An app that lets the user easily add their favorite books to their personal bookshelf.
Check it out on this link!
https://bookmarksfac28.fly.dev/
- Clone the repository to your local machine:
git clone https://github.com/fac28/bookmarks2.git- Navigate to the project directory:
cd bookmarks2- Install project dependencies using npm:
npm install- Rebuild better-sqlite3:
npm rebuild better-sqlite3To run the project locally, follow these steps:
- Start the Node.js server:
npm start- Open your web browser and visit http://localhost:3000 to access Bookmarks2 locally.
To run the project locally, follow these steps:
- Start the Node.js server:
npm run seednpm run devElena: Scrum
George: DevOps
Issy: UX/UI
Tommaso: QA
users
| column | type | constraints |
|---|---|---|
| id | integer | primary key autoincrement |
| text | unique | |
| hash | text | |
| created_at | datetime | DEFAULT CURRENT_TIMESTAMP |
sessions
| column | type | constraints |
|---|---|---|
| id | integer | primary key |
| user_id | text | foreign key |
| expires_at | datetime | NOT NULL |
| created_at | datetime | DEFAULT CURRENT_TIMESTAMP |
books
| column | type | constraints |
|---|---|---|
| id | integer | primary key autoincrement |
| user_id | text | foreign key |
| title | text | |
| author | text | |
| review | text | |
| rating | text | |
| created_at | datetime | DEFAULT CURRENT_TIMESTAMP |
Session Management:
Will you store session info in a cookie (stateless) or in your database (stateful)?
The session information is stored in a stateful manner in the database. The code uses sessions stored in the database to manage user authentication.
How will you check a user’s identity (authentication)?
User identity is authenticated by comparing the provided password with the hashed password stored in the database. This is done using the bcrypt.compare method in the login route.
How will you control what actions a user can take (authorization)?
The code includes authorization logic in routes like /my-shelf/:user_id. It checks if the user trying to access a particular user's bookshelf is the owner of that bookshelf. If not, it returns a 401 Unauthorized status, indicating that the user is not allowed to access that resource.
How will you mitigate Cross-site Request Forgery (CSRF) attacks?
The code does not explicitly implement CSRF mitigation measures. CSRF protection typically involves generating and validating tokens on form submissions to ensure that requests originate from trusted sources. CSRF tokens are not present in the provided code.
The project was created by Elena Cazan, George Klemperer, Isobel Butler & Tommaso Orlandi.