are used for authentication.
- Routes like /submit and /secrets are protected server-side (not just in the UI).

## ๐Ÿ™‹โ€โ™‚๏ธ Author
*Developed by Pawan Sankalpa.*
*Feel free to contribute or fork this project!*

## Screenshots
**Home Page**
![Home Page]()

**Login Page**
![Login Page]()

**Register Page**
![Register Page]()

**Secret Page**
![Secret Page]()

**Submit Page**
![Submit Page]()