A secure, web-based sealed-bid auction platform with private input encryption and real-time updates.
- Private-Input Bidding: Bids are encrypted using AES-256 encryption with user-provided secret keys
- Real-time Updates: Live auction status and bid count updates using Socket.io
- Secure Authentication: User registration and login with bcrypt password hashing
- Responsive Design: Modern, mobile-friendly interface using Tailwind CSS
- Rate Limiting: Protection against brute force attacks and spam
- Auto-Closing: Auctions automatically close when their end time is reached
- AES-256 Encryption: All bids are encrypted with user-provided secret keys
- Password Hashing: User passwords are hashed using bcrypt
- Rate Limiting: API endpoints are protected with rate limiting
- Input Validation: All user inputs are validated and sanitized
- Helmet.js: Security headers for web applications
- Install dependencies:
npm install- Start the server:
npm startFor development with auto-reload:
npm run dev- Open your browser and navigate to
http://localhost:3000
- Click the "Login" button in the header
- Switch to "Register" mode
- Enter a username and password
- Click "Register"
- Login to your account
- Switch to the "Create Auction" tab
- Fill in the auction details:
- Title: Brief description of the item
- Description: Detailed information about the item
- Starting Bid: Minimum acceptable bid amount
- End Time: When the auction should close
- Click "Create Auction"
- Browse active auctions in the "Auctions" tab
- Click "Place Bid" on an auction you're interested in
- Enter your bid amount
- Create a secret key - this is crucial for bid verification
- Save your secret key securely - you cannot recover it
- Click "Place Bid"
- Auctions automatically close at their specified end time
- The highest bid wins
- Winners and winning amounts are displayed after auction closure
POST /api/users/register- Register a new userPOST /api/users/login- Login an existing user
GET /api/auctions- Get all auctionsPOST /api/auctions- Create a new auctionGET /api/auctions/:id- Get specific auction detailsPOST /api/auctions/:id/close- Close an auction manually
POST /api/bids- Place a sealed bid
- Secret keys are never stored on the server
- Users must save their secret keys securely
- Lost secret keys cannot be recovered
- Secret keys are required for bid verification (future enhancement)
- All bids are encrypted before storage
- Server cannot read bid amounts without the secret key
- Only bid counts and highest bid amounts are visible
- Individual bid amounts remain private until auction closure
- Node.js with Express.js
- Socket.io for real-time communication
- AES-256-CBC encryption for bid privacy
- bcrypt for password hashing
- Helmet.js for security headers
- express-rate-limit for API protection
- Vanilla JavaScript (no framework dependencies)
- Tailwind CSS for styling
- Socket.io client for real-time updates
- Font Awesome for icons
- In-memory storage using JavaScript Maps
- Note: For production use, replace with a proper database (MongoDB, PostgreSQL, etc.)
- Bid Verification: Allow users to verify their bids using secret keys
- Database Integration: Replace in-memory storage with persistent database
- User Profiles: Enhanced user management and profiles
- Bid History: Detailed bid history and analytics
- Notifications: Email/SMS notifications for auction events
- Multi-item Auctions: Support for multiple items in a single auction
- Proxy Bidding: Automatic bidding up to a maximum amount
sealed-bid-auction/
├── server.js # Main server file
├── package.json # Dependencies and scripts
├── public/
│ ├── index.html # Main HTML file
│ └── app.js # Frontend JavaScript
└── README.md # This file
Run tests with:
npm testMIT License - feel free to use this project for personal or commercial purposes.
- Fork the repository
- Create a feature branch
- Make your changes
- Submit a pull request
For issues and questions, please create an issue in the project repository.