Home

CS 478 HW 3 Reflection

Authentication

What did you struggle with when adding authorization to your back end?

Adding authentication to the back-end wasn't too difficult, I just added the necessary login, logout, and register routes along with authroization middleware which basically just checks that the appropriate cookies are attached to the request.

What did you struggle with when adding authorization to your front end?

Honestly adding authentication to the front-end wasn't too difficult. The hardest part was probably setting up protected routes, and handling that in the routing so that the app knows which pages to show if you're signed in, and which ones to redirect to the login page

Deployment

What did you struggle with when deploying your app to the internet?

Everything. When copying my code over to my server I could not get git to work. I ran into issues trying to get SSH keys setup and failed so I decided to manually copy my code over to the server. Once it was there I tried building my app, and that also failed because of file permissions. It kept saying I don't have typescript installed, so then I installed typescript. Then it started saying typescript cannot run because I don't have the proper permissions, so then I mess around with chmod for a while and finally get typescript working.. Then once I had my front-end and back-end built, I tried setting up caddy. I updated the file as instructed in the instructions and reloaded caddy, but localhost still wouldn't run on my subdomain. I had my app running on port 3000 and yet nothing was showing on the subdomain of my website. I spent hours troubleshooting and gave up. Then half an hour later I just thought, "what the heck maybe I'll try viewing the app with my VPN off," and low and behold, just as a I do that all of a sudden there it is, my app deployed and working on the subdomain of my website.

Security audit

If your app was vulnerable to XSS attacks, explain what you did to mitigate them. If it wasn’t, explain why.

I don't believe my app has that kind of vulnerability

If your app was vulnerable to CSRF attacks, explain what you did to mitigate them. If it wasn’t, explain why.

I also don't think this is an applicable security vulnerability for my app

If you added rate limiting with a firewall, include what commands you ran/packages you used. If you added rate limiting to your application code, indicate this.

I added rate limiting to my app, but I just added code, I didn't run any additional commands

Explain what HTTP headers you set, what they do, and why they’re useful.

I didn't set any request headers in my app, as authentication is handled by checking cookies attached to the request. Though, normally request headers are useful for attaching authentication tokens that can indicate if a user is signed in.

If you did anything else to secure your app, explain what you did and why.

Nope. This was hands-down my least favorite assignment, and I was gleeful when it was over.