A collaborative rich text editor with advanced security features, built with the MERN stack.
Spider Node is a collaborative note-taking application featuring:
- Rich text editing powered by TipTap
- Node-based conversations (unlimited conversations)
- Advanced security with JWT authentication, rate limiting, and audit logging
- Public sharing with collaboration and fork modes
- Balance system (SNOAI) for node creation
Interface principal do Spider Node: sidebar com conversas Γ esquerda, editor TipTap ao centro e marca d'Γ‘gua no fundo
- Node.js + Express - RESTful API server
- MongoDB + Mongoose - Database and ODM
- JWT (jsonwebtoken) - Authentication
- express-rate-limit - Rate limiting protection
- dotenv - Environment variable management
- React + Vite - Modern frontend framework
- TipTap - Rich text editor
- Axios - HTTP client
- Tailwind CSS - Utility-first CSS framework
- Lucide Icons - Icon library
- Node.js 16+ installed
- MongoDB running locally (default port 27017)
- Git (optional)
-
Install backend dependencies:
cd backend npm install -
Configure environment variables:
Create
/backend/.envfile:# JWT Security JWT_SECRET=your_secret_key_here JWT_REFRESH_SECRET=your_refresh_secret_here JWT_EXPIRES_IN=15m JWT_REFRESH_EXPIRES_IN=30d # MongoDB MONGODB_URI=mongodb://localhost:27017/spidernoai # Server PORT=5174 NODE_ENV=development # CORS FRONTEND_URL=http://localhost:5173 # Rate Limiting RATE_LIMIT_LOGIN_MAX=5 RATE_LIMIT_LOGIN_WINDOW_MS=900000 RATE_LIMIT_GENERAL_MAX=100 RATE_LIMIT_GENERAL_WINDOW_MS=900000 # Audit Logging ENABLE_AUDIT_LOGS=true AUDIT_LOG_FILE=./logs/audit.log
β οΈ Important: For production, generate strong secrets:node -e "console.log(require('crypto').randomBytes(64).toString('hex'))" -
Create logs directory:
cd backend mkdir logs -
Install frontend dependencies:
cd frontend npm install
Terminal 1 - Backend:
cd backend
npm run devExpected output:
β
VariΓ‘veis de ambiente carregadas
π JWT Secret: ****...****
πΎ MongoDB SpiderNoAI Conectado: mongodb://localhost:27017/spidernoai
π SpiderNoAI Backend Ativo: http://localhost:5174
Terminal 2 - Frontend:
cd frontend
npm run devExpected output:
VITE v4.x.x ready in xxx ms
β Local: http://localhost:5173/
β Network: use --host to expose
Access the application:
Open your browser at: http://localhost:5173
SpiderNode/
βββ backend/
β βββ config/
β β βββ env.config.js # Environment configuration
β βββ controllers/
β β βββ entryController.js # Entry logic
β βββ middleware/
β β βββ authMiddleware.js # JWT authentication
β β βββ rateLimitMiddleware.js # Rate limiting
β βββ models/
β β βββ userModel.js # User model
β β βββ conversationModel.js # Conversation model
β β βββ entryModel.js # Entry model
β β βββ refreshTokenModel.js # Refresh token model
β βββ routes/
β β βββ entryRoutes.js # Entry routes
β βββ utils/
β β βββ auditLogger.js # Audit logging system
β βββ logs/
β β βββ audit.log # Audit logs
β βββ .env # Environment variables (not in git)
β βββ package.json
β βββ server.js # Main server file
β
βββ frontend/
β βββ src/
β β βββ App.jsx # Main component
β β βββ pages/
β β β βββ SharePage.jsx # Sharing page
β β βββ main.jsx # Entry point
β βββ package.json
β βββ vite.config.js # Vite configuration
β
βββ docs/ # Documentation
β βββ installation.md # Installation guide
β βββ security-guide.md # Security implementation
β βββ security-testing.md # Security testing guide
β βββ environment-setup.md # Environment setup guide
β βββ screenshots/ # Application screenshots
β βββ main-interface.jpg
β βββ editor-toolbar.jpg
β βββ conversation-menu.jpg
β βββ share-config.jpg
β βββ slow-mode-selector.jpg
β βββ premium-badge.jpg
β
βββ README.md # This file
βββ CHANGELOG.md # Version history
Editor TipTap completo com toolbar de formatação: cabeçalhos (H1, H2, H3), listas, tabelas, imagens e mais
- Text formatting (bold, italic, underline)
- Headings (H1, H2, H3)
- Lists (bullet, numbered, task lists)
- Tables
- Images
- Links
