<h2>Homework 4</h2>

<h3>Authentication</h3>

1. I had done the authentication for our project in CS375 and combined with the refresher with the previous Activity, I did not have too much of an issue implementing authroization into the backend. I did have to extend express' Request type to inject the user id for checking permissions on update/deletes.
<br>
2. One part that I wasn't familiar with was the cookies, so the only part that took me a bit was to figure out how to check the cookies of the user to dynamically render components if a user was/wasn't authenticated.

<h3>Deployment</h3>
1. I was not familiar with pm2 so it took a bit of learning to understand how to use it alongside Caddy to deploy the website.

<h3>Security Audit</h3>
1. My app is not vulnerable to XSS attacks because React automatically escapes and I do not use attributes such as dangerouslySetInnerHTML.
<br>
2. My app is not vulnerable to CSRF attacks since my cookie options set secure: true and sameSite: 'lax', making it so that cookies are not sent if requested from a separate domain.
<br>
3. I added rate limiting to my application code using express-rate-limit.
<br>
4. I have set HTTP headers through Helmet. This includes Content-Security-Policy which prevents attacks like cross-site scripting, and X-Frame-Options which helps prevent clickjacking attacks.
<br>
5. That is the extent of what I did to secure my app.