A forum dedicated to the neighbourhoods of central Bilbao
Link to the active website on Heroku.
- Register a user.
- Create a post and associate the post to a neighbourhood and district. Images are optional.
- Search for posts you are interested in with the neighbourhood post filter. If you select none, no filter will be applied and posts from all neighbourhoods will be included.
- Posts can be commented on, also.
The data models, views and functionality are separated in the project folder structure, optimizing the development process by allowing changes to be made with ease, and also separating concerns, so that development can be done seperately on the view component or on the business logic, for example. Finally, this architecture works well for potential scalability.
Create, Read, Update, Delete functionality, with available permissions according to current User.
Errors on page are handled with user-friendly messages, so they know if the problem is client-side (i.e, invalid credentials) or server-side (server-side validation errors).
HMAC signed cookies used for session management across different pages of the website. The website remembers filtered neighbourhoods, for example, and if a user is signed in.
Passport.js middleware for a secure user experience. This middleware creates hashed passwords with salt on user registration, and compares user inputted password attempts with stored passwords.
Posts and comments can be liked or disliked, once, by each user. In the database, likes are stored along with a list of user IDs to check against, to prevent repeated likes or dislikes.
Multer middleware for multipart/form-data POST requests. This middleware connects with Cloudinary storage API to upload and save images to their database. This avoids the overhead of storing images in the server database, instead only saving a URL string that links to the image stored on Cloudinary's side.
Environment variables are used to safely upload the project to Github without exposing sensitive developre credentials. To recreate this website on your own machine, create a .env file that matches any process.ENV.{{VARIABLE_NAMES}} found in the project. These are:
- CLOUDINARY_CLOUD_NAME
- CLOUDINARY_KEY
- CLOUDINARY_SECRET
- DB_URL
- SECRET
Content Security Policy, Prevention of Database Injection and XSS (Cross Site Scripting) with HelmetJS
Content security policy to prevent loading resources from unspecified URLs, thus preventing common security exploits such as XSS.
Cloud based database, eases development process. No need to switch to local db in development.