BNMOBOXD REST Service is a backend service for BNMOBOXD - Curators. This Service provides backend for handling Curators' Authentication, Reviews Creation, and Subscription Management. This Service is built with Expressjs and uses postgresql database along with Redis for caching.
This service should be used along with:
User |
---|
id |
username |
password |
firstName |
lastName |
isAdmin |
reviewCount |
profileImage |
bio |
Review |
CuratorReview |
---|
id |
rating |
review |
filmId |
userId |
createdAt |
updatedAt |
FK:
CuratorReview(userId) -> user(id)
UserVerification |
---|
userId |
status |
createdAt |
FK:
UserVerification(userId) -> user(id)
This service provides the following API endpoints
METHOD | ENDPOINT | ROLE |
---|---|---|
POST | /auth/login | public |
POST | /auth/register | public |
GET | /curator | admin |
GET | /curator/:id | admin |
GET | /curator-review | curator |
GET | /curator-review/:id | curator |
POST | /curator-review | curator |
PUT | /curator-review/:id | curator |
DELETE | /curator-review/:id | curator |
GET | /film | public |
GET | /subscription | admin |
PUT | /subscription | admin |
GET | /user-verification | admin |
PUT | /user-verification/:id/verify | admin |
PUT | /user-verification/:id/reject | admin |
- Docker
- Install requirements
- Clone repository
- By default, this app uses port
3000, 8003, 6379
but it can be modified throughdocker-compose.yml
.
cd
to repository's root- Make a env file
.env.production
- Fill the file
.env.production
referring toenv.example
, make sure to include the correct endpoint for the other services - Open terminal and run
docker compose up -d
- From the docker terminal do
npx prisma db seed
or alternativelypnpm run prisma:seed
13521044 | 13521047 | 13521107 |
---|---|---|
Curator Review CRUD | User Verification Service | Get subscriptions from SOAP |
GET films from PHP | User Verification Controller | Update subscriptions on SOAP |
Auth | Review and Testing | Review and Testing |
Project Initialization | ||
Middlewares | ||
Error Handling | ||
Docker | ||
User Verification Repository | ||
PHP Client | ||
SOAP Client | ||
Upload Profile Picture | ||
Edit Profile |
- Docker
- Redis Cache
Nama | NIM |
---|---|
Rachel Gabriela Chen | 13521044 |
Muhammad Equilibrie Fajria | 13521047 |
Jericho Russel Sebastian | 13521107 |
1. HTTP Parameter Pollution
This app is secure from HTTP Parameter Pollution
Attack.
HPP (HTTP Parameter Pollution) is a vulnerability that arises when multiple values are assigned to the same parameter in an HTTP request, leading to unexpected behavior in the application. This can occur due to the way the application processes and interprets the input parameters.
This service uses the library hpp
to prevent HPP attack.
In the image below, the service only reads the last parameter for page
which is 2
2. JWT Attack
This app is secure from JWT Attack
. JWT injection occurs when an attacker manipulates the content of a JWT to tamper with the claims or inject additional data. For example, an attacker might modify the user ID claim to impersonate another user. There are other types of JWT Attack as well, such as Brute Force etc.
This app uses: