DEV Community: Louis

Protect Your Express.js App from XSS Attacks

Louis — Fri, 24 Mar 2023 11:00:33 +0000

Cross-site scripting (XSS) attacks are one of the most common and dangerous security vulnerabilities in web applications. They can compromise user data, steal sensitive information, and even lead to complete system compromise. That's why it's crucial to take action and have strong defenses in place to prevent these attacks.

xss-shield is an npm package that provides a simple and effective way to prevent XSS attacks in your application. It's a middleware function that sanitizes user input in the request body, query parameters, and route parameters using a customizable set of rules. By doing so, it ensures that any potentially malicious code is removed before it can cause any harm.

To use xss-shield, simply install it with npm or yarn and add it as middleware to your Express application:

const express = require('express'); 
const xssShield = require('xss-shield');

const app = express();

// Add the middleware to the middleware stack
app.use(xssShield());

That's it! Now, any user input in the request will be automatically sanitized to prevent XSS attacks. You can also customize the sanitization rules by passing options to the middleware function:

const express = require('express'); 
const xssShield = require('xss-shield');

const app = express();

// Add the middleware to the middleware stack with options
app.use(xssShield({
  whiteList: {
    a: ['href', 'title', 'target'],
    img: ['src', 'alt'],
  }
}));

You can rest assured that your application is protected from XSS attacks. It's a simple and effective way to secure your code and prevent security vulnerabilities. Give it a try and see how easy it is to use!

Github Repo: https://github.com/Louis3797/xss-shield
Npm package: https://www.npmjs.com/package/xss-shield

Say Goodbye to Authentication Headaches with my ready-to-use Authentication Server

Louis — Wed, 22 Mar 2023 20:54:09 +0000

I'm excited to showcase my latest project - a powerful and secure authentication server boilerplate built with TypeScript and Express.js!

Here's a list of features that my authentication server offers:

✒️ Written in TypeScript for type-safe code
💾 Utilizes a MySQL database to efficiently store user data
🗣️ Interacts with the database using the powerful Prisma ORM
🔒 Implements secure authentication measures with JWTs, ensuring secure access to sensitive data
🔑 Implements robust password hashing using Argon2 for maximum security
♻️ Incorporates refresh token rotation functionality to enhance the security
✅ Includes email verification functionality for new user sign-ups
🆕 Provides a reset password function for users who have forgotten their password
🐇 Enables faster data transfer by implementing GZIP compression
👮‍♂️ Implements essential security features using Helmet middleware
🍪 Parses cookies seamlessly with cookie-parser middleware
⚙️ Allows cross-origin resource sharing using CORS
🧼 Sanitizes request data against cross-site-scripting with xss middleware
🔠 Manages environment variables with ease using dotenv
🕵️‍♂️ Enforces high code quality standards with ESLint and Prettier
🏇 Implements rate limiting to prevent abuse and improve server performance
ℹ️ Accurately manages HTTP response status codes using http-status library
⚠️ Validates user input with the powerful and flexible Joi library
📧 Facilitates sending of emails using nodemailer library
📝 Enables detailed logging of server activities using winston library
🐶 Implements Git hooks with Husky to optimize development processes
🧪 Ensure reliability and robustness of the application with thorough testing using Jest and Supertest
🐳 Utilizes Docker Compose to seamlessly run the server and database

I'm excited to share it with the community. You can find the project on my GitHub repository, where you're welcome to contribute and help make it even better. Let's work together to create a powerful and secure authentication solution for everyone!

Nextjs Pokedex

Louis — Wed, 06 Apr 2022 12:56:21 +0000

Hi everyone, I created this pokedex with Next.js + PokeAPI some time ago and would like to share it with you now.

To the Github Repo

Screenshots

To the Github Repo

Next Level Github Readme

Louis — Wed, 06 Apr 2022 12:38:35 +0000

The readme file is often the first thing people see when they look at a repository. So it is important for the first impression. If the readme file is not present at all, people usually assume that the project is not really good. Also, people usually don't know how to use the project or what it even does.

Especially with resume projects, a good and detailed readme should always be there! 🚀

To fight this problem, I created this readme template for myself and would like to share it with you.
It is available as a template and so easy to use for your next project.

Please note that this template is very detailed and might be too extensive for some projects, so you might want to delete some sections.

https://github.com/Louis3797/awesome-readme-template

Features

Logo
Badges from shields.io
Emojis
Contributor Images

https://github.com/Louis3797/awesome-readme-template

Feel free to use this in your projects and I hope this readme is helpful for some of you 😄.

A Three.js 3D world with Character + Movements + Third Person Camera

Louis — Mon, 04 Apr 2022 17:10:31 +0000

Hey this is my first project with Three.js so im relatively new to this library. However, I want to show you what I built and maybe it will help one or the other.

GitHub Repo

Note that there are still some bugs or not included functions like object collision.

Built with:

react
react-three-fiber
react-three-drei
three.js
typescript
simplex-noise

Features:

3D
Nature Objects
Simplex Noise Floor
3D Character
Animations: Idle, Walk, Run, Dance
Movement with w, a, s, d
Dance with e
Third Person Camera

My GitHub