Authentication App following Chris Sevilleja's excellent series, Easy Node Authentication. Very clean and well written guide to Passport.js and Express. I tweaked and added a few things noted below.
- Updated to Express 4
- Form validation w/ express-validator
- csrf (now csurf @ repo).
- Note: Use req.csrfToken(), req.session._csrf is deprecated.
- Added helmet for other Header securities.
- Did NOT add Facebook or Twitter support.
- BDD tests.
- SSL/TLS.
- Create bootstrapped front-end w/ csrf tokens.
- Add Github Strategy. FTW!
- Stress test all security gates for further learning.