[{"data":1,"prerenderedAt":203},["ShallowReactive",2],{"blog-blueprints/mean-stack":3},{"id":4,"title":5,"body":6,"category":183,"date":184,"dateModified":184,"description":185,"draft":186,"extension":187,"faq":188,"featured":186,"headerVariant":189,"image":188,"keywords":188,"meta":190,"navigation":191,"ogDescription":192,"ogTitle":188,"path":193,"readTime":194,"schemaOrg":195,"schemaType":196,"seo":197,"sitemap":198,"stem":199,"tags":200,"twitterCard":201,"__hash__":202},"blog/blog/blueprints/mean-stack.md","MEAN Stack Security Blueprint",{"type":7,"value":8,"toc":172},"minimark",[9,20,23,29,34,49,53,62,66,75,84,88,93,96,99,102,105,108,111,125,160],[10,11,12],"blueprint-summary",{},[13,14,15,19],"p",{},[16,17,18],"strong",{},"To secure a MEAN Stack application,"," you need to: (1) use Angular's built-in XSS protection and HTTP interceptors for auth, (2) implement Express security middleware (helmet, CORS, rate limiting), (3) sanitize MongoDB queries with express-mongo-sanitize, (4) use express-validator for input validation, and (5) understand that Angular route guards are UX-only-Express APIs must verify auth. This blueprint covers Angular-specific security with Express backend patterns.",[21,22],"blueprint-meta",{},[24,25,26],"tldr",{},[13,27,28],{},"MEAN Stack shares MongoDB/Express concerns with MERN but adds Angular-specific security. Use Angular's built-in XSS protection, implement HTTP interceptors for auth, sanitize all MongoDB queries, and use route guards for client-side protection (with server validation).",[30,31,33],"h2",{"id":32},"angular-http-interceptor-angular","Angular HTTP Interceptor Angular",[35,36,38],"code-block",{"label":37},"src/app/interceptors/auth.interceptor.ts",[39,40,45],"pre",{"className":41,"code":43,"language":44},[42],"language-text","import { Injectable } from '@angular/core'\nimport { HttpInterceptor, HttpRequest, HttpHandler } from '@angular/common/http'\nimport { AuthService } from '../services/auth.service'\n\n@Injectable()\nexport class AuthInterceptor implements HttpInterceptor {\n  constructor(private auth: AuthService) {}\n\n  intercept(req: HttpRequest\u003Cany>, next: HttpHandler) {\n    const token = this.auth.getToken()\n\n    if (token) {\n      req = req.clone({\n        setHeaders: {\n          Authorization: `Bearer ${token}`,\n        },\n      })\n    }\n\n    return next.handle(req)\n  }\n}\n","text",[46,47,43],"code",{"__ignoreMap":48},"",[30,50,52],{"id":51},"angular-route-guards-angular","Angular Route Guards Angular",[35,54,56],{"label":55},"src/app/guards/auth.guard.ts",[39,57,60],{"className":58,"code":59,"language":44},[42],"import { Injectable } from '@angular/core'\nimport { CanActivate, Router } from '@angular/router'\nimport { AuthService } from '../services/auth.service'\n\n@Injectable({ providedIn: 'root' })\nexport class AuthGuard implements CanActivate {\n  constructor(private auth: AuthService, private router: Router) {}\n\n  canActivate(): boolean {\n    if (this.auth.isAuthenticated()) {\n      return true\n    }\n    this.router.navigate(['/login'])\n    return false\n  }\n}\n",[46,61,59],{"__ignoreMap":48},[30,63,65],{"id":64},"express-api-with-validation-express","Express API with Validation Express",[35,67,69],{"label":68},"server/routes/posts.js",[39,70,73],{"className":71,"code":72,"language":44},[42],"import express from 'express'\nimport { body, validationResult } from 'express-validator'\nimport { protect } from '../middleware/auth.js'\nimport Post from '../models/Post.js'\n\nconst router = express.Router()\n\nrouter.post('/',\n  protect,\n  [\n    body('title').trim().isLength({ min: 1, max: 200 }).escape(),\n    body('content').trim().isLength({ min: 1 }),\n  ],\n  async (req, res) => {\n    const errors = validationResult(req)\n    if (!errors.isEmpty()) {\n      return res.status(400).json({ errors: errors.array() })\n    }\n\n    const post = await Post.create({\n      title: req.body.title,\n      content: req.body.content,\n      author: req.user._id,  // Verified user ID\n    })\n\n    res.status(201).json(post)\n  }\n)\n",[46,74,72],{"__ignoreMap":48},[76,77,78],"warning-box",{},[13,79,80,83],{},[16,81,82],{},"Route guards are UX only."," Angular guards prevent navigation but don't protect data. Your Express API must verify authentication on every request.",[30,85,87],{"id":86},"security-checklist","Security Checklist",[89,90,92],"h4",{"id":91},"pre-launch-checklist","Pre-Launch Checklist",[13,94,95],{},"Auth interceptor attached",[13,97,98],{},"Route guards implemented",[13,100,101],{},"Express-validator on all inputs",[13,103,104],{},"MongoDB queries sanitized",[13,106,107],{},"Helmet + CORS configured",[13,109,110],{},"Angular's built-in XSS protection active",[112,113,114,120],"related-articles",{},[115,116],"related-card",{"description":117,"href":118,"title":119},"React variant","/blog/blueprints/mern-stack","MERN Stack",[115,121],{"description":122,"href":123,"title":124},"Deep dive","/blog/guides/mongodb","MongoDB Security Guide",[126,127,128,133,136],"stack-comparison",{},[129,130,132],"h3",{"id":131},"alternative-stacks","Alternative Stacks",[13,134,135],{},"Consider these related blueprints:",[137,138,139,146,153],"ul",{},[140,141,142,145],"li",{},[143,144,119],"a",{"href":118}," - React frontend alternative",[140,147,148,152],{},[143,149,151],{"href":150},"/blog/blueprints/nextjs-supabase-vercel","Next.js + Supabase + Vercel"," - PostgreSQL/Supabase alternative",[140,154,155,159],{},[143,156,158],{"href":157},"/blog/blueprints/t3-stack","T3 Stack"," - TypeScript-first alternative",[161,162,165,169],"cta-box",{"href":163,"label":164},"/","Start Free Scan",[30,166,168],{"id":167},"check-your-mean-stack-app","Check Your MEAN Stack App",[13,170,171],{},"Scan for injection and auth issues.",{"title":48,"searchDepth":173,"depth":173,"links":174},2,[175,176,177,178,182],{"id":32,"depth":173,"text":33},{"id":51,"depth":173,"text":52},{"id":64,"depth":173,"text":65},{"id":86,"depth":173,"text":87,"children":179},[180],{"id":131,"depth":181,"text":132},3,{"id":167,"depth":173,"text":168},"blueprints","2026-02-06","Security guide for MEAN Stack (MongoDB, Express, Angular, Node.js). Prevent NoSQL injection, secure Angular apps, implement JWT auth, and protect your MEAN app.",false,"md",null,"purple",{},true,"Complete security configuration for MEAN Stack applications.","/blog/blueprints/mean-stack","12 min read","[object Object]","Article",{"title":5,"description":185},{"loc":193},"blog/blueprints/mean-stack",[],"summary_large_image","4wrdvHZXHI-ePYSrh53CT1KWEkswL--6H5Vxkv_7mPk",1775843932204]