report.txt

CSC309 H1 F
Presented to: Mashiyat Ahmed Shah

Project title: Comc

Joseph Cruz - c4cruzjo
Samuel Ko - c2kosamu
Benjamin Feder - g5federb
Caitlin Guse - c3guseca


Comc is a space where individuals can share comic books with one another. Comc can be accessed via 'http://comc.herokuapp.com/'.

Users can create profiles and choose their favourite genres of comics via the signup page. Users are also able to login through the index page using their credentials. Users are also able to log in through Facebook from the index page. Once users are logged in, they are able to upload any number of comic books to their account through the add comic page. The navigation bar at the top of the window, allows users to quickly add comics, view their profile, or logout as well.

Users are able to edit their profile information and preferences (via the edit page, accessed through their profile page). Admin users are able to edit other users' profiles or delete users (as long as these users are not admins/superadmins themselves). The superadmin, the first user in the database, has the ability to make other users admins (and revoke admin rights), and has all of the privileges as normal admins. Administrative privileges can be exercised by admin accounts when viewing other users' profiles.

Users can search for a desired user or comic book (through the search bar at the homepage or through the search page). Users will be sorted based on their rating, while comics will be sorted based on the user's genre preferences and the comics' ratings. Users can also view a list of recommendations based on their preferences (on the homepage). Once a comic book is chosen, listings can be used to allow the user to find and contact another user who has the desired comic book (through reading and writing messages, accessed through a user's profile). The user who has the comic book can then decide to rent the comic out to the other user (through a button on the message page). Users can rate and comment on other users based on the manner in which they provided the comic book or the nature of their interaction. These can be accessed through the write review button in a user's profile. Users are also able to read reviews on other users to help them in determining whether or not to contact them or not. Similarly, users can also rate and review comic books based on their enjoyment of the content, accessed through the specific comic's page. 

Overall, Comc provides a service that is tailored to comic book enthusiasts. This prevents users from having to navigate through more general websites that may contain books of any nature. 

Two security vulnerabilities have been taken care of in this web application. The first vulnerability is authentication. Users are only able to login if they know the password of their account. Passwords are also encrypted and stored in the back-end with the bcrypt-nodejs module. Users can also be authenticated through logging in via Facebook (this is done through use of passport and passport-facebook). The application also tries to prevent DoS attacks. This is done through the use of the toobusy module, which blocks requests when the server is too busy with requests.

Performance was could not be fully tested. Performance testing would have involved checking the average times of each request (logged to the console by the application) and trying to minimize them in the code (by making it more efficient).

Testing of the application could only be done manually within the time constraints. Several test cases were created for each feature that was implemented, and they were tested against. Bugs were dealt with when these test cases failed. If time permitted, testing would have been done using Mocha. A sample file (test.js) can be found in the following folder: 'a5/comc/test/'