On the UI front, there wasn't many issues. I'm pretty familiar React MUI so no issues. I think the only thing was the condition statement for only showing certain tabs on the nav bar when a user is a logged in and only showing home, login and signup when there isn't a user logged in. However, this issue was tied with
I struggled a lot with authorization where users can only edit/delet books that they themselved created. I think it was somehting with the database not generating a book id when it's created so I couldn't link a user to it. Also, implementing and utilizing cookies was a little difficult to figure out.
To mitigate vulernability to XSS attacks, I used Helmet which sets security related http headers, including Content Security Policy (CSP) and X-XSS-Protection, to prevent XSS attacks..
Used cookieParser, but I need to ensure that sensitive requests require authentication and CSRF Protection.
I used express-rate-limit to prevent abuse and brute force attacks. Limited requests to 100 per 15 minutes per IP. Custom error message returned when limit is exceeded.
I used the default helmet HTTP headers. CSP which restricts allowed script sources to prevent XSS. X-XSS Protection which helps block reflected XSS attacks in older browsers. X-Frame-Options which prevents clickjacking attacks by blocking iframe embedding. X-Content-Type-Options which blocks MIME-type sniffing attacks. Strict-Transport-Security (HSTS) which forces HTTPS, preventing MITM attacks.