# Secure Web-Based Voting Application - Technical Documentation

This notebook serves as comprehensive technical documentation for the Secure Web-Based Voting Application. It covers setup, configuration, features, security implementations, and usage examples.

## Table of Contents
1. [Project Overview](#project-overview)
2. [Architecture](#architecture)
3. [Setting Up the Environment](#setting-up-the-environment)
4. [Backend API Usage](#backend-api-usage)
5. [Frontend Implementation](#frontend-implementation)
6. [Security Features](#security-features)
7. [Performance Optimization](#performance-optimization)
8. [Monitoring and Logging](#monitoring-and-logging)
9. [Troubleshooting](#troubleshooting)

## Project Overview

The Secure Web-Based Voting Application is a comprehensive solution designed for secure online voting processes. It implements advanced security measures including end-to-end encryption, multi-factor authentication, and a blockchain-inspired ledger for immutable vote recording.

### Key Features

- **End-to-End Encryption**: Secure data transmission with AES-256 encryption
- **Blockchain-Inspired Ledger**: Immutable vote recording with hash chaining
- **Multi-Factor Authentication**: Enhanced user verification
- **Comprehensive Audit Logging**: Complete traceability of system events
- **Real-time Results**: Live updates of voting statistics
- **Admin Dashboard**: System management and monitoring tools

## Architecture

The application follows a modern client-server architecture with segregated frontend and backend components, containerized for easy deployment.

### Backend Architecture

- **Node.js & Express**: RESTful API framework
- **PostgreSQL**: Secure relational database
- **JWT Authentication**: Secure token-based authentication system
- **Middleware Stack**: Security, validation, and error handling layers

### Frontend Architecture

- **React**: Modern component-based UI library
- **Material UI**: Professional UI component framework
- **React Query**: Data fetching and state management
- **Context API**: Application state management

### System Architecture Diagram

In [None]:
import matplotlib.pyplot as plt
import networkx as nx
from matplotlib.patches import Rectangle

# Create a directed graph
G = nx.DiGraph()

# Add nodes
components = {
    "client": "Client Browser",
    "nginx": "NGINX",
    "frontend": "Frontend (React)",
    "backend": "Backend (Node.js)",
    "db": "PostgreSQL",
    "email": "Email Service"
}

# Add edges
edges = [
    ("client", "nginx"),
    ("nginx", "frontend"),
    ("frontend", "nginx"),
    ("nginx", "backend"),
    ("backend", "nginx"),
    ("backend", "db"),
    ("db", "backend"),
    ("backend", "email")
]

# Add nodes to the graph
positions = {
    "client": (0, 3),
    "nginx": (1, 3),
    "frontend": (2, 4),
    "backend": (2, 2),
    "db": (3, 2),
    "email": (3, 1)
}

# Create figure
plt.figure(figsize=(12, 8))

# Draw nodes
for node, pos in positions.items():
    G.add_node(node, pos=pos)

# Add edges
G.add_edges_from(edges)

# Draw the graph
pos = nx.get_node_attributes(G, 'pos')
nx.draw_networkx_nodes(G, pos, node_size=3000, node_color='skyblue')
nx.draw_networkx_edges(G, pos, width=2, arrowsize=20)
nx.draw_networkx_labels(G, pos, labels=components, font_size=10)

# Add security layers
plt.gca().add_patch(Rectangle((0.5, 0.5), 3, 4, fill=False, linestyle='--', color='red', label='Security Layer'))

plt.axis('off')
plt.title('Secure Web-Based Voting App - System Architecture')
plt.legend(['Security Perimeter (TLS, Firewall, Rate Limiting)'])
plt.tight_layout()
plt.show()

## Setting Up the Environment

This section covers the setup and configuration of the development and production environments for the Secure Web-Based Voting Application.

### Prerequisites

Before you begin, ensure you have the following installed:
- Docker and Docker Compose
- Node.js (v18+)
- PostgreSQL (v14+)
- Git

In [None]:
# Clone the repository
git clone https://github.com/yourusername/Secure-Web-Based-Voting-App.git
cd Secure-Web-Based-Voting-App

# Start all services with Docker Compose
docker-compose up -d

# Check if containers are running
docker-compose ps

### Environment Variables

The application requires specific environment variables for proper operation. Below are the key environment variables for both backend and frontend components:

In [None]:
# Backend .env file example
cat << 'EOF' > ./backend/.env.example
NODE_ENV=development
PORT=3001
DATABASE_URL=postgresql://voting_user:secure_password_2024!@localhost:5432/secure_voting
JWT_SECRET=your_jwt_secret_key_change_in_production
JWT_REFRESH_SECRET=your_refresh_token_secret_key
ENCRYPTION_KEY=your_32_byte_encryption_key_here
EMAIL_USER=your-email@gmail.com
EMAIL_PASS=your-app-password
RATE_LIMIT_WINDOW=15
RATE_LIMIT_MAX=100
EOF

# Frontend .env file example
cat << 'EOF' > ./frontend/.env.example
VITE_API_URL=http://localhost:3001/api
VITE_APP_NAME=Secure Voting Platform
EOF

# Show the environment files
echo "Backend .env example:"
cat ./backend/.env.example
echo -e "\nFrontend .env example:"
cat ./frontend/.env.example

## Backend API Usage

The Secure Web-Based Voting Application exposes a comprehensive RESTful API for various operations. This section demonstrates key API endpoints and their usage.

