Skip to content

ivanmirandastavenuiter/space-frog-recruit-on-app

Repository files navigation

RecruitOn

RecruitOn Logo

version owner linkedin twitter

A web application to handle and process an organization's candidates data

Description

RecruitOn is a humble web application which aims to ease the process of handling, filtering and organizing potential candidates personal data. Target here is actually any organization or company that deals with recruiting processes (normally HHRR team). It works resorting on a simple UI which allows the user to upload an excel file. The logic behind the application process this data and shows it back to the client in a user-friendly way.

The application offers some interesting functions. Among them, we have:

  • Filtering through different parameters: qualification, salary and location

  • Ubicate the candidate in a map

Features

Most important, remarkable feature regarding UX is a custom handling of browser navigation history

Tools

Security

From its very early birth stage, RecruitOn was thought to be build and constructed in the most secure possible way, giving thus to this factor a top priority. For this to be achieved, a different approach from traditional user-password login mechanism was desired. The main goal was authenticating requestes made by RecruitOn, accepting only them and rejecting any other one coming from a different source.

The core of the security RecruitOn engine has been finally set up throuhg Chrome Web Request API. In a simplified explanation, this API works by installing an extension on chrome, which intercepts any requests coming from the application. Next, it encrypts a given payload that is sent to the server in hexadecimal format, which will be responsible for decrypting this data and validating it.

A second security layer has been configured through short-live cookies. These are triggered on onbeforeunload JavaScript native event, allowing the client to create them only when the next request is about to be launched. This shortens up the time the cookie is present in the browser. In addition, the lifetime of the cookie is just 2 seconds. Then, the browser purges it. To assure a background layer against potential CSRF attacks, samesite attribute is also set along the rest of the cookie properties. Cookie values are base64 encoded.

Finally, all the traffic is encrypted even in development phase. This has been done with self-certified https credentials provided by Let's Encrypt.

Running

npm install

npm run start:dev

Server will throw an error if excel file doesn't comply certain rules. Please, find a model template inside files folder to guide yourself.

Versions

  • 1.0

Branches

  • Master

Warnings

  • Only running on Chrome

  • Encryption takes place on chrome extension code. I encourage potential users of the app to hide/obfuscate the code to prevent security issues

  • Design has not been a priority. Serious CSS improvements can be introduced

License

All rights reserved to MKNA security software development.

About

Mini app built on NestJS to process data from an excel file

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published