yay! Almost done learning basics Nodejs REST :D

Now time to learn how to make gitlab auto build and test, then new features to my little project

Next in line:
Testing UI in React Js/Native T_T

@jschmold thanks man, but how do I do csrf tests? I just ddg it, never knew about honestly, any link where I can see an example of how to test it?

@jschmold thank you so much really appreciate your help
What I'm going to do according to what I understood:
I return a JWT token for now, I'm thinking of adding session id to it's data plus a session token (CSRF) to return with each request
Link CSRF and session ID in database,.

But my question is, how long to I make TTL of the JWT token? For now I keep it 24 hours, but I don't think it is a sufficient solution for end user having to renew login everyday. I'm was planning on reading about refresh tokens after exams, do you have any suggestions?

@jschmold excuse my noob question I'm good in programming but was never given the task tried handling security stuff in code it was always someone else's responsibility :/
And I want to learn as obvious my unit test was missing lots of check tests :/

@jschmold not a top security app, but assume on a rooted phone database was stolen (doubt this will happen) and hacker obtained that token, is there a way other than matching device ID with token so that I prevent this token from being used from a different device?

@jschmold thanks man, linuxxx here recommended this https://owasp.org/index.php/...
For securing a service, anything else I need to check

@jschmold not talking about online db but on local db where I store user auth token, if that is stolen from the user how to make sure user account is still safe?

@jschmold ok then, thank you for all the info luckily it all came in beginning of weekend 😀
As for Linux and linuxxx don't worry, they had their share of my million questions 😅

@jschmold oh and your next in line for my million questions if I get stuck at some point 😓😅

@jschmold even better thank you 😀😀

@jschmold Why store csrf data in a persistant database? And thanks for your comment, I guess I'm a competent sysadmin now 😊

What's the screenshot from?

Good for you! Keep going.

@missingmarshall it is from VS Code after completing the test

@lunorian I prefer to have my own API since in that case I only have to care about the cost of the server and not reach a point where my app needs more power and having to pay more on Firebase

@telephantasm thanks man :)