A production-ready credentials manager built with React and Node.js featuring enterprise-level security
- π Secure Storage - AES encryption for all credentials
- π JWT Authentication - Secure user sessions with 24h expiration
- π‘οΈ Password Hashing - bcrypt with 12 rounds for user passwords
- β‘ Rate Limiting - Protection against brute force attacks
- π± Responsive Design - Works on desktop and mobile
- π― Modern UI - Clean interface with Tailwind CSS
- π Real-time Updates - Instant credential management
backend/src/
βββ config/ # Database configuration
βββ controllers/ # Request handlers
βββ middleware/ # Auth & validation
βββ models/ # Data models
βββ routes/ # API endpoints
βββ services/ # Business logic
βββ utils/ # Utility functions
βββ server.js # Entry point
frontend/src/
βββ components/ # UI components
βββ context/ # State management
βββ hooks/ # Custom hooks
βββ pages/ # Route components
βββ services/ # API layer
βββ utils/ # Helper functions
βββ App.jsx # Main component
- Node.js 16+
- MongoDB (local or Atlas)
- Git
- Clone the repository
git clone https://github.com/yourusername/passop.git
cd passop- Backend Setup
cd backend
npm install
cp .env.example .env
# Edit .env with your configuration
npm start- Frontend Setup
cd frontend
npm install
npm run dev- Access the application
- Frontend: http://localhost:5173
- Backend API: http://localhost:3000
Create backend/.env file:
MONGO_URI=mongodb://localhost:27017
DB_NAME=passop
JWT_SECRET=your-super-secret-jwt-key-change-this
ENCRYPTION_KEY=your-32-character-encryption-key-here
PORT=3000| Method | Endpoint | Description |
|---|---|---|
| POST | /api/auth/register |
User registration |
| POST | /api/auth/login |
User login |
| Method | Endpoint | Description |
|---|---|---|
| GET | /api/passwords |
Get user credentials |
| POST | /api/passwords |
Save credential |
| DELETE | /api/passwords |
Delete credential |
- π End-to-End Encryption - AES encryption for stored credentials
- π Secure Authentication - JWT tokens with expiration
- π‘οΈ Password Hashing - bcrypt with salt rounds
- β‘ Rate Limiting - 100 requests per 15 minutes
- β Input Validation - Joi schema validation
- π CORS Protection - Configured security headers
- π€ User Isolation - Each user can only access their own data
Backend:
- Node.js & Express.js
- MongoDB with native driver
- JWT for authentication
- bcrypt for password hashing
- Joi for validation
- ES6 modules
Frontend:
- React 18 with Hooks
- Context API for state management
- Tailwind CSS for styling
- React Toastify for notifications
- Vite for build tooling
# Backend with auto-reload
cd backend && npm run dev
# Frontend with hot reload
cd frontend && npm run dev-
Environment Setup
- Use strong JWT secrets and encryption keys
- Configure MongoDB Atlas or secure MongoDB instance
- Enable HTTPS
- Set proper CORS origins
-
Backend Deployment
- Use PM2 or similar process manager
- Set NODE_ENV=production
- Configure reverse proxy (nginx)
-
Frontend Deployment
- Build:
npm run build - Deploy to CDN or static hosting
- Update API endpoints for production
- Build:
- Fork the repository
- Create your feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
- Built with modern web technologies
- Inspired by security-first design principles
- Community feedback and contributions
Made with β€οΈ for secure credential management