Skip to content

Drechi3/secure-api-architecture-demo

Repository files navigation

import express from "express"; import dotenv from "dotenv";

dotenv.config();

const app = express();

app.use(express.json());

// Home route app.get("/", (req, res) => { res.send("Secure API is running inside Docker"); });

// Public API route app.get("/api/home", (req, res) => { res.json({ message: "Welcome to the Secure DevSecOps API Project", }); });

// Mock login route app.post("/api/login", (req, res) => { const { username, password } = req.body;

if (username === "alice" && password === "password123") { return res.json({ token: "mock-jwt-token", role: "admin", }); }

return res.status(401).json({ message: "Invalid credentials", }); });

// Protected route app.get("/api/protected", (req, res) => { const authHeader = req.headers.authorization;

if (!authHeader) { return res.status(401).json({ message: "Access denied. No token provided.", }); }

if (authHeader !== "Bearer mock-jwt-token") { return res.status(403).json({ message: "Invalid token", }); }

res.json({ message: "Protected data accessed successfully", }); });

const PORT = process.env.PORT || 3000;

app.listen(PORT, () => { console.log(Server running on port ${PORT}); });

About

Secure API architecture demo featuring JWT authentication, Docker, API hardening, and DevSecOps security practices.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors