https://github.com/nxdun/timetide

Generates University timetable in weekly basis with Lecturer,Hall,Course,Resources Management
https://github.com/nxdun/timetide

documentation react security testing

Last synced: 2 months ago
JSON representation

Generates University timetable in weekly basis with Lecturer,Hall,Course,Resources Management

Host: GitHub
URL: https://github.com/nxdun/timetide
Owner: nxdun
Created: 2024-04-19T05:21:02.000Z (about 1 year ago)
Default Branch: main
Last Pushed: 2024-05-04T15:04:17.000Z (about 1 year ago)
Last Synced: 2025-02-12T15:18:56.502Z (4 months ago)
Topics: documentation, react, security, testing
Language: JavaScript
Homepage:
Size: 1.08 MB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

        
#  🧭TimeTide 

⭐ [Link to API Documentation](https://documenter.getpostman.com/view/28802704/2sA35BbPtc)

⭐ [Link to all diagrams](https://rentry.co/diagramsforaf)

⭐ [security test results](https://rentry.co/burptestresults)

## Table of Contents

- [🧭TimeTide](#timetide)

  - [Table of Contents](#table-of-contents)

  - [Description](#description)

  - [Installation](#installation)

  - [How-to-Run-Tests](#how-to-run-tests)

  - [Setting-enviroment-variables](#setting-enviroment-variables)

  - [Usage](#usage)

  - [Problems-Faced](#problems-faced)

  - [Security-Test](#security-test)

  - [License](#license)

  - [Contact](#contact)

## Description

TimeTide is a backend API designed for seamlessly managing university timetables. It provides

- Endpoints for CRUD operations on various resources related to timetables

- Endpoints for user authentication operations

- Endpoints for generating services related to timetables

- Endpoint for Notification handler

...

## Installation

To install TimeTide, follow these steps:

1. Clone the repository from GitHub.

2. Navigate to the project directory.

3. Install dependencies using `npm install`.

4. Set up environment variables in a `.env` file (Place .env File On Backend Folder)

5. Start the server using `npm run dev`(Path:backend).

## How-to-Run-Tests

- Clone the repository from GitHub

- `cd backend`:go to Backend folder

- Create `.env` File in there  and set all enviroment variables

- `npm install `:install all packages (Testing libraries are on Developement dependacies)

-  `npm run test1 `:Runs all Unit Tests

-  `npm run test2 `:Runs all Unit + Intergration Tests

## Setting-enviroment-variables

- `PORT`: (Specify the port number your server will run on)

- `MONGOSTRING`: "mongodb+srv:// "

- `JWT_SECRET`: (Specify your JWT secret key)

- `ADMIN_USERNAME`: (Specify admin username)(only for First time use)

	-  Refer `POST : /v1/auth/register` in [📖 Documentation ](https://documenter.getpostman.com/view/28802704/2sA35BbPtc)

	- remove this enviroment varaible after use

	- you can have many admins but specify them like this first to add another admin

- `ADMIN_PASSWORD`: (Specify admin password)(onlyfor First time use)

## Usage

After installation, you can use the following endpoints:

POSTMAN BACKEND DOCUMENTATION : [Link to Postman Backend Documentation]([>>](https://documenter.getpostman.com/view/28802704/2sA35BbPtc)) 

- 🔒`/v1/api`: Endpoints for CRUD operations on timetables and related resources.

- 🔓`/v1/auth`: Endpoints for user authentication operations.

- 🔒`/v1/generate`: Endpoints for generating services related to timetables.

- 🔒`/v1/notifications`: Endpoints for handling notifications.

Ensure you have proper authentication tokens to access protected endpoints.

## Problems-Faced

Problems that have been addressed:

1. MongoDB schema designing: circular reference between tables(Booking and Courses)

		FIX: Removed Object Refereence From Courses (Not Required, Easily recreated Project Thanks to loosely Coupled design)

2. Chai-http wont Run on Common js module

		FIX: Used supertest For Intergration Testing

## Security-Test

Used Burp Suite to Check Security vulnerability

- Found out TimeTide is vulnerable for XSS attacks

FIX:

	- `npm install helmet` : installed helmet npm package and set important security headers "`X-XSS-Protection: 1; mode=block`,`X-Content-Type-Options: nosniff`, `Strict-Transport-Security: max-age=63072000; includeSubDomain`...)

- Found out TimeTide is vulnerable for DOS attacks

FIX:

	- `npm install express-rate-limit` : installed express rate limiter package and limited , this rate limiter configuration allows up to `100` requests per IP address every `15` minutes. If a client exceeds this limit, they will receive a "Service Unavailable" response

## License

TimeTide is licensed under the ISC License. See [LICENSE](LICENSE) for more information.

## Contact

For any inquiries or assistance, feel free to contact the project maintainer:

- Name: Lakshan S N

- Email: [[email protected]](mailto:[email protected])

- GitHub: [github.com/nxdun](https://github.com/nxdun)

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/nxdun/timetide

Awesome Lists containing this project

README