NetTrailers Logo

Security

NetTrailer is built with security as a core principle. Learn about the measures we've implemented to protect your data and ensure a safe experience.

Security Status: Production Ready

Authentication

  • Firebase Authentication
  • Server-side token verification
  • Admin UID validation
  • Timing-safe cron secrets

Data Protection

  • Firestore security rules
  • Firebase Storage rules
  • User data isolation
  • Input sanitization

API Security

  • Rate limiting (general, AI, auth)
  • Request size limits
  • API key protection
  • CORS configuration

Monitoring

  • Sentry error tracking
  • Rate limit violations
  • Auth failures
  • Input validation rejections

Security Measures

Authentication & Authorization

Secure user identity management with Firebase Authentication and multi-level authorization.

  • Firebase Authentication with Google Sign-In and Email/Password
  • Server-side ID token verification on all protected routes
  • Admin authorization with UID validation
  • Timing-safe secret comparison for cron job authentication

Input Validation & Sanitization

All user inputs are validated and sanitized to prevent injection attacks and ensure data integrity.

  • DOMPurify sanitization strips all HTML from user content
  • Control character removal prevents injection attacks
  • Length limits and type validation on all inputs
  • Emoji validation blocks dangerous characters

API Security

Comprehensive API protection with rate limiting, request validation, and secure endpoints.

  • Rate limiting: AI requests, password reset, email verification
  • Cryptographic tokens with expiration (1-24 hours)
  • Request size limits: 1MB general, 500KB JSON
  • Single-use tokens deleted after verification

Data Protection

Your data is protected by comprehensive Firestore security rules and isolated storage.

  • 540+ lines of Firestore security rules
  • Users can only access their own data
  • Schema validation on all database writes
  • Stat manipulation prevention (views/likes limited to +1/-1)

Child Safety Features

PIN-protected child safety mode with content filtering based on age-appropriate ratings.

  • Content filtering by MPAA and TV ratings
  • 4-6 digit PIN with bcrypt encryption (10 rounds)
  • Rate limiting: 5 failed attempts = 5-minute lockout
  • Session-based verification resets on browser close

Security Headers

Industry-standard HTTP security headers protect against common web vulnerabilities.

  • Content Security Policy (CSP) prevents XSS attacks
  • Strict-Transport-Security enforces HTTPS
  • X-Frame-Options: DENY prevents clickjacking
  • Permissions-Policy restricts browser features

Technical Implementation

Security Headers

Content-Security-Policy: default-src 'self'; ...

X-Frame-Options: DENY

X-Content-Type-Options: nosniff

Strict-Transport-Security: max-age=31536000

Referrer-Policy: strict-origin-when-cross-origin

Permissions-Policy: camera=(), geolocation=()

Encryption & Hashing

PIN Protectionbcrypt (10 rounds)
Token Comparisoncrypto.timingSafeEqual
TransportHTTPS/TLS 1.3
Password Reset Tokenscrypto.randomBytes(32)

Full Security Documentation

For detailed technical information about our security implementation, including code references and configuration details, view our full security documentation.

View SECURITY.md on GitHub

About This Project

NetTrailer is a portfolio project demonstrating modern web security practices in a Next.js application. The security measures documented here represent real implementations used throughout the codebase, showcasing production-grade security patterns for authentication, data protection, and API security.

Privacy Policy|Terms of Service|Changelog