Authentication & Security
CronJS uses Firebase Authentication to provide secure, reliable user authentication. This guide covers the authentication methods available and security best practices.
Authentication Overview
CronJS employs Firebase Authentication for all user access, ensuring enterprise-grade security without the complexity of managing authentication infrastructure.
Supported Authentication Methods
CronJS supports multiple authentication providers through Firebase:
1. Email/Password Authentication
- Standard email and password registration
- Secure password requirements enforced
- Email verification required for account activation
2. Google OAuth
- One-click sign-in with Google accounts
- No need to remember additional passwords
- Leverages Google’s security infrastructure
3. Additional OAuth Providers
- Additional social login providers available through Firebase
- GitHub, Twitter, and other providers can be enabled
Getting Started with Authentication
Account Registration
- Visit the App: Navigate to https://app.cronjs.com
- Choose Method: Click “Sign Up” and select your preferred authentication method
- Complete Process: Follow the Firebase authentication flow
- Verify Email: Check your email and verify your account (required)
- Access Dashboard: You’re now ready to create cron jobs
Login Process
- Visit Login Page: Go to https://app.cronjs.com
- Select Method: Choose the same authentication method you used to register
- Authenticate: Complete the Firebase login process
- Access Account: You’ll be redirected to your dashboard
Firebase ID Token
When you authenticate, Firebase automatically generates an ID token that:
- Secures your session - Used for all platform interactions
- Expires automatically - Tokens refresh automatically for security
- Validates permissions - Ensures you can only access your own jobs
- Encrypts communication - All data transmission is secured
Note: You don’t need to manage this token manually - it’s handled automatically by the web interface.
Security Features
Email Verification
- Required for all accounts - Ensures email ownership
- Prevents unauthorized access - Blocks unverified accounts
- Account recovery - Enables secure password reset
Password Requirements
- Minimum complexity - Strong password policies enforced
- Firebase security - Leverages Google’s password security standards
- Secure storage - Passwords never stored in plain text
Account Management
- Profile updates - Change email or password through Firebase
- Account deactivation - Temporarily disable your account
- Account deletion - Permanently remove your account and data
Environment Variable Security
Secure Storage
Environment variables in your jobs are:
// Environment variables are encrypted at rest
const apiKey = process.env.API_KEY;
const dbPassword = process.env.DATABASE_PASSWORD;
// Variables are only accessible during job execution
console.log("Connecting with secure credentials...");
Best Practices
- Never log sensitive data:
// ❌ Don't do this
console.log("API Key:", process.env.API_KEY);
// ✅ Do this instead
console.log("API Key configured:", !!process.env.API_KEY);
- Use descriptive variable names:
// ✅ Clear and descriptive
const databaseUrl = process.env.DATABASE_URL;
const slackWebhook = process.env.SLACK_WEBHOOK_URL;
const apiToken = process.env.EXTERNAL_API_TOKEN;
- Validate environment variables:
// ✅ Check required variables
if (!process.env.API_URL) {
throw new Error("API_URL environment variable is required");
}
Variable Management
- Write-only after creation - Environment variables cannot be viewed once saved
- Overwrite capability - Update variables by providing new values
- Encryption at rest - All variables encrypted in our database
- Runtime access only - Variables only accessible during job execution
Container Security
Each job runs in a secure, isolated environment:
Docker Isolation
- Individual containers - Each job execution gets its own container
- Resource limits - CPU, memory, and timeout restrictions enforced
- Network isolation - Jobs cannot interfere with each other
- No privilege escalation - Containers run with minimal privileges
File System Security
- Temporary filesystem - No persistent storage between executions
- Read-only base image - Core system files cannot be modified
- Isolated workspace - Each job has its own temporary directory
Network Security
- Outbound internet access - Jobs can make external API calls
- No inbound connections - Jobs cannot receive external connections
- Secure environment - No access to internal CronJS infrastructure
Data Privacy
Personal Data
- Minimal collection - Only necessary account information stored
- Secure transmission - All data encrypted in transit
- Access controls - Strict access limitations on personal data
Job Data
- User isolation - Complete separation between user accounts
- Execution logs - Stored securely with appropriate retention
- Code privacy - Your job code is never shared or accessible to others
Current Limitations (MVP)
The current MVP version has some limitations:
API Access
- Web interface only - No programmatic API access yet
- Manual management - Jobs must be managed through the web app
- Future development - API access planned for future releases
Advanced Security Features
- No 2FA yet - Two-factor authentication not available in MVP
- Basic account settings - Limited security configuration options
- Enterprise features - Advanced security features planned for paid tiers
Troubleshooting Authentication
Common Issues
Login Problems
Problem: Can't sign in with Google
Solution: Ensure pop-ups are enabled and try incognito mode
Email Verification
Problem: Didn't receive verification email
Solution: Check spam folder, wait a few minutes, or request new verification
Session Expiry
Problem: Automatically logged out
Solution: Firebase tokens expire for security - simply log in again
Getting Help
If you encounter authentication issues:
- Check browser settings - Ensure cookies and JavaScript are enabled
- Clear browser cache - Sometimes helps with authentication problems
- Try incognito mode - Isolates potential browser extension issues
- Contact support - Email [email protected] for assistance
Security Best Practices
For Job Code
- Validate inputs - Always validate external data
- Handle errors gracefully - Don’t expose sensitive information in error messages
- Use environment variables - Never hardcode credentials
- Log responsibly - Avoid logging sensitive data
For Account Security
- Use strong passwords - If using email/password authentication
- Keep email secure - Your email is your account recovery method
- Monitor job execution - Review logs for unexpected behavior
- Report issues promptly - Contact support for any security concerns
Future Security Enhancements
Planned security features for future releases:
- Two-factor authentication (2FA) - Additional account security layer
- API key management - Programmatic access with secure key rotation
- Advanced audit logging - Detailed security event tracking
- SSO integration - Enterprise single sign-on capabilities
- Advanced permissions - Team and role-based access controls
Stay tuned for these security enhancements as CronJS continues to evolve!
Next Steps
- Create your first job - Start building with secure authentication
- Job management guide - Learn to manage jobs securely
- Troubleshooting - Solve common authentication issues