Eco is an online store that offers a wide range of products, The store is built using modern web technologies such as Next.js, TypeScript, Tailwind CSS, Express.js, and MongoDB, ensuring a seamless user experience and high performance.
Home Page: https://eco-pacy2.vercel.app
I'm a self-taught full stack programmer and a computer science student at ofppt-ista-settat with one year of experience,I worked with multiple students from many diffrent universities on backend and front end projects using php laravel and javascript reactjs
We need to integrate the OpenAI API into our product to enhance its functionality by adding the ability to automatically generate product details. This feature will greatly improve the user experience by reducing the time and effort required to manually create product descriptions.
By implementing OpenAI's powerful natural language generation capabilities, our product will be able to generate product descriptions that are accurate, informative, and engaging, making it easier for customers to make informed purchasing decisions.
To achieve this, we need to identify the appropriate endpoints of the OpenAI API and integrate them into our product's codebase. We also need to ensure that the feature is user-friendly and easy to use for our customers.
Overall, integrating OpenAI API to enable product detail generation feature will significantly enhance our product's functionality, making it more valuable to our customers.
index
show
store
update
destroy
index
show
store
update
destroy
While refactoring the code, I realized that the tests were not functioning properly. Upon further inspection, I discovered that I had been using the "production database" instead of creating a new database and conducting tests on it. As a solution, I decided to create a setup.ts file that would establish a connection to the "eco_test" database and drop it at the conclusion of the testing process.
I violated the DRY (Don't Repeat Yourself) rule by doing:
https://github.com/PACY2/eco/blob/07fb51622161ba003ecd91a08f9927e3512d4c17/server/controllers/authController.ts#L11-L17
Due to the token provided, the verification test for expired tokens keeps failing.
Create the ui for :
Sign in.
Sign up.
Sign out
Reset Password
Forgot Password
Email Address confirmation
Profile
Dashboard Layout
When sending a post request on the register endpoint to the server with an empty firstName or lastName the server crashes.
A solution for that :
export const registerSchema = z.object({
- firstName: z.string(),
+firstName: z.string().min(3)
- lastName: z.string(),
+ lastName: z.string().min(3),
email: z.string().email(),
password: z.string().min(8),
password_confirmation: z.string().min(8)
})...You might also want to add a maximum length:
export const registerSchema = z.object({
- firstName: z.string(),
+firstName: z.string().min(3).max(60)
- lastName: z.string(),
+ lastName: z.string().min(3).max(60),
email: z.string().email(),
password: z.string().min(8),
password_confirmation: z.string().min(8)
})...You may also consider changing the status code of successful requests to the register endpoint to 201.
You may also want to change the unauthenticated message into unauthorized
The ceated user is missing isAdmin attribute
As the sole maintainer of this repository, I want to ensure that the code is consistent and error-free. Therefore, I suggest adding ESLint to the project, setting up Husky to enforce linting on pre-commit and pre-push hooks, and fixing the Prettier configuration.
ESLint is a widely-used tool for static code analysis that helps identify and fix common code issues. It also provides a set of rules that can be customized to enforce specific coding styles.
Husky is a Git hook manager that allows us to run custom scripts before committing or pushing code to the repository. We can leverage Husky to enforce ESLint rules on our code and prevent committing code that doesn't meet our standards.
Prettier is a code formatter that helps maintain consistent code styles across the project. However, the current Prettier configuration is not optimal, and we need to fix it to make sure our code is formatted correctly.
I propose the following tasks:
Install and configure ESLint to enforce coding standards.
Setup Husky to run ESLint on pre-commit and pre-push hooks.
Fix the Prettier configuration to make sure it formats code consistently.
Update the README file to document the new tools and configurations.
By implementing these tasks, we can improve the overall code quality and make the development process more efficient. As the only maintainer of this repository, it is my responsibility to ensure that the code is maintainable and easy to understand. Therefore, I appreciate any feedback or suggestions on how we can further improve the development workflow.
Currently, when a user resets their password, the Forgot Password token that was originally generated to initiate the password reset process remains active and can still be used to reset the password again. This poses a security risk as an attacker who gains access to the original Forgot Password email can use the token to reset the password even after the user has already done so.
To address this issue, the Forgot Password token should be automatically invalidated as soon as the user successfully resets their password. This will ensure that the token can no longer be used to reset the password again and improve the overall security of the system.
Errors persist in the $skip stage due to a negative skipping value.
curl --location 'http://localhost:3000/users?sort=firstName%3Adesc&project=name' \
--header 'Authorization: Bearer token' \
--header 'Cookie: accessToken=token; refreshToken=token'
Currently, our system allows for soft-deleting documents, which means they are marked as deleted but not removed from the system entirely. However, there is currently no way to permanently delete these soft-deleted documents if they are no longer needed.
To improve our system's functionality, we need to incorporate the ability to permanently delete soft-deleted documents. This will not only help to clean up our system but also ensure that sensitive or confidential information is removed completely.
express-async-errors dependency is not in the package.json file
https://github.com/PACY2/eco/blob/9b491569163037aa909d12f1e722d001f8f0035e/server/src/controllers/product.controller.ts#L155-L157
A few endpoints are not utilizing the updated approach for managing HTTP errors.
index
show
store
update
destroy
Seeding is a critical aspect of developing REST APIs as it allows for automated population of a database with large amounts of data. This enables developers to focus on building their project while ensuring that their database is adequately populated with relevant data.
The backend for categories has been completed, and now the user interface needs to be created. The following pages need to be designed:
Categories page (/categories) - This page should display a table of all the categories, with options to sort and paginate the table. It should also include a search feature to allow users to search through the categories. Links to edit and delete categories should also be included. This page should be accessible only via the protected path /dashboard, and should be added to the sidebar.