In [None]:
import requests
import json

# Base URL for API
BASE_URL = "http://localhost:3001/api"

# Authentication examples
def register_user():
    """Register a new user"""
    endpoint = f"{BASE_URL}/auth/register"
    data = {
        "firstName": "John",
        "lastName": "Doe",
        "email": "john.doe@example.com",
        "password": "SecureP@ssw0rd123!",
        "confirmPassword": "SecureP@ssw0rd123!"
    }
    
    response = requests.post(endpoint, json=data)
    return response.json()

def login_user():
    """Login with user credentials"""
    endpoint = f"{BASE_URL}/auth/login"
    data = {
        "email": "john.doe@example.com",
        "password": "SecureP@ssw0rd123!"
    }
    
    response = requests.post(endpoint, json=data)
    return response.json()

# Example response structure
example_login_response = {
    "success": True,
    "data": {
        "user": {
            "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
            "email": "john.doe@example.com",
            "firstName": "John",
            "lastName": "Doe",
            "role": "voter",
            "emailVerified": True,
            "mfaEnabled": False
        },
        "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
        "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
    }
}

print(json.dumps(example_login_response, indent=2))

In [None]:
# Voting API examples
def get_voting_candidates(access_token):
    """Get list of candidates"""
    endpoint = f"{BASE_URL}/voting/candidates"
    headers = {
        "Authorization": f"Bearer {access_token}"
    }
    
    response = requests.get(endpoint, headers=headers)
    return response.json()

def cast_vote(access_token, candidate_id):
    """Cast a vote for a candidate"""
    endpoint = f"{BASE_URL}/voting/vote"
    headers = {
        "Authorization": f"Bearer {access_token}"
    }
    data = {
        "candidateId": candidate_id
    }
    
    response = requests.post(endpoint, json=data, headers=headers)
    return response.json()

# Example response for getting candidates
example_candidates_response = {
    "success": True,
    "data": {
        "candidates": [
            {
                "id": "c1d2e3f4-5678-90ab-cdef-123456789012",
                "name": "Jane Smith",
                "party": "Progressive Party",
                "position": "President",
                "biography": "Jane has 15 years of leadership experience...",
                "photoUrl": "https://example.com/photos/jane-smith.jpg"
            },
            {
                "id": "g1h2i3j4-5678-90ab-cdef-123456789012",
                "name": "Michael Johnson",
                "party": "Liberty Union",
                "position": "President",
                "biography": "Michael is committed to economic reform...",
                "photoUrl": "https://example.com/photos/michael-johnson.jpg"
            }
        ]
    }
}

print(json.dumps(example_candidates_response, indent=2))

## Frontend Implementation

The frontend application is built using React and Material UI, providing a responsive and intuitive user interface. This section demonstrates key frontend components and their interaction with the backend API.

In [None]:
// Example API service implementation (from frontend/src/services/api.js)
import axios from 'axios';

const API_BASE_URL = import.meta.env.VITE_API_URL || 'http://localhost:3001/api';

const api = axios.create({
  baseURL: API_BASE_URL,
  timeout: 10000,
  headers: {
    'Content-Type': 'application/json',
  },
  withCredentials: true, // Include cookies for session management
});

api.interceptors.request.use(
  (config) => {
    const token = localStorage.getItem('accessToken');
    if (token) {
      config.headers.Authorization = `Bearer ${token}`;
    }

    const csrfToken = localStorage.getItem('csrfToken');
    if (csrfToken) {
      config.headers['X-CSRF-Token'] = csrfToken;
    }

    return config;
  },
  (error) => {
    return Promise.reject(error);
  }
);

api.interceptors.response.use(
  (response) => response,
  async (error) => {
    const originalRequest = error.config;

    if (error.response?.status === 401 && !originalRequest._retry) {
      originalRequest._retry = true;

      try {
        const refreshToken = localStorage.getItem('refreshToken');
        if (refreshToken) {
          const response = await api.post('/auth/refresh', {
            refreshToken,
          });

          const { accessToken } = response.data.data;
          localStorage.setItem('accessToken', accessToken);

          originalRequest.headers.Authorization = `Bearer ${accessToken}`;
          return api(originalRequest);
        }
      } catch (refreshError) {
        localStorage.removeItem('accessToken');
        localStorage.removeItem('refreshToken');
        localStorage.removeItem('csrfToken');
        localStorage.removeItem('user');
        
        window.location.href = '/login';
        return Promise.reject(refreshError);
      }
    }

    return Promise.reject(error);
  }
);

