# Technology Stack and Tools

## 1. ExpressJs

## 2. MongoDB & Mongoose


# Security

## 1. Authentication

- We Decided to Use JSON Web Tokens (JWT) a different approach to the traditional cookies/sessions

### Used Libraries :

- jsonwebtoken

<img href="img/auth.png">


In [None]:
# show authrized route
import  requests

url = "https://wellnesshub.onrender.com/api/v1";
body= {
	"seller": "6670d59acb32f53577025746",# fake user data
	"title": "Fake titel",
	"description": "Fake description",
		"images": [],
	"ingredients":[ ],
	"category":"appetizers",
    "price": 9999
}

res = requests.post(url+ "/meals", data=body)

if(res.status_code==401):
    raise Exception("401 NOT AUTHORIZED")


## 2. DDOS

We are using rate-limiting middleware to limit repeated requests to public APIs and/or endpoints such as registration

### Used Libraries :

- express-rate-limit

<img href="img/rate.png">

### Let's try:


In [None]:
!npm run ddos

# API tree

<div style="text-align: center;">
<img src="img/apis.png" width=1000>
</div>


# Tooling

<div style="text-align: center;">
<img src="img/insomania.png" width=800>
</div>


# Logging System

- Logging is Crucial for Observability and System reliability


<div style="text-align: center;">
<img src="img/loggin.png" width=1000>
</div>



# Error Handling

- we collect all the errors that occur in the backend and handle it in a special error handling middleware that takes care of logging the error and sends the response containing the error message to the user.

```js
app.use((err, req, res, next) => {
  const statusCode = err.statusCode || res.statusCode || 500;
  logger.error(
    `error: ${err.message}, code: ${statusCode}, type: ${err.type || "na"}`
  );
  res.status(statusCode).send({ error: err.message });
});
```

- And We wrote our own custom erro handling to help us track and log the different types of erros that occur in the code

```js
class CustomError extends Error {
  constructor(msg, type, statusCode) {
    super(msg);
    this.type = type;
    this.statusCode = statusCode;
  }
}
```

and defined our own ErrorTypes which masks the error messaga that gets logged in the final error middleware

```js
const ErrorTypes = module.exports;

ErrorTypes.AuthError = "Authentication Error";

ErrorTypes.ServerError = "Server Error";

ErrorTypes.UnAuthorizedAccess = "unauthorized access Error";

ErrorTypes.NotFoundError = "Not found Error";

ErrorTypes.BadRequestError = "Bad Request";

ErrorTypes.Conflict = "Confilct";

ErrorTypes.UnprocessableEntity =
  "The server was unable to process the request because it contains invalid data";
```


# Unit tests


In [None]:
!npm test

# Production Pipeline

<!-- ![alt text](img/pipline.png) -->

<div style="text-align: center;">
<img src="img/pipline.png" width=1000>
</div>

## Triggering github action to run

In [None]:
!touch test.txt && git add . && git commit -m "should trigger actions to build"

In [None]:
!docker build -t ahmedzein/wellness ../

In [None]:
!docker image ls | grep -E 'REPOSITORY|ahmedzein/wellness'

# Deployment

We use docker to containerize our app and host our app image on docker hub which provides a hook which is used to trigger Render our cloud service to use the latest snapshot on docker-Hub.

<div style="text-align: center;">
<img src="img/archi.png" width=700>
</div>


# Disclaimer

This is the effort of real human beings and all is done without chaggpt or any other LLMs
