A collaborative rich text editor with advanced security features, built with the MERN stack.
Spider Node is a collaborative note-taking application featuring:
- Rich text editing powered by TipTap
- Node-based conversations (unlimited conversations)
- Advanced security with JWT authentication, rate limiting, and audit logging
- Public sharing with collaboration and fork modes
- Balance system (SNOAI) for node creation
Interface principal do Spider Node: sidebar com conversas à esquerda, editor TipTap ao centro e marca d'água no fundo
- Node.js + Express - RESTful API server
- MongoDB + Mongoose - Database and ODM
- JWT (jsonwebtoken) - Authentication
- express-rate-limit - Rate limiting protection
- dotenv - Environment variable management
- React + Vite - Modern frontend framework
- TipTap - Rich text editor
- Axios - HTTP client
- Tailwind CSS - Utility-first CSS framework
- Lucide Icons - Icon library
- Node.js 16+ installed
- MongoDB running locally (default port 27017)
- Git (optional)
-
Install backend dependencies:
cd backend npm install -
Configure environment variables:
Create
/backend/.envfile:# JWT Security JWT_SECRET=your_secret_key_here JWT_REFRESH_SECRET=your_refresh_secret_here JWT_EXPIRES_IN=15m JWT_REFRESH_EXPIRES_IN=30d # MongoDB MONGODB_URI=mongodb://localhost:27017/spidernoai # Server PORT=5174 NODE_ENV=development # CORS FRONTEND_URL=http://localhost:5173 # Rate Limiting RATE_LIMIT_LOGIN_MAX=5 RATE_LIMIT_LOGIN_WINDOW_MS=900000 RATE_LIMIT_GENERAL_MAX=100 RATE_LIMIT_GENERAL_WINDOW_MS=900000 # Audit Logging ENABLE_AUDIT_LOGS=true AUDIT_LOG_FILE=./logs/audit.log
⚠️ Important: For production, generate strong secrets:node -e "console.log(require('crypto').randomBytes(64).toString('hex'))" -
Create logs directory:
cd backend mkdir logs -
Install frontend dependencies:
cd frontend npm install
Terminal 1 - Backend:
cd backend
npm run devExpected output:
✅ Variáveis de ambiente carregadas
🔒 JWT Secret: ****...****
💾 MongoDB SpiderNoAI Conectado: mongodb://localhost:27017/spidernoai
🚀 SpiderNoAI Backend Ativo: http://localhost:5174
Terminal 2 - Frontend:
cd frontend
npm run devExpected output:
VITE v4.x.x ready in xxx ms
➜ Local: http://localhost:5173/
➜ Network: use --host to expose
Access the application:
Open your browser at: http://localhost:5173
SpiderNode/
├── backend/
│ ├── config/
│ │ └── env.config.js # Environment configuration
│ ├── controllers/
│ │ └── entryController.js # Entry logic
│ ├── middleware/
│ │ ├── authMiddleware.js # JWT authentication
│ │ └── rateLimitMiddleware.js # Rate limiting
│ ├── models/
│ │ ├── userModel.js # User model
│ │ ├── conversationModel.js # Conversation model
│ │ ├── entryModel.js # Entry model
│ │ └── refreshTokenModel.js # Refresh token model
│ ├── routes/
│ │ └── entryRoutes.js # Entry routes
│ ├── utils/
│ │ └── auditLogger.js # Audit logging system
│ ├── logs/
│ │ └── audit.log # Audit logs
│ ├── .env # Environment variables (not in git)
│ ├── package.json
│ └── server.js # Main server file
│
├── frontend/
│ ├── src/
│ │ ├── App.jsx # Main component
│ │ ├── pages/
│ │ │ └── SharePage.jsx # Sharing page
│ │ └── main.jsx # Entry point
│ ├── package.json
│ └── vite.config.js # Vite configuration
│
├── docs/ # Documentation
│ ├── installation.md # Installation guide
│ ├── security-guide.md # Security implementation
│ ├── security-testing.md # Security testing guide
│ ├── environment-setup.md # Environment setup guide
│ └── screenshots/ # Application screenshots
│ ├── main-interface.jpg
│ ├── editor-toolbar.jpg
│ ├── conversation-menu.jpg
│ ├── share-config.jpg
│ ├── slow-mode-selector.jpg
│ └── premium-badge.jpg
│
├── README.md # This file
└── CHANGELOG.md # Version history
Editor TipTap completo com toolbar de formatação: cabeçalhos (H1, H2, H3), listas, tabelas, imagens e mais
- Text formatting (bold, italic, underline)
- Headings (H1, H2, H3)
- Lists (bullet, numbered, task lists)
- Tables
- Images
- Links
