A+ rating for both IPv4 and IPv6 addresses for getadieu.com, Qualys SSL Labs
SSL configuration (in addition to a strong Diffie-Hellman group and firewalls)
Watch the video at https://vimeo.com/333430181
Actual email sent through Adieu
Email an emergency contact will get, when requested
Sign up page
There have been many people in my life that have passed away unexpectedly. It's hard to accept that there will be no closure, no chance to say goodbye. This product changes that, allowing you to control your final interaction with your loved ones.
What it does
You save your last messages on the website and set up an emergency contact, who will notify the site that you have passed. From there, all of your messages will be sent out to your loved ones.
How I built it
I built this with Node.js, Express, Pug, and MongoDB. I used two Digital Ocean droplets for production — one for the Node app (nginx), and the other for MongoDB, both secured with firewalls (ufw). I generated an SSL certificate for the website as well, and set the default to SSL connections (http:// will redirect to https://). Since these messages are extremely sensitive information, security was a big focus for this product. In addition to generating the SSL certificate, I used a strong Diffie-Hellman group and I also used a security expert's SSL settings (see more in What I Learned).
Challenges I ran into
So many.. I had a lot of trouble getting the server on digital ocean to run my node app at all (I didn't use the one-click droplet) and then after it was running, I had trouble getting it to run securely, same with the MongoDB server. Digital Ocean also had problems internally that delayed my development and debugging significantly. I was worried that I wouldn't be able to upload my screen recording in time for submission (my Finder app kept crashing... I know...) but you can find it now at https://www.youtube.com/watch?v=WPsaqYFxMuI
There were also conceptual challenges with the product. I did user research to answer questions about the reliability of contact information over time. It led me to the decision to use emails instead of phone numbers for the method of sending the messages (because emails are way less likely to change over time, and longevity of contact information is something that's very important for this product)
Accomplishments that I'm proud of
So many.. I learned so much in the process of getting through the challenges to get the site live and functional, including a lot of security and back-end web knowledge (see next section for details). The website has an A+ rating for SSL security by Qualys SSL Labs (screenshot in photo slideshow). This my first hackathon submission that has actually been pushed to production and that will become a real product in the world — I'm extremely proud of that :)
What I learned
I learned how to generate and configure a server to use SSL (and default to https:// for all connections), how to get node running on a production server (reverse proxy using nginx), how to secure mongoDB on its own server (with firewalls and configuration), and how to send emails from a product (nodemailer). I learned a lot in security as well, I used a strong Diffie-Hellman group and learned how to configure SSL settings according to a security expert (https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html), as well as using ufw to put up firewalls on both servers. I also learned how to use a process manager (pm2) to have my node app and mongoDB run on production servers. I learned a lot of back-end web knowledge, but I also learned some front-end to get the site looking decent..
What's next for Adieu
I still have some work to do with the functionality of the product, but there is a functional MVP on production (live at https://getadieu.com). I would like to add support for images and video to be stored on the server. Fixing the rough edges and adding payment plans to cover storage and server costs. Fully supporting email verification. I'm also going to write a lot of tests for code quality and write fail-safes for the messages. In addition to that, I need to make backups of the database so that the messages are not lost over time, compromised, or deleted by accident/bugs. And lastly I need to make the website mobile responsive and work on the design and branding of the product. I plan to release it officially to the public in the coming weeks.