Node.js and Mongodb security + encryption options for source code

Question

I opened this thread cause i'm having hard time deciding on some issues i have with my project. The issues are:

1. Encrypting source code files(not obfuscation, need encryption that can be ran).
2. Encrypting documents stored in mongodb, mainly username and passwords.
3. Mongodb login - is it possible to demand a username & password to open connection to the server?
   • Little bit of info: My project is to be installed on customer servers, so it's very important that the code will not be viewable and hopefully uncrackable(minimum security).

1 - For the first item, i found JXCORE and it seems promising, but i was unsuccessful at finding proof or reviews of users who used it in production. Anyone can recommend other methods? or if anyone can review the option i listed i'll appriciate it.

2 - For encryption i want to use AES256 and i found the library crypto-js to be able to answer the requirements. Unfortunately, it doesn't provide assistance with node.js(none that i could find).

For example when i run this code, i want to see both the encrypted and the decrypted items:

var AES = require("crypto-js/aes");    
var temp = AES.encrypt("Message", "secret password").ciphertext.toString();
    console.log(temp);
    console.log(AES.decrypt(temp, "secret password"));

Only the encrypted ciphertext is presented, not sure how to access the decrypted text.

On a side note, does anyone recommend using SHA3 combined with AES256?

What is the recommended approach for securing username&password mongodb DB?

If you got a documentation link or useful tutorial for crypto-js in node.js please link in the comments. My JS skills aren't pro so it might be in there and i fail to see it, so apologizes if this was a noob thread.

Thanks.

Answer 1

Ended up using crypto for aes256 and JXCORE for obfuscation.