removed bolded headers

Author: wisammechano

module4-authentication-and-security/r1.1-defining-authentication-layer/README.md

@@ -233,7 +233,7 @@ Let's take the example above and add salting to it. When Alice is registering, s
 
 The hashes for these two salted passwords will be entirely different, and when stored in the database, **we will need to store the salt too**. So that when they login we can retrieve it and prepend it to their supplied password. This way, the attacker will never know that they are using the same password when studying the hashes even if they know the salt. And their attack will take greater time adjusting for the introduction of salts. The same can be said for Jane, even though she is using a dictionary word, the hash will be for a different sequence of letters, and the hash table won't match it.
 
-### **BCrypt**
+### BCrypt
 
 [BCrypt](https://en.wikipedia.org/wiki/Bcrypt) is a password hashing algorithm that is very hard to crack due to being super slow. It is adaptive and can be set up to be harder over time to provide more security by increasing the iteration count. It has an in-built feature to generate a salt when hashing so it won't need a salt column in the database.
 

module4-authentication-and-security/r1.2-adding-authorization-layer/README.md

@@ -6,14 +6,14 @@ With authorization, we introduce another level of app security. In this lesson,
 - Introduce role-based authorization
 - How to restrict access to routes using authorization
 
-## **Authorization**
+## Authorization
 
 - Authorization is a process by which a server determines if the client has permission to use a resource or access a file.
 - Authorization is usually coupled with authentication so that the server has some concept of who the client is that is requesting access.
 - The type of authentication required for authorization may vary; passwords may be required in some cases but not in others.
 - In some cases, there is no authorization; any user may use a resource or access a file simply by asking for it. Most of the web pages on the Internet require no authentication or authorization.
 
-## **Authentication**
+## Authentication
 
 - Authentication is used by a server when the server needs to know exactly who is accessing their information or site.
 - Authentication is used by a client when the client needs to know that the server is the system it claims to be.
@@ -42,7 +42,7 @@ From these requirements, we can distinguish our app structure as follows:
 - Endpoints like `/delete` would need an authorization guard. Which is a guard that contains the authentication guard, plus it also checks if the user is a `moderator`, before letting them complete the action. Otherwise, it shouldn't let them through.
 - To elevate a user, an endpoint like `/elevate` would have the same authorization guard, but instead it will check if the user is an `admin`.
 
-### **Implementation**
+### Implementation
 
 To implement this as simply as possible, we need to first define our roles as numbers. That is mainly to:
 
@@ -213,7 +213,7 @@ There is still a problem with our code though. It is very messy with lots of if-
 
 In the next lesson, we will introduce an easier way to enforce our guards using a feature called **middleware**. We can define an `onlyAdmins`, `onlyModerators`, and `onlyAuthenticated` middleware that would stop unauthorized requests, and only let authorized access through.
 
-## **Conclusion**
+## Conclusion
 
 In this lesson, we introduced authorization as a new security feature to our app. It would prevent users without the required access level from entering protected endpoints.
 

module4-authentication-and-security/r1.2.1-authorization-through-middleware/README.md

@@ -9,7 +9,7 @@ This lesson objectives are:
 - Implement authorization guard
 - Guard certain endpoints with these middlewares
 
-## **Middleware**
+## Middleware
 
 Middleware are functions that have access to the [request object](https://expressjs.com/en/4x/api.html#req) (`req`), the [response object](https://expressjs.com/en/4x/api.html#res) (`res`), and the next middleware function in the application’s request-response cycle. The next middleware function is commonly denoted by a variable named `next`.
 
@@ -195,6 +195,6 @@ Because we are using the `onlyAdmins` middleware, there is no need to check if t
 
 > ⚠️ **Warning**: When you apply a middleware, you simply pass it as a **function**. Above we passed `onlyAdmins` without `()` parentheses. Middleware can be implemented using a configuration function as well, which is a function that takes configuration arguments and returns a middleware function. Read more about it in Express [documentation](https://expressjs.com/en/guide/writing-middleware.html#:~:text=Using%20Express%20middleware.-,Configurable%20middleware,-If%20you%20need).
 
-## **Conclusion**
+## Conclusion
 
 In this lesson, we learned that everything in Express.js is basically a middleware that gets invoked somewhere. And by using middleware, we can structure our business logic in a clean approach. Middleware can be used for basically everything, and one of their use cases is to enforce authorization.