# PulsePlayer

A full stack music player app built with JavaScript.

## Features
- User registration and login
- Password hashing with bcrypt
- Signed auth cookie (HTTP-only)
- Upload audio files to the server
- Stream tracks in the browser
- Personal music library per user
- Create, rename, and delete playlists
- Add and remove songs from playlists
- Responsive, mobile-friendly frontend
- Basic hardening with Helmet and rate limiting

## Stack
- Frontend: HTML, CSS, vanilla JavaScript
- Backend: Node.js + Express
- Database: SQLite via better-sqlite3
- Auth: JWT stored in secure HTTP-only cookie
- Uploads: multer

## Run locally
```bash
npm install
cp .env.example .env
npm start
```

Then open:
```bash
http://localhost:3000
```

## Notes
- In production, set a strong `JWT_SECRET`.
- In production behind HTTPS, `secure` cookies are enabled automatically when `NODE_ENV=production`.
- Uploaded files are stored in `/uploads` and referenced in the SQLite database.
- This is a starter project: for production at scale, add CSRF protection, more robust validation, MIME sniffing, antivirus or media scanning, object storage, and a persistent session / token rotation strategy.