Secure note-taking application with user authentication
A simple yet secure web application for creating, managing, and storing personal notes with JWT-based authentication.
live-coding-2/
├── backend/
│ ├── app.py ← Flask API server
│ ├── requirements.txt ← Python dependencies
│ └── data/
│ └── db.json ← JSON-based database (auto-created)
└── frontend/
├── index.html ← Main application UI
├── script.js ← Frontend logic
└── style.css ← Styling
- Python 3.8 or higher
- A modern web browser
- A local web server for serving static files (e.g., Live Server, Python HTTP server)
- Navigate to the backend directory:
cd backend- Install Python dependencies:
pip install -r requirements.txt- Start the Flask server:
python app.pyThe backend API will be available at http://localhost:5000
- Navigate to the frontend directory:
cd frontend- Serve the static files using one of these methods:
Option A: Using Python's built-in server
python -m http.server 8080Option B: Using Live Server (VS Code extension)
- Right-click on
index.htmland select "Open with Live Server"
Option C: Using Node.js http-server
npx http-server -p 8080The frontend will be available at http://localhost:8080
- User registration with email validation
- Secure password hashing using bcrypt (with salt)
- JWT-based authentication with 1-hour token expiration
- Protected API endpoints requiring authentication
- Create new notes with title and content
- View all personal notes (sorted by last update)
- Edit existing notes
- Delete notes
- Each user can only access their own notes
- Password hashing with bcrypt
- JWT token-based authentication
- Email format validation
- Minimum 8-character password requirement
- Authorization checks on all note operations
- Same error message for non-existent users and wrong passwords (prevents user enumeration)
- Input sanitization and length limits
- CORS configuration for allowed origins
POST /register- Create new user accountPOST /login- Authenticate and receive JWT token
GET /notes- List all user's notesPOST /notes- Create a new noteGET /notes/<note_id>- Get a specific notePUT /notes/<note_id>- Update a noteDELETE /notes/<note_id>- Delete a note
All authenticated requests must include:
Authorization: Bearer <your_jwt_token>
- Bcrypt password hashing with salt generation
- JWT tokens with expiration (1 hour)
- Authorization checks on all protected endpoints
- Input validation and sanitization
- Email format validation
- User enumeration prevention
- CORS restrictions
- Replace hardcoded
SECRET_KEYwith environment variable - Implement rate limiting on login and registration endpoints
- Add HTTPS/SSL certificate
- Implement refresh token mechanism
- Add password reset functionality
- Set up proper logging and monitoring
- Database migration (consider PostgreSQL or MySQL for production)
- Add input length validation on frontend
- Implement CSRF protection if using cookies
flask==3.1.0- Web frameworkflask-cors==5.0.0- CORS handlingbcrypt==4.2.1- Password hashingPyJWT==2.10.1- JWT token generation and validation
- Vanilla JavaScript (no dependencies)
- Modern browser with fetch API support
- Open the frontend in your browser at
http://localhost:8080 - Register a new account with your email and password (min 8 characters)
- Login with your credentials
- Create, edit, and manage your notes
- Your session will expire after 1 hour of inactivity
The application uses a simple JSON file (backend/data/db.json) for data persistence. The database structure:
{
"users": [
{
"id": "uuid",
"email": "user@example.com",
"password": "bcrypt_hashed_password",
"created_at": "ISO_timestamp"
}
],
"notes": [
{
"id": "uuid",
"user_id": "user_uuid",
"titulo": "Note title",
"contenido": "Note content",
"created_at": "ISO_timestamp",
"updated_at": "ISO_timestamp"
}
]
}Note: The database file is automatically created on first run if it doesn't exist.