- Blockquotes and code blocks
Menu contextual: Compartilhar conversa, fixar no topo, renomear (premium) e deletar
- Create unlimited conversations
- Rename conversations (Premium feature)
- Pin important conversations
- Delete conversations
- Public sharing
Modal de configuração: escolha entre Colaboração Total (até 60 pessoas) ou Apenas Fork (cópias privadas)
- Unique sharing links
- Collaboration mode (COLLAB_ONLY): up to 60 users with configurable slow mode
- Fork mode (FORK_ONLY): users can only create private copies
- Configurable slow mode intervals
Seletor de slow mode: 1h (rΓ‘pido), 6h (moderado), 12h (devagar) ou 24h (muito devagar) entre mensagens
Badge premium exibindo saldo SNOAI disponΓvel para criação de nΓ³s
- SNOAI balance for creating nodes
- Free users: 10 initial SNOAI
- Premium users: 9999 SNOAI
- Protection against manipulation
- β JWT Authentication
- β Row-Level Security
- β Ownership Validation
- β snoaiBalance Protection
- β Refresh Tokens (automatic renewal)
- β Rate Limiting (anti-brute force)
- β Audit Logging System (complete logs)
- β Environment Variables (.env)
POST /api/login- User login (returns accessToken + refreshToken)POST /api/refresh-token- Refresh access tokenPOST /api/logout- Logout and revoke refresh token
GET /api/conversations/:userId- List user conversations (protected)GET /api/conversation/:id- Get conversation details (protected)PUT /api/conversations/:id/pin- Pin/unpin conversation (protected)
POST /api/entries- Create new entry/node (protected)GET /api/entries/conversation/:id- Get entries for conversation (protected)PUT /api/entries/conversation/:id- Rename conversation (protected)DELETE /api/entries/conversation/:id- Delete conversation (protected)
GET /api/entries/share/:token- Access shared content (public, optional auth)
| Route | Limit | Window | Exception |
|---|---|---|---|
/api/login |
5 attempts | 15 min | None |
/api/refresh-token |
10 attempts | 5 min | None |
/api/* (general) |
100 requests | 15 min | Premium users |
The system logs the following security events:
- Access denied (403)
- Authentication failed (401)
- Rate limit reached (429)
- Login/Logout
- Refresh token usage
- Manipulation attempts
View logs:
tail -f backend/logs/audit.log# 1. Login
curl -X POST http://localhost:5174/api/login \
-H "Content-Type: application/json" \
-d '{"userId": "testuser"}'
# 2. Check audit logs
cat backend/logs/audit.log
# 3. Test rate limiting (6 attempts)
for i in {1..6}; do
curl -X POST http://localhost:5174/api/login \
-H "Content-Type: application/json" \
-d '{"userId": "test"}';
doneFor comprehensive security testing, see docs/security-testing.md.
Error: MongoServerError: connect ECONNREFUSED
Solution: Start MongoDB:
# macOS (Homebrew)
brew services start mongodb-community
# Linux
sudo systemctl start mongod
# Windows
net start MongoDBError: Port 5174 is already in use
Solution: Change port in .env:
PORT=5175Error: CORS policy: No 'Access-Control-Allow-Origin' header
Solution: Verify FRONTEND_URL in .env:
FRONTEND_URL=http://localhost:5173Error: Cannot find module 'dotenv'
Solution:
cd backend
npm install- Installation Guide - Detailed installation instructions
- Security Guide - Security architecture and implementation
- Security Testing - Comprehensive testing guide
- Environment Setup - Environment variable configuration
- Changelog - Version history and changes
- Fork the repository
- Create a feature branch:
git checkout -b feature/new-feature - Commit your changes:
git commit -m 'Add new feature' - Push to the branch:
git push origin feature/new-feature - Open a Pull Request
- Follow security best practices documented in
docs/security-guide.md - Keep
snoaiBalanceas the variable name for user balance - Add tests for new features
- Update documentation
This project is proprietary. All rights reserved.
Current Version: 2.1.0
Last Updated: February 13, 2026
Status: β
Production Ready
π·οΈ Spider Node - Weave your ideas with security