Skip to content

Backend Plan

Switchblade edited this page Jan 24, 2025 · 4 revisions

Rough plan to implement backend and database :


Database Structure (Firebase Firestore)

  1. Collections and Documents:
    • Users:
      • Document ID: User's unique Google ID or email hash.
      • Fields:
        • name: Full name of the student.
        • email: User's BITSmail.
        • photoUrl: Profile photo URL, scraped from BITSmail.
        • subsystem : the subsystem to which they belong. (CNI/Mech/Electrical/Editorial)
        • project : array of all projects they've worked on.
        • role: Role of the user (e.g., member or POR).
    • Inventory:
      • Document ID: Unique ID for each inventory item.
      • Fields:
        • name: Item name.
        • description: Item description.
        • quantity: Total quantity available.
        • isLowStock: boolean to see if low in stock or not.
        • category: Type of item like motor, board, etc.
        • imageUrl: (Optional) URL to an image of the item.
    • Requests:
      • Document ID: Unique ID for each request.
      • Fields:
        • userId: ID of the user requesting the item.
        • itemIds: Array of item IDs requested.
        • quantity : array of quantities of corresponding item id's.
        • deadline : By when should the person return.
        • purpose : string sent by user(mostly purpose) to POR, like additonal details, why you need, etc
        • receiveMessage : message sent by POR to requestor.
        • timestamp: Date and time of the request.
        • status: Status of the request (e.g., pending, approved, rejected).
        • approvers: Array of emails of PORs who approved or rejected the request.

Implementation Plan

1. User Authentication and Filtering

  • Hash Allowed Emails:
    • Use a library like bcrypt or SHA256 to hash the list of allowed emails.
    • Store these hashes securely in your Firebase Firestore under a allowedEmails collection.
  • Filter Login Emails:
    • When a user logs in, hash their Google email and compare it with the hashes in Firestore.
    • If the hash exists, allow access; otherwise, reject the login.

2. Inventory Search

  • Implement a search query in the Inventory collection:
    • Use Firebase Firestore's .where() and .orderBy() methods to filter and sort results.
    • Allow users to search by name, category, or other fields.
  • Example Query:
    const inventoryRef = firebase.firestore().collection('Inventory');
    const searchQuery = inventoryRef
      .where('name', '>=', searchInput)
      .where('name', '<=', searchInput + '\uf8ff');
    const snapshot = await searchQuery.get();

3. Cart and Request Flow

  • Cart Storage:
    • Use a local state management solution (e.g., Svelte stores) to temporarily store selected items.
  • Request Submission:
    • When the user clicks "Request Items":
      • Save a new document in the Requests collection with the user ID and item IDs.
      • Trigger a Cloud Function to send an email to all PORs.

4. Email Notifications to PORs

  • Using Firebase Cloud Functions:
    • Write a function that listens to new entries in the Requests collection.
    • Use a transactional email service (e.g., SendGrid, Firebase Extensions) to send email notifications to all PORs.
  • Email Content:
    • Include:
      • Requester's name and email.
      • Requested items with quantities.
      • A link to approve/reject.

5. Approval System

  • Create an "Approval Dashboard" for PORs:
    • Retrieve pending requests from the Requests collection.
    • Allow PORs to approve/reject requests by updating the status field.
    • Record approvers in the approvers array.

6. Profile Page

  • Fetch the user's details from the Users collection:
    • Display name, email, and photoUrl.
    • Add additional fields like role if necessary.

Security Rules

  1. Restrict Access:
    • Users can only read/write their own data in the Users and Requests collections.
    • PORs can read/write all Requests data.
    • Inventory data can be read by all authenticated users but written only by admins.
    • Example Firestore Rule:
      match /Users/{userId} {
        allow read, write: if request.auth.uid == userId;
      }
      match /Inventory/{itemId} {
        allow read: if request.auth != null;
        allow write: if request.auth.token.role == 'admin';
      }
      match /Requests/{requestId} {
        allow read, write: if request.auth.uid == resource.data.userId;
        allow update: if request.auth.token.role == 'POR';
      }

Additional Notes

  • Hashing Emails:
    • Use the same hashing algorithm for both stored emails and runtime comparisons.
  • Real-Time Updates:
    • Use Firestore's real-time listeners to update search results and request statuses dynamically.
  • Testing:
    • Test login, search, and cart flows thoroughly with both member and non-member emails.

Clone this wiki locally