This is a self learning project done during my free hours for the SP Movies app, which I got a score of 10/100. It is completed and no longer maintained.
Project started on 15 August 2022 and completed/hosted successfully on 5 September 2022.
Javascript MySQL CSS HTML
jQuery, Bootstrap
test
- Clone the repository
- Execute dumpfile_new.sql in MySQL database to create the database schema and tables
- Go backend folder and Run
npm installto install all the dependencies - Run
npm startto start the backend server - Go frontend folder and Run
npm installto install all the dependencies - Run
npm startto start the frontend server - Open the browser and go to
http://localhost:3001to view the app
| Password | User Role | |
|---|---|---|
mary@email.com |
password |
Customer |
admin@email.com |
password |
Admin |
- Guest, Customer and Admin user roles
- Guest operations include
- Viewing movies on the homepage
- Searching for movies with server side filtering
- Viewing movie details on a movie page
- Viewing the actual movie trailer on a movie page
- Viewing comments on a movie page
- Viewing ratings and reviews on a movie page
- Customer operations include
- All
Guest Operations - Adding/Removing movies to/from the favourite list
- Adding/Removing reviews and ratings for a movie
- Leaving comments on a movie page
- Viewing Profile page
- Viewing the favourite list on Profile page
- Account settings such as editing profile, changing password, deleting account, requesting Admin role on Profile page, changing profile picture, etc
- Deleting/Going to the movie page from list of favourite movies on Profile page
- All
- Admin operations include
- All
Guest Operations - All
Customer Operations - Editing/Removing movies from the homepage/database
- Administrations page
- Adding movies
- List of genres to choose from are fetched from the database, with proper options listed out
- Adding genres, deleting/editing genres
- Managing users operations such as promoting/demoting user roles, deleting users, etc
Exciting Birdwatch view with 2 responsive buttons to control the birds
- Adding movies
- All
- Image upload for profile picture and movie poster with Multer
- Proper global error handling with custom stylish alerts
- Proper input validation
- Protection from Broken Access Control and SQL Injection
- Vulnerable to some attacks (I did not focus on security for this project)
- Broken Authentication
- Poor storage of authentication tokens
- Tokens never expires
- Sensitive Data Exposure
- Passwords are stored in plain text
- No encryption of sensitive data such as password
- Possible Cross-Site Scripting (XSS) attacks
- Lack of CSRF protection
- Security Misconfiguration
- Many security headers are not set
- No logging/monitoring
- Broken Authentication
- A few pages are not designed properly
- Does not have search for movies by genre
- No pagination
- No sorting
- Application may look strange on mobile devices
- No input validations for areas such as movie date, duration, comments, reviews, etc
Link to hosted application: https://sp-movies.netlify.app
Going to this link is rather buggy. Some errors occur with multer image upload, along with inconsistency in fetching movie reviews, and possibly more undiscovered. I did not put time to fix these as the backend which is hosted with Heroku and using free products are going away in a few months. The loading of certain pages and elements and data fetching is not consistent as well. This slow data fetching may not allow some parts of pages to load properly.
