I learn about authentication & security while scatch a webapp including..
- post method when user register and login
- encrypt password on database with mongoose-encrypt
- use dotenv & gitignore for aviod public API key or any key
- hash password with md5
- Using Passport.js to add cookies and sessions
- Oauth: Facebook&Google login with passport