List view
Recurring problems in casing of imports and filenames
No due dateAs stated on Github Actions
No due dateManager example, will still be discussed on meet
No due dateInstead of just numbers like 1,2,3. Make it like U1, U2, R1, R2 and such to be more clear
No due dateNot sure if on .env, app.module.ts, or './config/database.config' nanggagaling yun variables
No due dateLocalStorage or HTTPheaders, such implementation Context: JWT Token Security Analysis Based on your code, your token implementation has some good practices but also areas for improvement: Current Strengths ✅ Using environment variables for JWT secrets ✅ JWT expiration is set (1 day) ✅ Recommendations for generating strong secrets using crypto ✅ JWT validation on the backend ✅ Basic auto-logout timer (1 hour) Security Concerns ⚠️ Storage Location: You're storing tokens in localStorage, which is vulnerable to XSS attacks ⚠️ Token Expiration: 1 day is relatively long for a session token ⚠️ No refresh token implementation ⚠️ No CSRF protection evident in the code Recommendations Storage Improvement: // Use httpOnly cookies instead of localStorage // In your backend: res.cookie('token', token, { httpOnly: true, secure: true, // For HTTPS sameSite: 'strict' }); Add Refresh Tokens: // Generate both access and refresh tokens const accessToken = this.jwtService.sign(payload, { expiresIn: '15m' }); const refreshToken = this.jwtService.sign( { sub: user.id }, { expiresIn: '7d' } ); Shorter Access Token Lifespan: // In auth.module.ts signOptions: { expiresIn: '15m' }, // Reduce from 1d to 15m Add Token Rotation: Implement refresh token rotation to invalidate tokens after use. Add Key Information: // Add fields to help identify malicious tokens const payload = { sub: user.id, email: user.email, iat: Date.now(), ip: req.ip, userAgent: req.headers['user-agent'] }; By implementing these changes, your token security would be significantly improved against common attack vectors like XSS, token theft, and session hijacking.
No due dateOn frontend and especially on backend
No due date- No due date•1/1 issues closed
https://github.com/YuKARLO15/Bulak-Smart-Connect-JS/pull/145
No due date- Like LocalStorage of Token and etc. - Encryption - Workflow to Automate this - Check and Fix this
No due date- No due date
- Re-Implement??
No due date- No due date
https://github.com/YuKARLO15/Bulak-Smart-Connect-JS/pull/142
No due date- No due date•2/2 issues closed
- Check if there is existing one. - If not, create one like Copilot or anything better. - Also include checking of filename, imports, and casing.
No due dateRework some things in signup aswell, and etc. that can be found
Overdue by 3 month(s)•Due by April 5, 2025- No due date•2/2 issues closed
- No due date