Milestone Project 1 (Full Stack Development) - A comprehensive quiz platform for creating, managing, and distributing quizzes with AI-powered question generation and automated PDF certificate issuing.
- User Authentication: Secure JWT-based session management with bcrypt password hashing
- Quiz Management: Create, edit, and delete unlimited quizzes with custom passing scores
- Question Management:
- Manually add/edit multiple-choice questions
- AI-powered automated question generation via ASI:One API
- Support for difficulty levels (easy, medium, hard) and topic depth
- Access Codes: Generate and manage student access codes with expiration dates and enable/disable functionality
- Results Dashboard: View comprehensive student attempt statistics and performance metrics
- Real-time Stats: Track total quizzes, questions, attempts, and pass rates
- Quiz Access: Join quizzes using unique access codes
- Interactive Quiz Interface:
- Keyboard navigation (arrow keys)
- Progress tracking with resume capability
- Auto-saving of answers during quiz
- Instant Scoring: Real-time evaluation with detailed results
- Certificate Generation: Auto-generated professional PDF certificates for passing attempts
- No Authentication Required: Quick and simple access for students
- Security:
- CORS protection with configurable origins
- Rate limiting (memory-based or Redis-backed)
- SQL injection prevention via parameterized queries
- XSS protection through HTML sanitization
- CSRF token validation for certificate downloads
- Optional Redis: Persistent sessions and distributed rate limiting
- Scalable Architecture: MySQL connection pooling, async/await, error handling
- Responsive Design: Mobile-friendly UI with smooth interactions
| Layer | Technology |
|---|---|
| Backend | Node.js, Express.js 5.x |
| Database | MySQL 8.0+ |
| Authentication | bcrypt, custom JWT sessions |
| PDF Generation | PDFKit |
| AI Integration | ASI:One API (asi1.ai) |
| Caching/Sessions | Redis (optional; in-memory fallback) |
| Frontend | HTML5, CSS3, Vanilla JavaScript |
| Rate Limiting | Custom middleware (memory/Redis) |
- Node.js 18.0.0 or higher
- npm 9.0.0 or higher
- MySQL 8.0 or higher (5.7+ may work but untested)
- Git (recommended)
- Redis 6.0+ (for persistent sessions and distributed rate limiting; in-memory fallback works for development)
- ASI:One API Key (required for AI question generation; free tier available at asi1.ai)
git clone <repository-url>
cd MSP1-FSD
npm install# Copy the example environment file
cp .env.example .env
# Edit .env with your configuration
nano .env # or use your preferred editorRequired .env variables:
PORT=3000
DB_HOST=localhost
DB_USER=root
DB_PASS=your_mysql_password
DB_NAME=quiz_db
CERT_TOKEN_SECRET=your-random-secret-key
ASI_API_KEY=your_asi1_api_key[Detailed .env reference guide below]
# Using MySQL CLI
mysql -u root -p < database_schema.sql
# Or manually:
mysql -u root -p
mysql> CREATE DATABASE IF NOT EXISTS quiz_db;
mysql> USE quiz_db;
mysql> source database_schema.sql;Database includes tables for:
- Teachers (authentication)
- Quizzes (quiz metadata)
- Questions (quiz content)
- Access Codes (student access management)
- Results (quiz attempt scores)
# Development (with auto-reload using nodemon)
npm run dev
# Production
npm startServer runs on http://localhost:3000 (or custom PORT from .env)
- Register/Login: Navigate to
http://localhost:3000/teacher-auth.html - Create Quiz: Click "New Quiz" β Enter title, description, and passing score
- Add Questions:
- Manually: Use "Add Question" form with 4 options and correct answer
- AI-Generated: Use "Generate Questions" with topic, difficulty, and depth
- Manage Access: Generate access codes with optional expiration dates
- View Results: Check student performance, scores, and statistics
- Access Quiz: Go to
http://localhost:3000/student-access.html - Enter Code: Input the access code provided by teacher
- Take Quiz: Answer all questions (use arrow keys to navigate)
- Submit: Review and submit your answers
- Download Certificate (if passed): Automatic PDF generation with personalized details
# === SERVER ===
PORT=3000 # Server port
NODE_ENV=development # development, staging, or production
# === DATABASE (MySQL) ===
DB_HOST=localhost # MySQL host/IP
DB_PORT=3306 # MySQL port (default shown)
DB_USER=root # MySQL username
DB_PASS=your_password # MySQL password (leave empty if no password)
DB_NAME=quiz_db # Database name
# === AI INTEGRATION ===
ASI_API_KEY=your_key_here # Get from https://asi1.ai (free tier available)
# === SECURITY ===
CERT_TOKEN_SECRET=random-string # HMAC secret - generate with: openssl rand -hex 32
ALLOWED_ORIGINS=http://localhost:3000,https://yourdomain.com # Comma-separated CORS origins
# === CACHING/SESSIONS (OPTIONAL) ===
REDIS_URL=redis://localhost:6379 # Leave empty to use in-memory fallback
