Environments & Security Exercises

Fill in the blanks to complete the code.

Access an environment variable in Node.js

const dbUrl = process..('DATABASE_URL');

Set NODE_ENV to production in a shell environment

NODE_ENV=production node server.js

Hash a password using bcrypt with a salt round of 10

const hash = await bcrypt.(password, );

Verify a bcrypt password against a stored hash

const match = await bcrypt.(plainText, storedHash);

Sign a JWT with a secret and 1-hour expiry

const token = jwt.(payload, secret, { expiresIn: '' });

Set the HTTP header that prevents clickjacking

res.setHeader('', 'DENY');

Specify the Docker base image for a Node 20 app

node:20-alpine

Expose port 3000 in a Dockerfile

3000

Pass an environment variable into a Docker container at run time

docker run DATABASE_URL=$DATABASE_URL myapp

Add the .env file to .gitignore to keep secrets out of version control

echo >> .gitignore