In.security is an encryption-protected journaling application. It serves to provide the user reassurance that their thoughts will be safe in an online world with increasing privacy concerns
- Clone the GitHub repository.
- Run npm install in the base directory.
- Use PostgreSQL to create a database user with a password
- cd into the backend directory.
- Create a .env file with: DB_USERNAME, DB_PASSWORD, DB_DATABASE, DB_HOST, JWT_SECRET, JWT_EXPIRES_IN
- Run npx dotenv sequelize-cli db:create.
- Run npx dotenv sequelize-cli db:migrate.
- Run npx dotenv sequelize-cli db:seed:all.
- Run npm start in both frontend and backend folders to start the server
In.security uses various technologies to create a dynamic and unique web application. The front end is built with React and Redux and the back end is built with Express, Sequelize and PostgreSQL.
Utilizes CryptoJS to provide client-side encryption of each entry before getting stored in the database. This adds an extra layer of security by ensuring that entries are never sent as plain text and are only broadcasted as encrypted text. The server never sees the user's entries in plaintext form.
Additionally, the user is protected with a bcryptjs hashing function on the backend and auth routes on the frontend to create restricted access to certain routes.
Another layer of protection is provided with a tailored algorithm to determine the duration of decrypted rendering of an entry based on the character count of each individual entry and the average human reading speed.
After three decryption attempts, "panic mode" will be triggered and the user will be forced to enter their session password.
Three wrong attempts and the user is signed out and the entry is moved to the vault.
Entries in th vault are only recoverable using the user's recovery session password.
Three wrong recovery attempts results in permanent deletion of the entry.
