Honestly I didnt have much problems with the authentication on the backend, but there was some problem with having it be consistent with every write route and I especially when I had to do link the check between the user being logged in and the user owning the book so they have the control to edit and delete over it. It was a bit confusing but nothing too difficult. For the front end, the main challenge was having the UI be in sync when they recently logged in or logged out and especially on refresh how to properly show that they are logged in and can actively edit/delete, but it got resolved pretty fast.
Oh this was the longest part of this project. It actually took so long and I got so frustrated doing it. The simple part was getting it cloned, but I have no idea why but the server KEPT on crashing and losing connection. I had no idea what was causing it and still now I am not sure, whenever I work it just randomly disconnects me and my website just becomes unavailable. Alot of the work wouldnt be saved, and it set me back hours. I had to constantly go to the Hertzner console and manually Power Reset to get it back on. It infuriates me to no end and I have no clue whats the cause of it, I fear that its constant crashing would actually cause problems with the server staying up because and getting graded so PLEASE let me know if its not available in the website when you are grading it. I know it said p2 would handle crashes, but It didnt seem like it did from my experience. I do not know why it keeps on crashing and I have asked around and looked at Hetzner specific boards to no avail. If you might know why that would be awesome. As for the code, there was issues where I had to adjust it to work with the server instead of a localhost, and there was alot of issues setting up the proper tools (like git, npm, etc) setup especially with permission problems. The biggest code was a grid error that wasnt present when doing it locally and I could not for the life of me get it fixed. I basically had to bring it to ChatGBT to fix the issue and completely rid its use for boxes instead, which thankfully worked without breaking any of my code and formatting.
My app is safe from XSS attacks because of how react handles rendering user data in React JSX expressions, because it escapes HTML automatically it wont ever run any html code that the users can input. That and I used Helmet so it helps against that. My app is also safe from CSRF attacks because none of my routes are state changing and use POST, PUT, or DELETE rather than get. That annd alot of the endpoints need authentication and ownership so alot of unauthorized actions get blocked. I added rate limiting using express-rate-limit and also on the login endpoing so the user cant spam login, but not for firewall protection. I added the helmet middlewear which automatically added the CSP header, which is the Content-Security-Policy which helps restrict where many scripts and styles can be loaded., the X-Content-Type-Options which prevent accidental file execution, and the Referrer-Policy which prevents sensitive information from being leaked accidentally. For security, I added the Argon2 password checks and authorization checks on the server side so they cant curl straight past the login. Those are the only secrurity based I think I added.