-
Notifications
You must be signed in to change notification settings - Fork 0
Backend Plan
Switchblade edited this page Jan 24, 2025
·
4 revisions
Rough plan to implement backend and database :
-
Collections and Documents:
-
Users:
- Document ID: User's unique Google ID or email hash.
-
Fields:
-
name: Full name of the student. -
email: User's BITSmail. -
photoUrl: Profile photo URL, scraped from BITSmail. -
subsystem: the subsystem to which they belong. (CNI/Mech/Electrical/Editorial) -
project: array of all projects they've worked on. -
role: Role of the user (e.g., member or POR).
-
-
Inventory:
- Document ID: Unique ID for each inventory item.
-
Fields:
-
name: Item name. -
description: Item description. -
quantity: Total quantity available. -
isLowStock: boolean to see if low in stock or not. -
category: Type of item like motor, board, etc. -
imageUrl: (Optional) URL to an image of the item.
-
-
Requests:
- Document ID: Unique ID for each request.
-
Fields:
-
userId: ID of the user requesting the item. -
itemIds: Array of item IDs requested. -
quantity: array of quantities of corresponding item id's. -
deadline: By when should the person return. -
purpose: string sent by user(mostly purpose) to POR, like additonal details, why you need, etc -
receiveMessage: message sent by POR to requestor. -
timestamp: Date and time of the request. -
status: Status of the request (e.g., pending, approved, rejected). -
approvers: Array of emails of PORs who approved or rejected the request.
-
-
Users:
-
Hash Allowed Emails:
- Use a library like bcrypt or SHA256 to hash the list of allowed emails.
- Store these hashes securely in your Firebase Firestore under a
allowedEmailscollection.
-
Filter Login Emails:
- When a user logs in, hash their Google email and compare it with the hashes in Firestore.
- If the hash exists, allow access; otherwise, reject the login.
- Implement a search query in the
Inventorycollection:- Use Firebase Firestore's
.where()and.orderBy()methods to filter and sort results. - Allow users to search by
name,category, or other fields.
- Use Firebase Firestore's
- Example Query:
const inventoryRef = firebase.firestore().collection('Inventory'); const searchQuery = inventoryRef .where('name', '>=', searchInput) .where('name', '<=', searchInput + '\uf8ff'); const snapshot = await searchQuery.get();
-
Cart Storage:
- Use a local state management solution (e.g., Svelte stores) to temporarily store selected items.
-
Request Submission:
- When the user clicks "Request Items":
- Save a new document in the
Requestscollection with the user ID and item IDs. - Trigger a Cloud Function to send an email to all PORs.
- Save a new document in the
- When the user clicks "Request Items":
-
Using Firebase Cloud Functions:
- Write a function that listens to new entries in the
Requestscollection. - Use a transactional email service (e.g., SendGrid, Firebase Extensions) to send email notifications to all PORs.
- Write a function that listens to new entries in the
-
Email Content:
- Include:
- Requester's name and email.
- Requested items with quantities.
- A link to approve/reject.
- Include:
- Create an "Approval Dashboard" for PORs:
- Retrieve pending requests from the
Requestscollection. - Allow PORs to approve/reject requests by updating the
statusfield. - Record approvers in the
approversarray.
- Retrieve pending requests from the
- Fetch the user's details from the
Userscollection:- Display
name,email, andphotoUrl. - Add additional fields like
roleif necessary.
- Display
-
Restrict Access:
- Users can only read/write their own data in the
UsersandRequestscollections. - PORs can read/write all
Requestsdata. - Inventory data can be read by all authenticated users but written only by admins.
- Example Firestore Rule:
match /Users/{userId} { allow read, write: if request.auth.uid == userId; } match /Inventory/{itemId} { allow read: if request.auth != null; allow write: if request.auth.token.role == 'admin'; } match /Requests/{requestId} { allow read, write: if request.auth.uid == resource.data.userId; allow update: if request.auth.token.role == 'POR'; }
- Users can only read/write their own data in the
-
Hashing Emails:
- Use the same hashing algorithm for both stored emails and runtime comparisons.
-
Real-Time Updates:
- Use Firestore's real-time listeners to update search results and request statuses dynamically.
-
Testing:
- Test login, search, and cart flows thoroughly with both member and non-member emails.