Secrets App 🗝️

An anonymous secret-sharing app I built with Node.js, Express, Passport.js, PostgreSQL, and EJS. It handles local and Google OAuth login, lets users submit secrets anonymously, and displays them in a rotating carousel. Uses bcrypt for password hashing, connection pooling for the database, and Material Design-inspired UI.

Table of Contents

• Features
• Visual Demo
• Folder Structure
• How It Works
• Dependencies
• Installation & Usage
• Database Configuration
• API Endpoints
• Customization & Extensions
• Contributing

---

Features

• Authentication: Email/password and Google OAuth2
• Anonymous sharing: Submit and update secrets without exposing identity
• Secrets feed: Carousel showing all submitted secrets
• Security: Hashed passwords, sessions, and SQL injection-safe queries
• UI: Responsive, Material Design-style layout
• Performance: PostgreSQL connection pooling and efficient session usage
• Validation: Server-side input checks with error messages
• Responsive: Works on desktop and mobile

---

Visual Demo

---

Folder Structure

secrets-app/
├── index.js               # Main server file with routes & auth
├── package.json           # Dependencies & scripts
├── .env                   # Environment variables (gitignored)
├── views/
│   ├── home.ejs           # Landing page
│   ├── login.ejs          # Login form
│   ├── register.ejs       # Registration form
│   ├── secrets.ejs        # Rotating secrets carousel
│   ├── submit.ejs         # Secret submission form
│   └── partials/
│       ├── header.ejs     # Navigation header
│       └── footer.ejs     # Footer with attribution
└── public/
    └── css/
        └── styles.css     # Material Design-inspired styling

---

How It Works

1. Authentication Flow

• Users can register with email/password or sign in with Google OAuth2
• Passwords are hashed using bcrypt with salt rounds
• Sessions store only user ID for security and efficiency
• Passport.js handles authentication strategies

2. Secret Management

• Users must be authenticated to view or submit secrets
• Each user can have one secret that can be updated
• Secrets are stored anonymously in PostgreSQL
• Submit form shows user's current secret for easy editing

3. Community Carousel

• Displays all submitted secrets in random order
• Auto-rotates every 5 seconds with smooth transitions
• Manual navigation with previous/next buttons
• Keyboard navigation support (arrow keys)
• Mobile-responsive controls

4. Security & Performance

• Connection pooling with pg.Pool for database efficiency
• Parameterized queries prevent SQL injection
• Session management with secure cookies
• Input validation and error handling
• Graceful shutdown with proper cleanup

---

Dependencies

Core Dependencies:

• express - Web framework
• ejs - Templating engine
• pg - PostgreSQL client with connection pooling
• bcrypt - Password hashing
• passport - Authentication middleware
• passport-local - Local authentication strategy
• passport-google-oauth2 - Google OAuth2 strategy
• express-session - Session management
• cookie-parser - Cookie parsing middleware
• dotenv - Environment variable management

Development:

• nodemon - Development server with auto-restart

---

Installation & Usage

Prerequisites

• Node.js v16 or higher
• PostgreSQL v12 or higher
• Google OAuth2 credentials (for Google sign-in)
• npm or yarn package manager

Setup Instructions

1. Clone the repository

git clone https://github.com/Avaneesh40585/Secrets-App.git
cd Secrets-App

2. Install dependencies

npm install

3. Environment configuration

• Required environment variables:

  Variable	Description	Example
  PG_USER	PostgreSQL username	postgres
  PG_HOST	Database host	localhost
  PG_DATABASE	Database name	secrets
  PG_PASSWORD	Database password	mypassword
  PG_PORT	PostgreSQL port	5432
  GOOGLE_CLIENT_ID	OAuth2 client ID	your-client-id.googleusercontent.com
  GOOGLE_CLIENT_SECRET	OAuth2 client secret	your-client-secret
  SESSION_SECRET	Session encryption key	very-long-random-string
  PORT	Application port	3000

• Create a .env file in the root directory:

PG_USER=your_database_user
PG_HOST=localhost
PG_DATABASE=secrets
PG_PASSWORD=your_database_password
PG_PORT=5432

GOOGLE_CLIENT_ID=your_google_client_id
GOOGLE_CLIENT_SECRET=your_google_client_secret

SESSION_SECRET=your_very_long_random_session_secret
PORT=3000

4. Database setup

# Create the Database first if not created already
createdb -U postgres todo-list
# Then connect to PostgreSQL and run the queries.sql file
psql -U postgres -d todo-list -f queries.sql

5. Google OAuth Setup

• Go to Google Cloud Console
• Create a new project or select existing
• Enable Google+ API
• Create OAuth2 credentials
• Add http://localhost:3000/auth/google/secrets as authorized redirect URI

6. Start the application

nodemon index.js

7. Access the app

Open http://localhost:3000 in your browser

---

Database Configuration

The application uses a single PostgreSQL table:

CREATE TABLE users (
  id SERIAL PRIMARY KEY,
  email VARCHAR(100) NOT NULL UNIQUE,
  password VARCHAR(255),                 -- NULL for OAuth users
  secret TEXT,                           -- User's submitted secret
  provider VARCHAR(32) DEFAULT 'local'   -- 'local' or 'google'
);

Key Features:

• Auto-incrementing ID as primary key
• Unique email constraint
• Flexible password field (NULL for OAuth users)
• Provider field to distinguish authentication methods
• Text field for secrets with no length limit

---

API Endpoints

Public Routes

Method	Endpoint	Description
GET	/	Home page with registration/login options
GET	/login	Login form
GET	/register	Registration form
POST	/login	Authenticate user (redirects to /secrets)
POST	/register	Create new user account

OAuth Routes

Method	Endpoint	Description
GET	/auth/google	Initiate Google OAuth2 flow
GET	/auth/google/secrets	OAuth2 callback URL

Protected Routes (Authentication Required)

Method	Endpoint	Description
GET	/secrets	View rotating carousel of all secrets
GET	/submit	Secret submission form (shows current secret)
POST	/submit	Create or update user's secret
GET	/logout	Logout and destroy session

---

Customization & Extensions

• Add email verification during signup to confirm user accounts.
• Implement password reset via email tokens for account recovery.
• Introduce categories and filters so users can browse secrets by topic.
• Add a like/reaction system to let users interact with secrets anonymously.
• Build an admin dashboard for moderating flagged or inappropriate content.
• Apply rate limiting to prevent spam and abuse.
• Include a dark mode toggle for better user experience.
• Add export functionality so users can download their own secrets.
• Implement a notification system to alert users

---

Contributing

I welcome contributions! Here's how to get started:

1. Fork and Clone the repository

First, click the Fork button at the top right of this page to create a copy of this repository on your own GitHub account.

Then, clone your forked repository to your local machine:

# Replace 'YOUR-USERNAME' with your actual GitHub username
git clone [https://github.com/YOUR-USERNAME/Secrets-App.git](https://github.com/YOUR-USERNAME/Secrets-App.git)

# Move into the project directory
cd Secrets-App

2. Create a feature branch

git checkout -b feature/amazing-feature

3. Make your changes

• Follow existing code style and conventions
• Add comments for complex logic
• Test your changes thoroughly

4. Commit your changes

git commit -m "Add amazing feature: description of what it does"

5. Push to your fork

git push origin feature/amazing-feature

6. Open a Pull Request

Go to your forked repository on GitHub. You should see a prompt to create a Pull Request. Click "Compare & pull request" to submit your changes for review.

---

Start sharing secrets anonymously today!