OrtoPlan

Simple yer useful app to manage plants' care with treatments planning & weather notifications functionalities

Table of contents

Built in - Technologies
Modules References
Installing Dependencies
Environmental Variables
Database Entity Relationship model
App Routes
Hashing methods
Testing Backend Endpoints
Functionalities roadmap

---

Built in - Technologies

---

Technologies References

Core Functionalities

Express.JS | CORS | NodeMailer | RateLimiter | EJS | Moment.JS | PostCSS | Tailwind CSS | DaisyUI | Prisma ORM | Redis

Hashing & security

Argon2 | CSRF

Login Methods

JWT

---

Installing App Dependencies

To quickly install all modules used in this project, just run npm install in your terminal and you'll be good to go!

DISCLAIMER: in order to correctly execute this command you will need to install Node.JS in your system since it's the main requirement to run the app.

---

Environmental Variables

All the application's related variables such as the DB connection credentials and the JWT Secret are securely stored in the virtual environment (not included in this repository for security purposes since personal data is used).

Below a list and explanation of all the used virtual environment's variables.

Variable Name	Usage
PORT	Express.JS Backend application port.
RAPIDAPI_KEY	RapidAPI Key (used to compile the DB with some sample plants from HousePlants API)
UNSPLASHAPI_KEY	Unsplash API ClientID (used to get some stock images for plants and plantations). Documentation for this api here
JWT_SECRET	Json Web Token's secret used to sign and validate each token received from HTTP requests
DATABASE_URL	URL to connect to database. with Prisma ORM
JWT_USER_ACTIONS_SECRET	Json Web Token's secret for user email verification & password reset code generation
MAILING_SYSTEM_ADDRESS	Email address for mailing system functionality
MAILING_SYSTEM_PASSWORD	Password for Email access
FRONTEND_ADDRESS	Application's Front-End side hostname
FRONTEND_PORT	Application's Front-End side port

NOTE: For this project the database is locally hosted so the environmental value for DATABASE_URL will be something like this: mysql://root@localhost:3306/OrtoPlan.

---

Database

To quickly setup the database with all the tables and relations, follow the following instructions:

• Create a MySQL schema
• Change your terminal's directory to OrtoPlan/backend (command to change directory in terminal may vary based on the shell you're using)
• While located in the backend directory, run npx prisma db push to create all the tables based on the schema.prisma file, and npx prisma generate to generate the prisma client file which will be used to handle and craft all the queries.

If you want to test this project yourself, you can compile the Plant and Location tables by just running npm run setupDB and wait for completion.

DISCLAIMER: in order for this to work you have to first set the RAPIDAPI_KEY as well as the UNSPLASHAPI_KEY API Keys since all data obtained comes from external sources.

---

App Routes

All the main routes for this application start with /api/ and are mainly used to retrieve, add, and update values from/to the Database.

The routes responsible for user authentications are /user/login, and /user/signup. Both routes return the final user, obtained from Database Read (in case of login) or new user creation (in case of signup).

To enhance security, all routes starting with /api/ require the user to be authenticated; such validation is made by verifying the Bearer Token sent along with the request in the header. If it's not valid or it's valid but the user does not exist anymore, the server returns a 401 Unhauthorized status code and the user needs to re-authenticate again with a valid JWT before making any request.

Such token validation is made through the isLoggedIn Middleware, which:

• Checks if the Bearer token is in the req.header
• Decodes it and gets the userID field from the Token's Payload
• Makes a findUniqueOrThrow query to the database and checks if the Prisma Promise Resolves or Rejects to consequently return a 200 OK status code if it still exists or a 402 Unhauthorized in case the Promise Rejects

---

Hashing methods

All user-related sensitive data such as passwords are securely hashed and stored in the database using the Argon2id algorithm. To manage and verify such data, argon2 module is being used, in particular the argon2.hash() and argon2.verify() functions with default memory cost, time complexity, and parallellism values.

---

Testing Backend Endpoints

If you want to test your backend endpoints without running the Frontend server as well, a Postman Workspace has been created with all the web application's endpoints and core functionalities

---

Functionalities Roadmap

I aim to keep this repository updated for as long as possible, all the future updates, improvements and ideas are listed below:

• User email verification functionality (Released in v1.1) 🎉
• Password recovery functionality (Released in v1.1) 🎉
• Anti-CSRF Token (Released in v1.1.2)
• Google/GitHub login functionality
• Plantations sharing and collaboration functionality
• Plant finder with Algolia Search API
• Plants creation functionality
• General styling improvements
• User deletion confirmation functionality improvement
• And more to come... 👀