How to Build a Secure Password Manager with Node.js and MongoDB

Introduction#

In this article, we will explore the process of building a secure password manager using Node.js and MongoDB. A password manager is a crucial tool for anyone looking to protect their online identity and sensitive information. With the rise of password breaches and data theft, it’s essential to have a robust and secure password management system in place.

Requirements#

Before we dive into the implementation, let’s outline the requirements for our password manager:

• Secure storage of passwords using a robust encryption algorithm
• User authentication and authorization
• Password generation and storage
• Secure password sharing and access control
• User-friendly interface for password management

Setting Up the Project#

To get started, we’ll need to set up a new Node.js project and install the required dependencies. We’ll use the following packages:

• express for building the web application
• mongodb for interacting with the MongoDB database
• bcrypt for password encryption and storage
• express-session for user session management

Create a new project directory and run the following command to initialize the project:

npm init

Install the required dependencies:

npm install express mongodb bcrypt express-session

Database Setup#

Next, we’ll set up a new MongoDB database and create a schema for our password manager. We’ll use the mongodb package to interact with the database.

Create a new file database.js and add the following code:

const mongoose = require('mongoose');

mongoose.connect('mongodb://localhost/password-manager', { useNewUrlParser: true, useUnifiedTopology: true });

const passwordSchema = new mongoose.Schema({
  username: String,
  password: String,
  salt: String
});

const Password = mongoose.model('Password', passwordSchema);

module.exports = { Password };

User Authentication and Authorization#

Now that we have our database set up, let’s implement user authentication and authorization. We’ll use the express-session package to manage user sessions.

Create a new file auth.js and add the following code:

const express = require('express');
const session = require('express-session');

const app = express();

app.use(session({
  secret: 'your-secret-key',
  resave: false,
  saveUninitialized: true
}));

app.post('/login', (req, res) => {
  const { username, password } = req.body;
  const passwordHash = req.session.passwordHash;
  const isValid = bcrypt.compare(password, passwordHash);
  if (isValid) {
    res.json({ message: 'Logged in successfully' });
  } else {
    res.status(401).json({ message: 'Invalid credentials' });
  }
});

app.get('/logout', (req, res) => {
  req.session.destroy();
  res.json({ message: 'Logged out successfully' });
});

Password Generation and Storage#

Next, let’s implement password generation and storage. We’ll use the bcrypt package to encrypt and store passwords.

Create a new file password.js and add the following code:

const bcrypt = require('bcrypt');

const generatePassword = (length) => {
  const characters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
  let password = '';
  for (let i = 0; i < length; i++) {
    password += characters.charAt(Math.floor(Math.random() * characters.length));
  }
  return password;
};

const storePassword = (username, password) => {
  const salt = bcrypt.genSaltSync(10);
  const passwordHash = bcrypt.hashSync(password, salt);
  const passwordDoc = new Password({ username, password: passwordHash, salt });
  passwordDoc.save((err) => {
    if (err) {
      console.error(err);
    }
  });
};

Secure Password Sharing and Access Control#

Finally, let’s implement secure password sharing and access control. We’ll use the express-session package to manage user sessions and the bcrypt package to encrypt and store passwords.

Create a new file share.js and add the following code:

const express = require('express');
const session = require('express-session');
const bcrypt = require('bcrypt');

const app = express();

app.post('/share', (req, res) => {
  const { username, password, recipient } = req.body;
  const passwordHash = req.session.passwordHash;
  const isValid = bcrypt.compare(password, passwordHash);
  if (isValid) {
    const passwordDoc = new Password({ username: recipient, password: passwordHash });
    passwordDoc.save((err) => {
      if (err) {
        console.error(err);
      }
    });
    res.json({ message: 'Password shared successfully' });
  } else {
    res.status(401).json({ message: 'Invalid credentials' });
  }
});

Conclusion#

In this article, we’ve explored the process of building a secure password manager using Node.js and MongoDB. We’ve covered the requirements, set up the project, implemented database setup, user authentication and authorization, password generation and storage, and secure password sharing and access control.

This is a basic implementation, and there are many ways to improve and extend it. However, this should give you a good starting point for building your own secure password manager.

Remember to always keep your passwords and sensitive information secure, and never share your passwords with anyone.