This project is the result of my master thesis at Polithecnic University of Catalonia (UPC). I conducted the masters in Cybersecurity, given by the Computer Science Faculty of Barcelona (FIB) and (ETSETB).
The aim of the thesis was to develop a secure API following OWASP top ten recommendations and other Organisation standards in order to provide an example of good practices and API securisation.
The app is fully dockerized, and only requires a couple of .env files to work. The first .env file will be for the api application itself, and the .env.docker file will be for the docker-compose.yml configuration.
The api .env file need the following variables:
# Port where API will listen
PORT=...
# Database configuration
DB_PORT=...
DB_USERNAME=...
DB_PASSWORD=...
DB_HOST=...
DB_NAME=...
# JWT signature configuration
JWT_ALG=... // (Ex: "HS256")
JWT_EXPIRATION=...
JWT_ISSUER=...
JWT_AUDIENCE=...
JWT_SECRET=...
And the .env.docker file needs the following variable definitions:
# DB user for configuration
POSTGRES_USER=...
POSTGRES_PASSWORD=...
# Server user, database, schema
PG_SERVER_USER=...
PG_SERVER_PWD=...
PG_SERVER_DB=...
PG_SERVER_DB_SCHEMA=...