A place for us to store code for xdhacks 2021.
Setup Postgres
$ sudo apt update
$ sudo apt-get update
$ sudo apt install libpq-dev python3-dev
$ sudo apt-get -y install postgresql
$ sudo service postgresql restart # if error
$ sudo -u postgres psql
postgres=# CREATE DATABASE flask;
postgres=# \password postgres
postgres=# \q
Activate venv
$ sudo apt install -y python3-pip python3-venv git
$ python3 -m venv venv
$ . venv/bin/activate
Setup nginx
$ sudo apt install -y nginx
$ sudo rm /etc/nginx/sites-enabled/default
$ sudo nano /etc/nginx/sites-enabled/swappy
server {
listen 443 ssl http2;
ssl_certificate /root/xdhacks/keys/origin_cloudflare.pem;
ssl_certificate_key /root/xdhacks/keys/origin_cloudflare_key.pem;
server_name swappyapp.me www.swappyapp.me;
location /static {
alias /root/xdhacks/project/static;
}
location / {
proxy_pass https://127.0.0.1:8000;
include /etc/nginx/proxy_params;
proxy_redirect off;
}
}
$ sudo nano /etc/nginx/nginx.conf
client_max_body_size 16M;
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_types image/* text/plain text/css application/json application/javascript text/xml text/html application/xml application/xml+rss text/javascript;
$ sudo systemctl restart nginx
Setup supervisor
$ sudo apt install -y supervisor
$ sudo nano /etc/supervisor/conf.d/swappy.conf
[program:swappy]
directory=/root/xdhacks/
environment=PATH="/root/xdhacks/venv/bin"
command=start.sh
user=root
autostart=true
autorestart=true
stopasgroup=true
killasgroup=true
stderr_logfile=/var/log/swappy/error.log
stdout_logfile=/var/log/swappy/out.log
$ sudo mkdir -p /var/log/swappy
$ sudo touch /var/log/swappy/error.log
$ sudo touch /var/log/swappy/out.log
$ sudo systemctl start supervisor
$ supervisorctl # monitoring
Install java
$ sudo apt install -y default-jre
Migration commands
$ flask db init
$ flask db migrate
$ flask db upgrade
Run flask
$ pip3 install -r requirements.txt
$ openssl req -x509 -newkey rsa:4096 -nodes -out keys/cert.pem -keyout keys/key.pem -days 365
$ gunicorn -c wsgi_config_debug.py wsgi:app
or
$ chmod +x *.sh
$ source venv.sh
$ ./setup.sh
$ ./start.sh
-
Log in with Google
-
CSRF Protection, especially during log-in
-
User API - Get self detail (GET
/api/v1/user/detail) -
User API - Get other detail (GET
/api/v1/user/detail?userId=_) -
User DB - Add
contactInfoTEXT(300) field in db + bleach. -
User API - Update self detail (PATCH
/api/v1/user/update) -
User Template - Read-only
-
User Template - Use classes
-
User Template - Editable Fields
-
Add Toasts for handling API errors.
-
Use UUIDs
-
Use Postgres
-
User Template - Server side validation and sanitizing.
-
User Template - Get specific user details
-
User Template - Clicking on 'show listings' redirects to Listing Template
-
Listing API - Upload (POST
/api/v1/listing/upload) -
Listing API - Validate file size and type
-
Sell Template - Google Books API
-
Sell Template - Price, Condition
-
Sell Template - Upload Image
-
Sell Template - Descriptors
-
Sell Template - handle Upload Logic
-
Sell Template - fix radio
-
Sell Template - add no image avaliable
-
Listing API - Get user's listing (GET
/api/v1/listing/detail?userId=< >) -
Listing Template - Get user's listing
-
Listing Template - Open image
-
Listing API - Set visibility (PUT
/api/v1/listing/toggleOpen?listingId=___) -
Listing Template - Set visibility
-
Listing API - Delete listing (DELETE
/api/v1/listing/delete?listingId=___) -
Listing Template - Delete listing
-
Listing Template - Get specific user listing
-
Market Template - Get list of googleIds from query
-
Market API - Aggregate listings by book id from list of google book ids (GET
/api/v1/market/aggregate?bookids=[____]) -
Market Template - Show aggregated listings
-
Market API - Get all listings with specific book id (GET
/api/v1/listing/detail?bookid=___) -
Market Sub-template - Basic routings
-
Market Sub-template - Show book information from Google
-
Market Sub-template - Display all listings offered by that user
-
Market Sub-template - Clicking on username redirects to User Template
-
Offer API - Create Offer (POST
/api/v1/offer/create{"listingid": listingid}) -
Market Sub-template - Clicking on create offer redirects to Dashboard Template, disables button
-
Offer API - Get all buyer and seller offers (GET
/api/v1/offer/detail) -
Dashboard template - Automatically fetches all buyer and seller offers
-
Market Sub-template - If offer is seller, or buyer already has offer, disable create offer button
-
Dashboard API - System messages (GET
/api/v1/dashboard/messages) -
Dashboard template - get messages belonging to user.
