Application Security Lab 1 is a full-stack learning sandbox designed to demonstrate foundational web application security principles using a modern, containerized development environment.
This project implements a simple but production-inspired web app stack, suitable for labs, exercises, and demonstrations of secure coding, deployment, and DevOps practices. It consists of:
- Frontend: Next.js (React), TypeScript, Tailwind CSS
- Backend: Node.js (Express), enhanced with security-oriented middleware (Helmet, CORS)
- Database: MySQL 8 (Dockerized)
- API Gateway/Proxy: NGINX (Dockerized reverse proxy)
- Orchestration: Docker Compose for multi-service workflows
- Docker & Docker Compose: Required for all-in-one stack orchestration (Install Docker).
- git: To clone this repository.
- Node.js & npm (optional): Only required if you plan to run backend or frontend outside Docker locally (Install Node.js).
Spin up everything (frontend, backend, database, proxy) in development mode:
git clone <this-repo-url>
cd Application_Security_Lab_1
# Set your MySQL password for the DB
mkdir -p db && echo 'yourpassword' > db/password.txt
# Generate your encryption key
openssl rand -base64 32 > db/enc_key.txt
# For SSL please add your self signed CERTIFICATE and private keys in nginx/ssl/
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout nginx/ssl/selfsigned.key -out nginx/ssl/selfsigned.crt -subj "/C=US/ST=State/L=City/O=Organization/CN=localhost"
# Generate JWT secret
mkdir -p backend/secrets && openssl rand -hex 64 > backend/secrets/jwt.txt
docker compose up --build- Visit http://localhost (frontend via NGINX proxy)
- API health: http://localhost/api/health
- Requirements: Node.js, npm, MySQL service (Docker or local)
cd backend
npm install
# Set env vars: DATABASE_DB, DATABASE_USER, DATABASE_PASSWORD, DATABASE_HOST, PORT
npm run start-watch
# Express backend now runs on PORT (default: 8080)- Requirements: Node.js, npm
cd frontend
npm install
npm run dev
# Open http://localhost:3000- Just launch MySQL via Docker Compose (or standalone)
docker compose up db- You can run, for example, just the database and backend with Docker:
docker compose up backend db
- Or, run the frontend locally and let Docker manage DB+backend:
docker compose up backend dbcd frontend && npm run dev
Tip: Adjust API URLs in your frontend .env if running outside the Compose proxy.
- Change ports/env vars in
docker-compose.ymlor your own.envfiles. - NGINX configuration is at
nginx/nginx.conf(edit for custom routes). - DB root password is stored in
db/password.txt(used by Docker secrets).
This repository provides a hands-on security lab environment for:
- Learning secure coding with Node.js/React
- Practicing containerized deployments
- Introducing students to microservice architectures and common security patterns
- Experimenting with reverse proxy, API routing, environment variables, secret management, and container networking
/ (Project Root)
├── backend/ # Express.js API, service config, Dockerfile
│ ├── src/
│ │ ├── config.js # Loads DB env vars, secrets, port
│ │ ├── index.js # App/server startup, graceful shutdown logic
│ │ └── server.js # Express app, routes, middleware
│ ├── package.json # Backend Node dependencies
│ └── Dockerfile # Backend service container definition
│
├── frontend/ # Next.js React SPA, styling, Dockerfile
│ ├── app/ # Next.js pages/layout/components/assets
│ ├── public/ # Static assets (SVGs, favicon)
│ ├── package.json # Frontend dependencies (React, Next, Tailwind, etc)
│ └── Dockerfile # Frontend service container definition
│
├── db/ # Database schema and seed data
│ └── init/
│ ├── 001-schema.sql # (empty, ready for schema)
│ └── 002-seed.sql # (empty, ready for seed data)
│
├── nginx/
│ └── nginx.conf # NGINX configuration for routing/proxying
│
├── docker-compose.yml # Orchestrates frontend, backend, db, nginx
└── README.md # Project documentation (you are here)
-
Frontend:
- Next.js 16 (React 19)
- TypeScript
- Tailwind CSS (Utility-first styling)
- ESLint, modern development best practices
-
Backend:
- Node.js 20+, Express.js
- Helmet for HTTP header security
- CORS for cross-origin resource sharing
- Morgan for logging
- MySQL2 driver for DB access
- Nodemon for dev hot-reload
-
Database:
- MySQL 8 (Docker managed, with secrets support)
-
NGINX:
- Serves as HTTP frontend, routes
/api/traffic to backend - Supports hot-reload and strong separation of concerns
- Serves as HTTP frontend, routes
-
Container Orchestration:
- Docker Compose: Single-command spinup of stack
-
Secret Management:
- Docker secrets for DB passwords (see
db-passwordsetup)
- Docker secrets for DB passwords (see
- Frontend (Next.js) served at
/via NGINX ( [32mport 80 [0m) - API routes served at
/api/via NGINX proxy to Express ( [32mport 8080 [0m) - Database only accessible to backend service (not publicly exposed)
- Environment variables and secrets securely loaded via Docker Compose and injected to services
- Clone this repo
git clone <this-repo-url>
cd Application_Security_Lab_1
-
Create a database secret
- Place a MySQL root password in
db/password.txt(seedocker-compose.yml)
- Place a MySQL root password in
-
Spin up all services
docker compose up --build
-
Access the frontend/local lab:
- Navigate to http://localhost (served via NGINX)
- API health: http://localhost/api/health
-
Extend the project
- Start editing files under
/frontendand/backend— Compose will auto-reload them in dev mode.
- Start editing files under
- The initial schema/seed SQL files are empty: customize for your own lab modules.
- Uses modern, production-aligned Docker patterns, including watch/rebuild on frontend/backend code changes.
- All structure is designed for both security learning and rapid extension.
For details on modifying the NGINX proxy, adding new routes, or expanding the database schema, see the corresponding files under each directory.