"Practices for the development of secure software" is a project focused on implementing secure software development practices.
-
Clone the repository:
git clone https://github.com/Vukajlo01/Osnove-informacione-bezbednosti.git
-
Navigate to the project directory:
cd Osnove-informacione-bezbednosti/app
-
Install dependencies:
npm install
-
Navigate to the api project directory:
cd Osnove-informacione-bezbednosti/app
-
Install dependencies:
npm install
To start the development server, run:
npm run startdev
This command will start the server locally and make it accessible at http://localhost:port
. Replace port
with the appropriate port number specified in your environment variables.
Following API endpoints are available:
POST /api/user/create
: Creates a new user. Requiresuid
,email
,firstName
,lastName
,date
, andu_role
in the request body. Returns status codes and payload based on user creation.POST /api/user/newAccount
: Creates a new user account in the Firebase Authentication database and Firestore. Requiresuid
,userProperties
, anduserData
in the request body. Responds with status codes and payload based on the account creation process.POST /api/user/getById
: Retrieves user details by UID. Requiresuid
in the request body. Returns user data or appropriate error messages.POST /api/user/getRoleByUid
: Retrieves the role of a user by UID. Requiresuid
in the request body. Responds with the user's role or error messages.POST /api/user/get
: Retrieves all users. Requires appropriate authorization (e.g., admin role) to access. Returns user data or permission error.POST /api/user/updatePicture
: Updates a user's profile picture. Requiresuid
andphotoBase64
in the request body. Responds with success status or errors.POST /api/user/update
: Updates a user's profile. Requiresuid
,firstName
,lastName
, anddate
in the request body. Returns updated user data or error messages.POST /api/user/update/admin
: Allows an admin to update user data. Requiresuid
anddata
in the request body. Responds with success status or errors.POST /api/user/delete
: Deletes a user's account. Requiresuid
in the request body. Responds with deletion status or errors.POST /api/user/delete/guid
: Allows an admin to delete a user account by UID. Requiresuid
in the request body. Responds with deletion status or errors.
GET /api/roles/get
: Retrieves all roles. Requires appropriate permissions to access. Returns role data or permission error.
GET /api/products/get
: Retrieves all products. Requires appropriate permissions to access. Returns product data or permission error.POST /api/products/getProductsPerSellerUid
: Retrieves products associated with a specific seller UID. Requiresuid
in the request body. Returns product data or permission error.POST /api/products/create
: Creates a new product. Requires various product details in the request body. Responds with creation status or errors.POST /api/products/update
: Updates a product's details. Requires updated product information in the request body. Responds with updated product data or errors.POST /api/products/delete
: Deletes a product. Requiresuid
in the request body. Responds with deletion status or errors.
POST /api/orders/create
: Creates a new order. RequiresbuyQuantity
,buyerUid
, andproduct
in the request body. Responds with order creation status or errors.POST /api/orders/getOrdersPerBuyer
: Retrieves orders for a specific buyer UID. Requiresuid
in the request body. Returns order data or permission error.POST /api/orders/get
: Retrieves all orders. Requires appropriate permissions to access. Returns order data or permission error.
GET /api/genres/get
: Retrieves all genres. Requires appropriate permissions to access. Returns genre data or permission error.
POST /api/audits/create
: Creates a new audit. RequiresmessageType
andmessage
in the request body. Responds with audit creation status or errors.POST /api/audits/get
: Retrieves all audits. Requires appropriate permissions to access. Returns audit data or permission error.
ANY /(.*)
: Redirects eroror page.
Each endpoint performs specific actions and requires certain parameters in the request body. It responds with relevant data or error messages based on the operation performed.
Contributions are welcome! If you find any issues or would like to enhance the project, feel free to create a pull request or report an issue in the Issues section.
This project is licensed under the [MIT LICENCE] License - see the LICENSE file for details.