- Blockquotes and code blocks
Menu contextual: Compartilhar conversa, fixar no topo, renomear (premium) e deletar
- Create unlimited conversations
- Rename conversations (Premium feature)
- Pin important conversations
- Delete conversations
- Public sharing
Modal de configuração: escolha entre Colaboração Total (até 60 pessoas) ou Apenas Fork (cópias privadas)
- Unique sharing links
- Collaboration mode (COLLAB_ONLY): up to 60 users with configurable slow mode
- Fork mode (FORK_ONLY): users can only create private copies
- Configurable slow mode intervals
Seletor de slow mode: 1h (rápido), 6h (moderado), 12h (devagar) ou 24h (muito devagar) entre mensagens
Badge premium exibindo saldo SNOAI disponível para criação de nós
- SNOAI balance for creating nodes
- Free users: 10 initial SNOAI
- Premium users: 9999 SNOAI
- Protection against manipulation
- ✅ JWT Authentication
- ✅ Row-Level Security
- ✅ Ownership Validation
- ✅ snoaiBalance Protection
- ✅ Refresh Tokens (automatic renewal)
- ✅ Rate Limiting (anti-brute force)
- ✅ Audit Logging System (complete logs)
- ✅ Environment Variables (.env)
POST /api/login- User login (returns accessToken + refreshToken)POST /api/refresh-token- Refresh access tokenPOST /api/logout- Logout and revoke refresh token
GET /api/conversations/:userId- List user conversations (protected)GET /api/conversation/:id- Get conversation details (protected)PUT /api/conversations/:id/pin- Pin/unpin conversation (protected)
POST /api/entries- Create new entry/node (protected)GET /api/entries/conversation/:id- Get entries for conversation (protected)PUT /api/entries/conversation/:id- Rename conversation (protected)DELETE /api/entries/conversation/:id- Delete conversation (protected)
GET /api/entries/share/:token- Access shared content (public, optional auth)
| Route | Limit | Window | Exception |
|---|---|---|---|
/api/login |
5 attempts | 15 min | None |
/api/refresh-token |
10 attempts | 5 min | None |
/api/* (general) |
100 requests | 15 min | Premium users |
The system logs the following security events:
- Access denied (403)
- Authentication failed (401)
- Rate limit reached (429)
- Login/Logout
- Refresh token usage
- Manipulation attempts
View logs:
tail -f backend/logs/audit.log# 1. Login
curl -X POST http://localhost:5174/api/login \
-H "Content-Type: application/json" \
-d '{"userId": "testuser"}'
# 2. Check audit logs
cat backend/logs/audit.log
# 3. Test rate limiting (6 attempts)
for i in {1..6}; do
curl -X POST http://localhost:5174/api/login \
-H "Content-Type: application/json" \
-d '{"userId": "test"}';
doneFor comprehensive security testing, see docs/security-testing.md.
Error: MongoServerError: connect ECONNREFUSED
Solution: Start MongoDB:
# macOS (Homebrew)
brew services start mongodb-community
# Linux
sudo systemctl start mongod
# Windows
net start MongoDBError: Port 5174 is already in use
Solution: Change port in .env:
PORT=5175Error: CORS policy: No 'Access-Control-Allow-Origin' header
Solution: Verify FRONTEND_URL in .env:
FRONTEND_URL=http://localhost:5173Error: Cannot find module 'dotenv'
Solution:
cd backend
npm install- Installation Guide - Detailed installation instructions
- Security Guide - Security architecture and implementation
- Security Testing - Comprehensive testing guide
- Environment Setup - Environment variable configuration
- Changelog - Version history and changes
- Fork the repository
- Create a feature branch:
git checkout -b feature/new-feature - Commit your changes:
git commit -m 'Add new feature' - Push to the branch:
git push origin feature/new-feature - Open a Pull Request
- Follow security best practices documented in
docs/security-guide.md - Keep
snoaiBalanceas the variable name for user balance - Add tests for new features
- Update documentation
This project is proprietary. All rights reserved.
Current Version: 2.1.0
Last Updated: February 13, 2026
Status: ✅ Production Ready
🕷️ Spider Node - Weave your ideas with security