8.1.0

Security Enhancements

Added URL validation for redirects through session.returnTo (CWE-601).
Fixed OAuth state parameter generation and handling to address CSRF attack vectors in the OAuth workflow.
Added additional sanitization for user input in database queries using $eq in MongoDB.

API and Integration:

Unified formatting for authentication parameters in route definitions and passport.js configuration.
Refactored common code for OAuth 2 token processing in passport strategies to improve maintainability.
Reworked the GitHub and Twitch API integration examples with additional data from the APIs.
Reworked the Twilio API integration example to use Twilio’s sandbox servers and test phone numbers.
Upgraded the Pinterest API example to use v5 calls instead of the broken v1.
Reworked the Tumblr API integration example with additional data from the API.
Added a properly working OAuth 1.0a integration for Tumblr.
Removed sign-in by Snapchat due to increased difficulty for developers and a focus on hackathon participants.
Removed Foursquare OAuth authorization and updated the API demo with new examples.

Security Enhancements

Added URL validation for redirects through session.returnTo (CWE-601).
Fixed OAuth state parameter generation and handling to address CSRF attack vectors in the OAuth workflow.
Added additional sanitization for user input in database queries using $eq in MongoDB.

API and Integration:

Unified formatting for authentication parameters in route definitions and passport.js configuration.
Refactored common code for OAuth 2 token processing in passport strategies to improve maintainability.
Reworked the GitHub and Twitch API integration examples with additional data from the APIs.
Reworked the Twilio API integration example to use Twilio’s sandbox servers and test phone numbers.
Upgraded the Pinterest API example to use v5 calls instead of the broken v1.
Reworked the Tumblr API integration example with additional data from the API.
Added a properly working OAuth 1.0a integration for Tumblr.
Removed sign-in by Snapchat due to increased difficulty for developers and a focus on hackathon participants.
Removed Foursquare OAuth authorization and updated the API demo with new examples.

hackathon-starter