Umer Iqbal

Full-Stack Web Developer

(MERN & Next.js)

Secrets

0:000:00

About the Project

Secrets is a production-ready anonymous secret sharing platform built with industry-standard security. The final implementation uses bcrypt password hashing, session-based authentication with Passport.js, and OAuth 2.0 social login (Google & Facebook). This project was developed as a learning exercise, progressively implementing security features from basic to advanced.

🔐 Final Production Implementation

Current Security Features

  • bcrypt password hashing with 10 salt rounds
  • Session authentication using Passport.js middleware
  • Google OAuth 2.0 login integration
  • Facebook OAuth 2.0 login integration
  • MongoDB with Mongoose for data persistence
  • Protected routes and secure session management

What the App Currently Uses

  • NOT using plain text storage (learning phase only)
  • NOT using MD5 hashing (replaced with bcrypt)
  • NOT using database-level encryption (replaced with bcrypt)
  • Using bcrypt + Passport.js + OAuth in production version

🚀 Core Features

The platform provides a complete anonymous sharing experience with modern security:

  • User registration with securely hashed passwords (bcrypt)
  • Login with email/password or social accounts
  • Anonymous secret posting and viewing
  • Session management with Passport.js
  • Responsive Bootstrap 5 interface
  • Social login with Google and Facebook accounts

🛠️ Production Tech Stack

Final implementation uses these technologies:

  • Backend: Node.js + Express.js
  • Authentication: Passport.js (Local, Google OAuth, Facebook)
  • Password Security: bcrypt with 10 salt rounds
  • Database: MongoDB + Mongoose ODM
  • Templating: EJS for server-side rendering
  • Frontend: Bootstrap 5 + Custom CSS

📚 Learning Journey (Not in Production)

Progressive Implementation Steps

  • Step 1: Basic app with plain text storage (replaced)
  • Step 2: Database encryption with mongoose-encryption (replaced)
  • Step 3: MD5 hashing (replaced with bcrypt)
  • Step 4: bcrypt hashing with salt (current implementation)
  • Step 5: Passport.js session auth (current implementation)
  • Step 6: OAuth social login (current implementation)

Learning Purpose

  • Understanding security vulnerabilities
  • Learning evolution of authentication methods
  • Comparing different security approaches
  • Building up to industry standards

⚡ Current Security Features

The live application implements these security measures:

  • bcrypt password hashing (not reversible)
  • Secure session cookies with express-session
  • Passport.js middleware for authentication flow
  • OAuth 2.0 for third-party authentication
  • Environment variables for API keys and secrets
  • Input validation and sanitization

💡 Application Uses

For Users

  • Anonymous secret sharing platform
  • Secure account creation and login
  • Social login convenience
  • Confidential message sharing

For Developers

  • Example of production-ready authentication
  • Reference for bcrypt + Passport.js implementation
  • OAuth 2.0 integration example
  • Secure session management pattern

This project demonstrates professional-grade authentication implementation using bcrypt, Passport.js, and OAuth 2.0. While built through progressive learning steps, the final application uses industry-standard security practices suitable for production deployment.

Source Code