-
Offer API - Create Offer queries Google for book name, then sends notification to message centre
-
Dashboard template - Handle buyer/seller toggle
-
Dashboard template - show book information
-
Dashboard template - show offer information
-
Dashboard template - show buyer/seller information
-
Dashboard template - show my information visibility
-
Dashboard template - add buyer/seller detection
-
Offer API - Toggle Publicity (buyer and seller, PATCH
/api/v1/offer/togglePublicity?offerid=____) -
Dashboard template - toggle publicity of contact information
-
Offer API - Cancel Offer (buyer and seller, DELETE
/api/v1/offer/cancel?offerid=____) -
Dashboard template - Clicking on cancel offer refreshes page automatically.
-
Offer API - Complete Offer (seller only, DELETE
/api/v1/offer/complete?offerid=____) -
Dashboard template - Clicking on complete offer refreshes page automatically.
-
Dashboard template - Manual and automatic updates refreshes box.
-
Listing API - Deleting Listing causes all offers to be deleted.
-
Listing, Offer API - Delete Listing, Cancel Offer, Complete Offer sends notification to message centre.
-
Offer API - Private information granted sends notification to message centre.
-
Show error message if user attempted to cancel/complete offers that are no longer avaliable.
-
Focus/update previous box if selected.
-
Dashboard API - Split notificaton.
-
Dashboard Template - Split notificaton.
-
Dashboard Template - Automatic notification polling
-
All templates - Fix duplicate requests due to multiple event listeners.
-
Post-signup redirecting and handling
-
Listing Template - Modal box on delete listing
-
Market Sub-template - Modal box on create offer
-
Make email as private information, toggleable
-
Make contact information to be private by default
-
Welcome Template
-
About us Template
-
Help Template - Stress user responsibility!
-
Base and Help Template - Quick links to help
-
Privacy Policy Template
-
Terms of service Template
-
I agree to TOS and privacy policy confirmation in Signup Template
-
disallow web crawlers with robots.txt
-
/favicon.ico
-
Flask-Mail
-
Fix notification bug
-
Remove buyer/seller toggle
-
Settings Template - Add email notifications toggle
-
Messages API - Add email with Flask-Mail
-
Show unsupported warning on mobile
-
Add meta (e.g. for discord)
-
Use Google Chat API (service accounts) instead of emails.
-
Make relative time from now update dynamically
-
Site-wide notification polling.
-
Market API: Book Sort and Listing sort and filter
-
Cache Book Names, ISBNs and use full-text search for Market Template
-
Image override if image isn't avaliable
-
Upgrade short polling to SSE
-
Add statistics to homepage, etc. user count, book count, successful transfer count
-
Admin accounts (regenDB, inventoryControl)
-
Conform to REST standards
-
Optimise Error Handling Algorithm
-
Remove useless modules in
requirements.txt -
About us - add email
-
Listing Negotiable instead of user negotiable
-
Modal for enabling public information
-
email notification
-
Book list
-
School-specific domains
-
Use SCSS instead of CSS
- Enable CSRF in API
- Flask-Compress (gzip)
- Flask-Assets (minify js)
- Flask-Assets (minify css)
- Minify HTML
- Final read-through API for vulnerabilities
- .env
- Download SSL certificates from Cloudflare
- https://digitalocean.com/community/tutorials/how-to-add-authentication-to-your-app-with-flask-login
- https://realpython.com/flask-google-login/
- https://codepen.io/P1N2O/pen/pyBNzX
- https://gethalfmoon.com/docs/introduction/
- https://developers.google.com/identity/protocols/oauth2/openid-connect
- https://developers.google.com/people/image-sizing
- https://stackoverflow.com/
- https://codepen.io/gabrielcojea/pen/ExPaBzQ
- https://github.com/Igor-ua/python-shared/blob/master/sv_discord/sv_discord.py
- https://stackoverflow.com/questions/55030714/c-python-asyncio-running-discord-py-in-a-thread
- https://stackoverflow.com/questions/1909441/how-to-delay-the-keyup-handler-until-the-user-stops-typing