Back to case studies

Case Study

Syrian Freedom Martyrs

A production express + MongoDB backend for a documentation/archive platform, with secure auth and media uploads.

Role: Backend + DeploymentStatus: ProductionRepo: PrivateLive: martyrs-of-syrian-freedom.com
  • express (TypeScript) backend with jsonwebtoken auth, password hashing, and security middleware.
  • MongoDB modeling with mongoose + change-safe patterns and predictable IDs (mongoose-sequence).
  • Media uploads using multer with image processing via sharp.

Stack: express • TypeScript • MongoDB/mongoose • mongoose-sequence • jsonwebtoken • bcrypt • helmet • cors • dotenv • morgan • multer • sharp

Overview

This project is a production backend for a documentation/archive platform.

I built the API using express with TypeScript and ESM to keep the codebase explicit and typed.

The data layer uses MongoDB with mongoose to represent records and relationships safely.

Authentication and baseline security are implemented with jsonwebtoken, bcrypt, helmet, and cors.

Media uploads are supported through multer, with image processing handled by sharp.

My Role

  • I designed and built the express (TypeScript) REST API.
  • I modeled MongoDB collections using mongoose.
  • I implemented authentication/security layers (jsonwebtoken, bcrypt, helmet, cors).
  • I handled media uploads (multer) and image processing (sharp).
  • I deployed the service to production.

Stack

  • express (TypeScript, ESM)
  • MongoDB + mongoose + mongoose-sequence
  • jsonwebtoken, bcrypt, helmet, cors, dotenv
  • morgan
  • multer + sharp

Implementation Notes

  • Security middleware with helmet and cors.
  • Password hashing using bcrypt.
  • jsonwebtoken-based authentication.
  • Configuration loading using dotenv.
  • CORS configuration for cross-origin requests.
  • Incremental IDs with mongoose-sequence.
  • Request logging using morgan.
  • Upload pipeline using multer; image resizing/compression using sharp.

Deployment

  • Deployed and operated the service in production.

Challenges

Challenge 1

Challenge: Production crypto-mining incidents (repeated).

Fix: Hardening actions (no-new-privileges, non-root, docker compose).

Outcome: Service stabilized after hardening; repeated compromises stopped.

Challenge 2

Challenge: Upload validation mistake.

Fix: Restricted allowed file types and validated uploads.

Outcome: Malicious upload vector removed by stricter validation; upload flow became safer.

Challenge 3

Challenge: SSH brute-force attempts.

Fix: Disabled password login; SSH keys only.

Outcome: Reduced attack surface by disabling password login and using SSH keys only.