Todo-App-API (Backend)

Next, I programmed two routines that allow you to delete all of a user’s to-dos at once, as well as delete an entire account along with all its data, including all to-dos, refresh tokens, and user objects. However, this requires that the correct password be provided.

Next, I programmed the system so that users can also log out by using the user/logout route

This is Devlog 1, but just so you know: I’ve been working on this project since way before I even heard of Flowertown.

Here’s what I’ve coded so far – Key Features & Technical Setup:
Built with Express.js
Authentication: * Used bcrypt for secure password hashing.
Implemented JWT (JSON Web Tokens) for stateless auth.
Built the entire Login and Registration flow from the ground up.

Authorization & Security:
  Custom Middleware: To validate tokens and protect specific routes.
  Data Isolation: Added logic so users can only see and edit their own todos no peeking at others' data!
  Secure Storage: Tokens are stored in HTTP-only cookies to keep them safe from XSS attacks.

Input Validation:
    Using express-validator to clean up and check incoming data.
    Set up custom error handling with messages that actually make sense.

Rate Limiting:
    Added protection against Brute-Force attacks by blocking IPs that spam requests.
    Granular Limits: I set different limits for sensitive stuff (like /auth) compared to general routes.

I’m working on my first project! This is so exciting. I can’t wait to share more updates as I build.