In [None]:
// Example React component for Voting Page
import React, { useState, useEffect } from 'react';
import { 
  Container, Typography, Grid, Card, CardContent, 
  CardMedia, Button, CircularProgress, Alert 
} from '@mui/material';
import { votingAPI } from '../services/api';
import { useAuth } from '../context/AuthContext';
import { useNavigate } from 'react-router-dom';

const VotingPage = () => {
  const [candidates, setCandidates] = useState([]);
  const [loading, setLoading] = useState(true);
  const [selectedCandidate, setSelectedCandidate] = useState(null);
  const [voting, setVoting] = useState(false);
  const [error, setError] = useState('');
  const { user } = useAuth();
  const navigate = useNavigate();

  useEffect(() => {
    const fetchCandidates = async () => {
      try {
        const response = await votingAPI.getCandidates();
        setCandidates(response.data.candidates);
      } catch (err) {
        setError('Failed to load candidates. Please try again.');
        console.error('Error loading candidates:', err);
      } finally {
        setLoading(false);
      }
    };

    fetchCandidates();
  }, []);

  const handleVote = async () => {
    if (!selectedCandidate) return;
    
    setVoting(true);
    setError('');
    
    try {
      const response = await votingAPI.castVote(selectedCandidate);
      navigate('/vote/confirmation', { 
        state: { 
          transactionHash: response.data.transactionHash,
          candidate: candidates.find(c => c.id === selectedCandidate)
        }
      });
    } catch (err) {
      setError('Failed to cast vote. Please try again.');
      console.error('Error casting vote:', err);
    } finally {
      setVoting(false);
    }
  };

  if (loading) {
    return (
      <Container sx={{ py: 4, textAlign: 'center' }}>
        <CircularProgress />
        <Typography variant="h6" sx={{ mt: 2 }}>Loading candidates...</Typography>
      </Container>
    );
  }

  return (
    <Container sx={{ py: 4 }}>
      <Typography variant="h4" component="h1" gutterBottom>
        Cast Your Vote
      </Typography>
      
      {error && <Alert severity="error" sx={{ mb: 3 }}>{error}</Alert>}
      
      <Grid container spacing={4}>
        {candidates.map((candidate) => (
          <Grid item key={candidate.id} xs={12} sm={6} md={4}>
            <Card 
              sx={{ 
                height: '100%', 
                display: 'flex', 
                flexDirection: 'column',
                border: selectedCandidate === candidate.id ? '2px solid #1976d2' : 'none'
              }}
              onClick={() => setSelectedCandidate(candidate.id)}
            >
              <CardMedia
                component="img"
                height="200"
                image={candidate.photoUrl || 'https://via.placeholder.com/200'}
                alt={candidate.name}
              />
              <CardContent sx={{ flexGrow: 1 }}>
                <Typography gutterBottom variant="h5" component="h2">
                  {candidate.name}
                </Typography>
                <Typography variant="subtitle1" color="text.secondary">
                  {candidate.party}
                </Typography>
                <Typography variant="body2" color="text.secondary">
                  {candidate.biography}
                </Typography>
              </CardContent>
            </Card>
          </Grid>
        ))}
      </Grid>
      
      <Button
        variant="contained"
        color="primary"
        size="large"
        disabled={!selectedCandidate || voting}
        onClick={handleVote}
        sx={{ mt: 4 }}
      >
        {voting ? <CircularProgress size={24} color="inherit" /> : 'Confirm Vote'}
      </Button>
    </Container>
  );
};

export default VotingPage;

## Security Features

The Secure Web-Based Voting Application implements multiple layers of security to protect voter data, ensure the integrity of votes, and prevent unauthorized access.

