mhmadalaa / bookipedia Goto Github PK

user now not linked with app resources, so as we currently add authentication functionalities, we can easily linked all of that with the logged in user

handle user, cover images efficiently

endpoint to get specific user books is not implemented

The problem we have is
right now we have books, documents, two different mongodb collections.
so the unique identfier for each (id) is provide the uniqeness only for each collection.
but we need to apply the uniquenss for booth (books, documents), why??
tasks like ask AI Questions or Chat will force us to create multible routers, controllers to handle this to make the operation of dealing with client-backend-ai by id is provide a really identfing key

in conclusion to provide a unique key to make the operations more optimal and not increasing overhead for each part of code-functionallity,
we need to just add a unique key across two collections (books and documents)

I chat with chatGpt to get a hints to start with, and that's the conversation
https://chat.openai.com/share/3793c306-2c49-4e24-8a6c-1361df347fa7

when we deployed the api in different machines, it raised a bug where the Date.now() function creates a different date across to machine timezone, where it shouldn't do that behavior.
nodejs doesn't do that, but mongoose driver do this issue.
so, we need to globalize the way that all the application create the date with. and it should be based on UTC

After finishing phase1 we need to take a look to database schemes to index some fields to make querying the data more efficient

• Design the starter database diagram to the project

maybe the .env file is not updated

add to docs branch

Implement different endpoints to perform CRUD operations and some bussiness logic needs on BOOKS Database

• create notes as it's available one note for each page
• implement crud operations to the one note

we need to add the admin role functionality, how it will be handled. and if there will be a pecial authentication for him or not

• eslintrc - linting tool
• prettier - formatter

Add linter to catch errors, apply code best practices, etc..
Formatter to automate the process of code formatting which make it easier to write and read code.

source to read about them https://www.freecodecamp.org/news/using-prettier-and-jslint/

• book authors model
• book categories to book model

add documentation about the project structure for each folder purpose and a brief description of important files

in branch => docs #1

let book cover images being accessd and stored in public folder with .jpg extenstion

Implement backend endpoints to accept client requests to AI

• text questions about current book/document
• text to speech functionality
• chapters and books summarization
• merge code with other db models and functionality

milestones

• create user model
• configure JWT

we take only the otp from user and search just with it!
but what if simply randomize through 5 numbers and attack the endpoint!
simply you can access many accounts with that!!
so, we need to take the email also as input with otp and find in databse with the compination of them

write the documentation for AI endpoints for the integration between backend-ai

There is a securtiy bug in this login code
as now if someone needs to attack the app, it can easily discover what is the emails subscripe in our application by just enter random emails. and then work on these collected emails and try to discover what is there passwords.
but what if the hacker only get generic error response in this case! aka not a valid email or password?? it cannot easily discover what your subscriped emails?

according to owsap auth guidlines also https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Authentication_Cheat_Sheet.md#authentication-and-error-messages

• handle documents that needs to apply OCR from AI-API
  hint: we can use our get book/document to test saving the edited pdf file from AI
  problem: may be the time that AI takes to process the ocr operation

there still an issue while figuring out how we can identify from client requests that is the sended id needed some operations is a book or a document id?
so until this point there will be a field in the response from book or document model say: book: true, or document: true
and when requesting when any file url it will be required from the request to have a query parameter called /type?book=true or /type?document=true to apply the integrity above books and docuemnts without any false-referencing

acually this problem we may face only for these two rotuers

because they do one jop for both books and documents and not an idivdual endpoints for backend, we will integrate with ai-api throw it! so it needs to focs on that only throw endpoints requirements or request body