← ClaudeAtlas

security-patternslisted

Implements authentication, authorization, encryption, secrets management, and security hardening patterns. Use when designing auth flows, managing secrets, configuring CORS, implementing rate limiting, or when asked about JWT, OAuth, password hashing, API keys, RBAC, or security best practices.
CloudAI-X/claude-workflow-v2 · ★ 1,364 · AI & Automation · score 83
Install: claude install-skill CloudAI-X/claude-workflow-v2
# Security Patterns ### When to Load - **Trigger**: Auth flows, encryption, secrets management, CORS configuration, input validation, rate limiting - **Skip**: No security surface involved in the current task ## Security Implementation Workflow Copy this checklist and track progress: ``` Security Implementation Progress: - [ ] Step 1: Choose authentication strategy - [ ] Step 2: Implement authorization model - [ ] Step 3: Set up password hashing - [ ] Step 4: Configure secrets management - [ ] Step 5: Enable encryption (transit + rest) - [ ] Step 6: Configure CORS - [ ] Step 7: Add rate limiting - [ ] Step 8: Validate against anti-patterns checklist ``` ## Authentication Patterns ### JWT (JSON Web Tokens) ```typescript import jwt from "jsonwebtoken"; function generateTokens(user: User) { const accessToken = jwt.sign( { sub: user.id, role: user.role }, process.env.JWT_SECRET!, { expiresIn: "15m", algorithm: "HS256" }, ); const refreshToken = jwt.sign( { sub: user.id, tokenVersion: user.tokenVersion }, process.env.JWT_REFRESH_SECRET!, { expiresIn: "7d" }, ); return { accessToken, refreshToken }; } // WRONG: localStorage (XSS vulnerable) | CORRECT: httpOnly cookie for refresh, memory for access res.cookie("refreshToken", refreshToken, { httpOnly: true, secure: true, sameSite: "strict", maxAge: 7 * 24 * 60 * 60 * 1000, path: "/api/auth/refresh", }); ``` ### JWT Verification Middleware ```typescript function authenticate(req: