Website URL: https://cscloud7-136.lnu.se/ Video URL: https://youtu.be/_C7wtdKoivs
To start the application, simply go to the Website URL above in a browser. The application should be running already at the time of grading. If it for some reason isn't, you'll need to log in to the webserver yourself to start it up. To do so, you'll need to use your own log-in information since I won't be providing mine. The command to log in, through a terminal is '[username]@194.47.177.136 -i [key-file-path]'. When logged in, navigate to /home/ubuntu/b3-production/ and write the command 'NODE_ENV=production pm2 start npm --name main_fun_file_mainJS:3000 -- start'. Everything should be installed on the server, so there should be no need to install anything.
Report: To make the appliction secure through code, I check all webhooks for who posts and also the secret token that is used. If those are not correct, it will not run. I also use enviroment variables for passwords and for tokens, in order to make them invisible to outsiders. To make it safe through server configuration, I have set up https as the only way to view the website and I also have a process manager, pm2, with node in production mode that makes sure that if something should go wrong, there are no error messages shown to the user that they could use, nor does it crash the whole application. Just their application. I am using: Reversed proxy: Nginx is used and it's a type of server that sits in front of the webserver and can do several things, but I use it for handling traffic and redirecting it from port 80 to wherever the application is run. Port 3000 in this case. This can be good to host several things that all should go through the same port and to inspect traffic. Process manager: PM2 is used here and lets applictions run in the background (or lets several applications run, or several instances of the same application while load balancing). It makes management and monitoring easier and makes sure that if one process goes wrong, an application crashes, it doesn't impede other processes and resarts processes. TLS certificates: They are a digital certificate that allows more secure communication (https). It does this by encrypting data and allows websites and users to identify themselves and lets the website use a trusted thrid party to verify its certificate. I used Let's Encrypt and certbot to get this TLS certificate. Environment variables: Enviroment variables are variables which hold certain data, like configuration settings in the system that can be used by processes while keeping them secure from outsiders. That also makes it a good way to store passwords or other sensitive data. They're kept in a file which has a key and also a variable or possibly a path to a file on the computer. What NODE_ENV=production does (as far as I've understood it) is that it makes the error messages simpler/less verbose in order to not leak information to users. I have not special code in my program that uses it though. In my project I used the modules http, socket.io, express, express-session, ejs, path, dotenv and node-fetch. Express, express-session: These are a way to set up a server and sessions with users to communicate. This was the way to start servers that I was the most familiar with. Http, socket.io: http works with express to set up an http server and when used with socket.io, it allows limited communication between the client and server. In this case, it's secure since the server doesn't handle any requests at all and only sends them to the client. Socket.io seemed to be the easiest way to communicate between the client and server to dynamically update the webpage and http was simply needed to make socket.io work. Ejs, path, dotenv: These all have very limited uses. Ejs lets me render ejs files (basically html with built in js). Path lets me navigate paths to handle files. Dotenv lets me handle enviroment variables. I can't think of a way the first to could ever be compromised or be harmful, and dotenv is only server side and to allow other secure measures. I used these because they were the simplest and most available options to do what I wanted and fulfill requirements. Node-fetch: Node-fetch is used to make http requests from node.js applications and use API's. It's very good since it lets me validate responses and easily handle errors. To my knowledge it's also still updated, so should be quite safe. I used node-fetch for it's simplicity and my familiarity. It's also flexible, which is useful. I haven't implemented any optional features. I'm satisfied with the functionality and code of my assingment, since it fulfills requirements and is fairly simple and readable from my perspective. To improve in these areas I could document a bit more and implement new features, but otherwise it's pretty good. Another improvement area is that the application doesn't look very good. It's functional but nothing more. I am however quite bad at design, so it didn't seem worth the time investment. I would say I've learned very little new things regarding the programming of the assignment itself, but I've learned a lot about how to configure applications and set them up in real life scenarios, which is incredibly useful. In this course overall I've learned a lot (everything I know basically) about web development (especially javascript). Not only that, it's also given me a lot of insight into asyncronous programming. I had a a lot of trouble with that early on in the course, but I'm much more comfortable with it now, which I believe will help me in other kinds of programming as well.