The Problem
Book communities need a platform where users can discover, review, and rate books - but without compromising account security. Most student projects skip authentication hardening, input validation, and secure session handling.
My Approach
I built BookNest as a production-grade MERN application with security baked in from the start - not bolted on after deployment.
- Authentication: JWT-based auth with protected routes on both client and server
- Data layer: MongoDB with Mongoose schemas and validated CRUD operations
- API design: RESTful Express.js endpoints with middleware for auth checks
- Frontend: React with role-aware UI - users only see/edit their own reviews
- Deployment: Live on Netlify with Firebase integration for production readiness
Security Considerations
As a security-focused developer, I applied OWASP-aligned practices:
- Password hashing before storage (never plaintext)
- JWT validation middleware on every protected API route
- Input sanitization to prevent injection attacks
- Environment variables for secrets - no hardcoded credentials
Tech Stack
Results
- Fully functional book review platform with star ratings and user profiles
- Secure authentication flow with protected CRUD operations
- Deployed and accessible as a live demo for recruiters
What I Learned
Building secure full-stack apps means thinking about attack surfaces at every layer - from how tokens are stored to how API routes validate ownership. This project directly reflects the kind of work I do at Phoenix Solutions: shipping features with security in mind.