MERN Stack Blog
MERN Stack Blog
MERN Stack Blog
Several studies have shown how to utilize Social Media for various
activities to improve your overall business, reach, acting, art and etc.
But Social Media is a hindrance to studies and people look at Social
Media as an escape while they are studying. This thought process has
impacted people negatively and due to the massive amount of
entertainment available at a single click people tend to procrastinate a
lot while being in a study session or are giving up on knowledge. The
Paper proposes a reliable platform which not only has accommodated
every aspect of Social Media but has also removed the procrastinating
effects of it and also included a different aspect of gaining knowledge
through Articles and Blogs. This paper shows how you can build such
tools to eradicate all the harm which comes from a typical Social Media
platform and convert it into a platform for gaining knowledge. This
platform is built on MERN Stack and has utilized Node Package
Manager for covering all the necessary tasks which also includes
security by using Json Web Token. To promote a privacy conscious
mentality and also for the safety of each and every user we are setting
up our whole project on our own Server using node.js. This will help us in
securing the data with the most cost effective way and will also ensure
independence from any third party app for hosting. This also lay down a
base for our future additions for our platform. We will thoroughly
explain each and every step to be taken to deploy the site on your own
server. It provides GUI interface build with React.js that gives an
5
amazing User Experience. This platform utilizes the knowledge and
experience of a user to help other users. On this platform you are an
Author and also a Reader which make this an knowledge sharing
platform which promotes both writers and readers.
6
INTRODUCTION
7
VI. II. TECHNOLOGIES USED A. MERN Stack We decided to use
MERN Stack for this project so that we can achieve all the goals
without worrying about the website load time, slow speed,
extra computational power to build this site As we use React for
our frontend, Node & Express for backend & MongoDB for our
Database.
9
SOFTWARE DEPENDENCIES
If you want to process more data or run more complex tasks, you are
going to need to add more blocks(what is called scaling horizontally) or
increase the size of the blocks (what is called scaling vertically). Heroku
then charges you a monthly fee based on the number of dynos that you
have and the size of each dyno. Although Heroku charges you by the
dyno, they aren’t actually hosting your app. In fact, the entire Heroku
platform, as well as every app built on Heroku is deployed to Amazon
Web Services(AWS).
C. Packages:
Json Web Token (8.5.1) : JSON Web Token (JWT) is an open standard
(RFC 7519) that defines a compact and self-contained way for securely
transmitting information between parties as a JSON object. This
information can be verified and trusted because it is digitally signed.
JWTs can be signed using a secret (with the HMAC algorithm) or a
public/private key pair using RSA or ECDSA.
13
SECURITY
JSON Web Token (JWT) is an open standard (RFC 7519) that defines a
compact and self-contained way for securely transmitting information
between parties as a JSON object. This information can be verified and
trusted because it is digitally signed. JWTs can be signed using a secret
(with the HMAC algorithm) or a public/private key pair using RSA or
ECDSA. Although JWTs can be encrypted to also provide secrecy
between parties, we will focus on signed tokens. Signed tokens can
verify the integrity of the claims contained within it, while encrypted
tokens hide those claims from other parties. When tokens are signed
using public/private key pairs, the signature also certifies that only the
party holding the private key is the one that signed it.
Here are some scenarios where JSON Web Tokens are useful:
1. Authorization: This is the most common scenario for using JWT. Once
the user is logged in, each subsequent request will include the JWT,
allowing the user to access routes, services, and resources that are
permitted with that token. Single Sign On is a feature that widely uses
JWT nowadays, because of its small overhead and its ability to be easily
used across different domains.
● Header
● Payload
● Signature
Payload The second part of the token is the payload, which contains the
claims. Claims are statements about an entity (typically, the user) and
additional data. There are three types of claims: registered, public, and
private claims.
1. Registered claims:
These are a set of predefined claims which are not mandatory but
recommended, to provide a set of useful, interoperable claims. Some of
them are: iss (issuer), exp (expiration time), sub (subject), aud
(audience), and others. 2. Public claims: These can be defined at will by
those using JWTs. But to avoid collisions they should be defined in the
IANA JSON Web Token Registry or be defined as a URI that contains a
19
collision resistant namespace. 3. Private claims: These are the custom
claims created to share information between parties that agree on
using them and are neither registered or public claims.
Signature To create the signature part you have to take the encoded
header, the encoded payload, a secret, the algorithm specified in the
header, and sign that. The signature is used to verify the message
wasn't changed along the way, and, in the case of tokens signed with a
private key, it can also verify that the sender of the JWT is who it says it
is. Putting all together The output is three Base64-URL strings separated
by dots that can be easily passed in HTML and HTTP environments,
while being more compact when compared to XML-based standards
such as SAML. In authentication, when the user successfully logs in
using their credentials, a JSON Web Token will be returned. Since tokens
are credentials, great care must be taken to prevent security issues. In
general, you should not keep tokens longer than required.
You also should not store sensitive session data in browser storage due
to lack of security. Whenever the user wants to access a protected route
or resource, the user agent should send the JWT, typically in the
Authorization header using the Bearer schema This can be, in certain
cases, a stateless authorization mechanism. The server's protected
routes will check for a valid JWT in the Authorization header, and if it's
present, the user will be allowed to access protected resources. If the
JWT contains the necessary data, the need to query the database for
certain operations may be reduced, though this may not always be the
case.
22
FEASIBILITY STUDY
24
CONCLUSION
26
Use case- https://nadirahma.files.wordpress.com/2013/10/usecase-diagram-
blog1.jpg
Er diagram- https://i.stack.imgur.com/jXBoM.png
Dfd- https://www.freeprojectz.com/sites/default/files/Online%20Blogging
%20System%20Zero%20Level.jpeg
Class- https://svg.template.creately.com/i07drtrx