# Format: redis://[:password@]host[:port][/db-number]
# === PROXY ===
TRUST_PROXY=false # Set true if behind nginx/CloudFlare/AWS ALBMSP1-FSD/
βββ server.js # Main Express server & API routes
βββ database_schema.sql # MySQL database DDL
βββ package.json # Dependencies & scripts
βββ .env.example # Environment template
βββ .gitignore # Git ignore rules
βββ README.md # This file
βββ INTERFACE_GUIDE.md # UI/UX documentation
βββ LICENSE # ISC License
βββ architecture-diagram.html # Visual architecture
βββ public/ # Frontend static files
βββ index.html # Landing page
βββ style.css # Global styles
βββ teacher-auth.html # Login/Register page
βββ teacher-auth.js
βββ teacher-dashboard.html # Teacher dashboard
βββ teacher-dashboard.js
βββ quiz-creation.html # Quiz builder
βββ quiz-creation.js
βββ student-access.html # Student code entry
βββ student-access.js
βββ student-quiz.html # Quiz taker interface
βββ student-quiz.js
POST /api/teacher/register Register new teacher account
POST /api/teacher/login Login and get session token
POST /api/teacher/logout Logout and invalidate session
POST /api/quiz/create Create new quiz
DELETE /api/quiz/:quizId Delete quiz
GET /api/teacher/quizzes List teacher's quizzes
GET /api/teacher/stats Get aggregated statistics
POST /api/quiz/:quizId/question Add manual question
DELETE /api/quiz/:quizId/question/:questionId Delete question
GET /api/quiz/:quizId/questions Get all questions
POST /api/quiz/:quizId/generate-questions Generate AI questions
POST /api/quiz/:quizId/access-code Generate access code
GET /api/quiz/:quizId/access-codes List access codes
PATCH /api/access-code/:codeId/toggle Enable/disable code
POST /api/student/access Verify access code
GET /api/quiz/:quizId/student-questions/:accessCodeId Get quiz questions
POST /api/submit-quiz Submit answers
GET /api/certificate/:resultId Download certificate
Authentication: Endpoints requiring authentication use Authorization: Bearer <token> header. Tokens are 64+ character hex strings stored in localStorage/sessionStorage.
- Students cannot resume interrupted quizzes (session storage only)
- No question shuffling/randomization
- Certificate styling is fixed (purple/gold theme)
- No multi-language support
- No question image support
- Database persistence for student progress
- Question bank library and templates
- Advanced analytics dashboard
- Email notifications for access codes
- Question image/media support
- Quiz timer/time limits
- Partial credit scoring
- Mobile app (React Native)
- API documentation (Swagger/OpenAPI)
- Change
CERT_TOKEN_SECRETto random 32-byte hex string - Use HTTPS with valid SSL certificate
- Set
NODE_ENV=production - Enable Redis for distributed sessions
- Configure
ALLOWED_ORIGINSwhitelist (remove localhost) - Set strong MySQL password
- Enable MySQL SSL connections
- Use environment-specific
.envfiles - Review security headers in
server.js - Enable firewall rules
- Regular database backups
- Monitor rate limiting logs
- Use PM2/systemd for process management
- Set up error logging/monitoring
- β Parameterized SQL queries (prevent SQL injection)
- β HTML entity encoding (prevent XSS)
- β bcrypt password hashing (10+ rounds)
- β Rate limiting (configurable by endpoint)
- β HMAC-SHA256 certificate tokens
- β CORS protection
- β Security headers (CSP, X-Frame-Options, etc.)
- β Session expiration (24-hour default)
- β Secure token comparison (timing-safe)
id (INT, PK) | email (VARCHAR, UNIQUE) | password_hash (VARCHAR) | name (VARCHAR) | created_atid (INT, PK) | teacher_id (FK) | title | description | passing_score_percentage | is_active | created_at | updated_atid (INT, PK) | quiz_id (FK) | question_text | option_a | option_b | option_c | option_d | correct_option | created_atid (INT, PK) | quiz_id (FK) | code (VARCHAR, UNIQUE) | expires_at | active | created_atid (INT, PK) | candidate_name | score | total_questions | passed | quiz_id (FK) | access_code_id (FK) | date_takenAll tables include proper indexes for optimal query performance.
-
Teacher Route:
- Register account with unique email
- Create quiz with 3+ questions
- Generate 2 access codes with different expiration dates
- View statistics and results
-
Student Route:
- Use access code to join quiz
- Answer all questions
- Submit and verify scoring
- Download certificate if passed
-
Edge Cases:
- Use expired/disabled access code
- Submit with unanswered questions
- Rapid duplicate submissions
- Invalid data in request bodies
This project is licensed under the ISC License - see the LICENSE file for details.
This project demonstrates proficiency in:
- Backend: Node.js/Express, REST API design, middleware
- Database: MySQL, query optimization, schema design
- Frontend: Vanilla JS, DOM manipulation, session management
- Security: Authentication, encryption, CORS, rate limiting
- DevOps: Environment configuration, error handling, logging
- Full Stack: End-to-end feature implementation
Last Updated: March 2026