Simple yet useful app to manage plants' care with treatments planning & weather notifications functionalities

To quickly install all modules used in this project, just run npm install in your terminal and you'll be good to go!

All the application's related variables such as the DB connection credentials and the JWT Secret are securely stored in the virtual environment (not included in this repository for security purposes since personal data is used).

Below a list and explanation of all the used virtual environment's variables.

To quickly setup the database with all the tables and relations, follow the following instructions:

• Create a MySQL schema
• Change your terminal's directory to OrtoPlan/backend (command to change directory in terminal may vary based on the shell you're using)
• While located in the backend directory, run npx prisma db push to create all the tables based on the schema.prisma file, and npx prisma generate to generate the prisma client file which will be used to handle and craft all the queries.

If you want to test this project yourself, you can compile the Plant and Location tables by just running npm run setupDB and wait for completion.

All the main routes for this application start with /api/ and are mainly used to retrieve, add, and update values from/to the Database.

The routes responsible for user authentications are /user/login, and /user/signup. Both routes return the final user, obtained from Database Read (in case of login) or new user creation (in case of signup).

To enhance security, all routes starting with /api/ require the user to be authenticated; such validation is made by verifying the Bearer Token sent along with the request in the header. If it's not valid or it's valid but the user does not exist anymore, the server returns a 401 Unhauthorized status code and the user needs to re-authenticate again with a valid JWT before making any request.

Such token validation is made through the isLoggedIn Middleware, which:

• Checks if the Bearer token is in the req.header
• Decodes it and gets the userID field from the Token's Payload
• Makes a findUniqueOrThrow query to the database and checks if the Prisma Promise Resolves or Rejects to consequently return a 200 OK status code if it still exists or a 402 Unhauthorized in case the Promise Rejects

All user-related sensitive data such as passwords are securely hashed and stored in the database using the Argon2id algorithm. To manage and verify such data, argon2 module is being used, in particular the argon2.hash() and argon2.verify() functions with default memory cost, time complexity, and parallellism values.

If you want to test your backend endpoints without running the Frontend server as well, a Postman Workspace has been created with all the web application's endpoints and core functionalities

I aim to keep this repository updated for as long as possible, all the future updates, improvements and ideas are listed below:

• User email verification functionality (Released in v1.1) 🎉
• Password recovery functionality (Released in v1.1) 🎉
• Anti-CSRF Token (Released in v1.1.2)
• Google/GitHub login functionality
• Plantations sharing and collaboration functionality
• Plant finder with Algolia Search API
• Plants creation functionality
• General styling improvements
• User deletion confirmation functionality improvement
• And more to come... 👀