- 2nd Year Web Technologies project graded 9.75 / 10 (Creative Coding Resource Collector).
- Frontend built only with
HTML, CSS and JS - Backend built from scratch with
Vanilla NodeJSwith amicroservice architecture(no frameworks were allowed)
Click here to go to the app features and here for the demo or go to the video presentation :)
Project requirements can be found at this Pastebin.
Resources used to populate DB are taken from this Github Page
- Worked on backend and implemented database usage
- Made the resource module that allows for basic operations with resources(add new resource, delete, modify, etc)
- Microservices are used through their own APIs and are stateless
- Session based authentication using cookies & randomly generated sessionIDs
const query = "SELECT * FROM users WHERE username = ? AND password = ?"; const params = [username, hashedPassword]; dbConn.query(query, params, function (err, rows, fields) { if (err) throw err; if (rows.length > 0) { console.log("[authAPI/login] Login successful"); // generating the session ID const sessionId = crypto.randomUUID(); const updateSIDQuery = "UPDATE users SET session_id = ? WHERE username = ?"; const updateSIDParams = [sessionId, username]; dbConn.query(updateSIDQuery, updateSIDParams, function (err, rows, fields) { if (err) throw err; console.log("[authAPI/login] Updated session ID"); }); res.writeHead(200, {'Content-Type': 'application/json'}); res.end(JSON.stringify({authenticated: true, sessionId: sessionId})); } [...]
- Protection against SQL Injection using prepared SQL statements:
const query = "UPDATE users SET username = ?, password = ?, email = ? WHERE session_id = ?"; const params = [username, hashedPassword, email, sessionId]; dbConn.query(query, params, function (err, rows, fields) { [...]});
- Hashing & salting passwords before they are added into DB
const saltedPassword = data.password + username; const hashedPassword = crypto.createHash('sha256').update(saltedPassword).digest('hex');
- Account & resource management built in