Create category page (/categories/create) - This page should have a form with input fields for the category name and an image. Before uploading the image, a preview of the image should be shown. This page should also be accessible only via the protected path /dashboard.
Edit category page (/categories/:id) - This page should have a form with the current category name and the current image. There should also be an option to delete the current image and upload a new one. This page should also be accessible only via the protected path /dashboard.
Note that all pages should be protected under the path /dashboard and added to the sidebar.
index
show
store
update
destroy
when an item is deleted from the database, it is permanently removed, which can be problematic if we need to recover it later. By implementing a soft delete feature, we can change the status of the deleted item to indicate that it has been deleted, but still keep the item in the database. This way, we can recover it if needed.
There are different ways to implement soft delete but one common approach is to add a deletedAt field to the database table. When an item is deleted, we would update the deletedAt field with the current timestamp, but the item would still exist in the database. Then, when querying the database, we would exclude items that have a non-null deletedAt value.
const categorySchema = new Schema({
name: {
type: String,
required: true,
unique: true,
dropDups: true
},
image: String
+ deletedAt: { type: Date, default: null }
})
Originally posted by @ID-JA in #7 (comment)
During my work on the front end, I observed that the backend was sending soft-deleted documents even though I didn't provide the trash query parameter. Additionally, I noticed that in pagination, the count didn't change even when the trash parameter was present
index
Show
store
update
destroy
This error occurs when concluding a response that involves waiting for a promise to be resolved, such as waiting for a User to be fetched from a database or simply using a sleep method.
The commands generated by the CLI contain unused request and response parameters, which result in TypeScript throwing errors.
As a user of the system, I would like to have the ability to delete my account and update my information whenever necessary. This would provide me with greater control over my personal data and enable me to manage my account more effectively.
Specifically, I would like to see the implementation of two functionalities:
Account Deletion: Users should be able to delete their accounts, including any associated data, through a simple and secure process. This feature is important to ensure that users have full control over their data and can delete their accounts if they so desire.
Information Update: Users should be able to update their personal information (e.g., email address, name, password) through a user-friendly interface. This feature is important to ensure that users can easily keep their information up-to-date and accurate.
Overall, the implementation of these two features would greatly enhance the user experience and provide users with greater control over their personal data.
index
store
update
destroy
Testing
Implement backend functionality to enable users to reset their passwords and confirm their email addresses. The password reset feature should allow users to enter their registered email address, receive a unique link via email, and set a new password on the password reset page. The email confirmation feature should send an email to the user's registered email address with a confirmation link to verify the email address. Users should only be able to make an order after their email addresses have been confirmed. These features are critical for the security of user accounts and can be implemented on the backend to provide a more user-friendly experience for our users.
The current testing process is taking an excessive amount of time to validate, which is causing delays in the development process. To address this issue, we propose incorporating Jest mocking into the testing process to simulate the behavior of certain components or modules without actually executing them.
By incorporating Jest mocking, we can reduce the overall time required for the validation process, which will lead to a more efficient and streamlined development process. This will help us to meet project timelines and budget while maintaining a high level of quality.
To implement Jest mocking, we will need to review the current testing process and identify areas where mocking can be applied. We may need to modify existing tests or create new ones to incorporate mocking techniques. Additionally, we may need to invest in training or resources to ensure that developers have the necessary skills and knowledge to effectively implement mocking in the testing process.
Overall, incorporating Jest mocking into the testing process will be a valuable addition to our development toolkit and will help us to achieve our goals more effectively.
While refactoring the code, it was discovered that the user model lacks a unique index on the email field.
https://github.com/PACY2/eco/blob/dev/server/models/User.ts#L13-L16
The current implementation of the login endpoint is allowing soft-deleted users to log in. This is a security issue as these users are supposed to be inactive and their data should not be accessible.
We need to update the login endpoint to disallow soft-deleted users from logging in. This can be achieved by checking the status of the user account before authenticating the login request. If the user account is soft-deleted, the login request should be rejected and an appropriate error message should be returned to the user.
This change will ensure that inactive user accounts remain inaccessible, and will improve the overall security of our system.
I would like to request the addition of several new features to the e-commerce app related to products. Here are the features I would like to see:
I believe these features would greatly enhance the user experience of the app and make it more competitive in the e-commerce market.
Currently, the Category and User models are using manual timestamps to track creation and modification times. This can be prone to errors and inconsistencies. To improve the accuracy and reliability of timestamps, it is recommended to update the models to include Mongoose timestamps.
This issue aims to update the Category and User models to utilize the Mongoose timestamps feature, which will automatically add "createdAt" and "updatedAt" fields to the models with the appropriate timestamp values. This will help maintain the consistency and accuracy of timestamps and simplify the code by removing the need for manual timestamp management.
To enable web app holders to log in and create their own admins later on, it's recommended to include a default admin in the web app. Without a default admin, users would need to modify the code in order to create an admin and gain access to the dashboard.
show
update
destroy
As part of our ongoing development efforts for the ecommerce app, we need to add two new user roles - Admin and Client - to the application. This will allow us to manage and differentiate between different types of users with different permissions and access levels.
The Admin role will have full access to all parts of the application, including the ability to create and manage products, update user accounts, and view reports. The Client role, on the other hand, will have limited access, allowing them to browse products, make purchases, and manage their own accounts.
Documenting API endpoints is crucial to ensure that developers who use our API have a clear understanding of each endpoint's functionality and how to use them. By doing so, we can improve the user experience and facilitate the integration of our API into developers' applications. Without proper documentation, developers might struggle to understand how to use our API, leading to frustration and potentially discouraging them from using it altogether. By taking the time to document all API endpoints, we can make it easier for developers to understand and utilize our API effectively.
We should include the following information for each endpoint:
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.