1.Security Fundamentals
Security should be built into every layer of your application.
2.Authentication
import bcrypt from 'bcrypt';
import jwt from 'jsonwebtoken';
async function hashPassword(password: string) {
return await bcrypt.hash(password, 10);
}
async function verifyPassword(password: string, hash: string) {
return await bcrypt.compare(password, hash);
}
function generateToken(userId: string) {
return jwt.sign({ userId }, process.env.JWT_SECRET, { expiresIn: '7d' });
}
3.SQL Injection Prevention
Always use parameterized queries.
4.XSS Protection
Sanitize user input and use Content Security Policy.