### Implemented Security Measures

1. **End-to-End Encryption**
2. **Multi-Factor Authentication**
3. **JWT Authentication with Refresh Tokens**
4. **CSRF Protection**
5. **Rate Limiting**
6. **Input Validation and Sanitization**
7. **Blockchain-Inspired Vote Ledger**
8. **Comprehensive Audit Logging**

In [None]:
// Example of Security Middleware (from backend/src/middleware/security.js)
import crypto from 'crypto';
import { config } from '../config/config.js';

export const securityMiddleware = (req, res, next) => {
  // Add CSRF Protection
  if (req.method !== 'GET' && req.method !== 'HEAD' && req.method !== 'OPTIONS') {
    const csrfTokenFromHeader = req.headers['x-csrf-token'];
    const csrfTokenFromUser = req.cookies.csrfToken;
    
    if (!csrfTokenFromHeader || !csrfTokenFromUser || csrfTokenFromHeader !== csrfTokenFromUser) {
      return res.status(403).json({ success: false, message: 'CSRF token validation failed' });
    }
  }

  // Generate new CSRF token for subsequent requests
  const csrfToken = crypto.randomBytes(32).toString('hex');
  res.cookie('csrfToken', csrfToken, {
    httpOnly: true,
    secure: config.NODE_ENV === 'production',
    sameSite: 'strict',
    maxAge: 24 * 60 * 60 * 1000 // 24 hours
  });

  // Set Security Headers
  res.setHeader('X-Content-Type-Options', 'nosniff');
  res.setHeader('X-Frame-Options', 'DENY');
  res.setHeader('X-XSS-Protection', '1; mode=block');
  
  next();
};

In [None]:
// Example of Blockchain-Inspired Vote Ledger Implementation
import crypto from 'crypto';
import { pool } from '../database/connection.js';

export class VoteLedger {
  // Generate a hash for a new vote block
  static generateVoteHash(previousHash, voterHash, candidateId, timestamp) {
    const data = `${previousHash}${voterHash}${candidateId}${timestamp}`;
    return crypto.createHash('sha256').update(data).digest('hex');
  }
  
  // Add a new vote to the blockchain-inspired ledger
  static async addVote(voterHash, candidateId) {
    const client = await pool.connect();
    
    try {
      await client.query('BEGIN');
      
      // Get the last block in the chain
      const lastBlockResult = await client.query(
        'SELECT hash FROM vote_blocks ORDER BY timestamp DESC LIMIT 1'
      );
      
      // Use genesis hash if no previous block exists
      const previousHash = lastBlockResult.rows.length > 0 
        ? lastBlockResult.rows[0].hash 
        : 'genesis_block_hash';
      
      const timestamp = new Date().toISOString();
      const newBlockHash = this.generateVoteHash(previousHash, voterHash, candidateId, timestamp);
      
      // Insert the new vote block
      const insertResult = await client.query(
        `INSERT INTO vote_blocks (hash, previous_hash, voter_hash, candidate_id, timestamp) 
         VALUES ($1, $2, $3, $4, $5) RETURNING id, hash`,
        [newBlockHash, previousHash, voterHash, candidateId, timestamp]
      );
      
      // Update the candidate's vote count
      await client.query(
        'UPDATE candidates SET vote_count = vote_count + 1 WHERE id = $1',
        [candidateId]
      );
      
      await client.query('COMMIT');
      
      return {
        blockId: insertResult.rows[0].id,
        transactionHash: insertResult.rows[0].hash
      };
    } catch (error) {
      await client.query('ROLLBACK');
      throw error;
    } finally {
      client.release();
    }
  }
  
  // Verify the integrity of the blockchain
  static async verifyChain() {
    const client = await pool.connect();
    
    try {
      // Get all blocks ordered by timestamp
      const result = await client.query(
        'SELECT hash, previous_hash, voter_hash, candidate_id, timestamp FROM vote_blocks ORDER BY timestamp ASC'
      );
      
      const blocks = result.rows;
      
      // If there are no blocks, the chain is valid (empty)
      if (blocks.length === 0) {
        return { valid: true };
      }
      
      // Check the integrity of each block by recalculating its hash
      for (let i = 1; i < blocks.length; i++) {
        const currentBlock = blocks[i];
        const previousBlock = blocks[i - 1];
        
        // The previous hash in current block should match the actual hash of the previous block
        if (currentBlock.previous_hash !== previousBlock.hash) {
          return {
            valid: false,
            invalidBlockIndex: i,
            reason: 'Previous hash mismatch'
          };
        }
        
        // Recalculate the hash of the current block to ensure it hasn't been tampered with
        const calculatedHash = this.generateVoteHash(
          currentBlock.previous_hash,
          currentBlock.voter_hash,
          currentBlock.candidate_id,
          currentBlock.timestamp
        );
        
        if (calculatedHash !== currentBlock.hash) {
          return {
            valid: false,
            invalidBlockIndex: i,
            reason: 'Block hash mismatch'
          };
        }
      }
      
      // All blocks verified successfully
      return { valid: true };
    } finally {
      client.release();
    }
  }
}

## Performance Optimization

The application implements various performance optimizations to ensure efficient operation even under heavy load. This section outlines key optimization strategies implemented in the system.

### Backend Performance Strategies

1. **Database Connection Pooling**: Efficient management of database connections to reduce connection overhead.
2. **Response Compression**: Using compression middleware to reduce payload size.
3. **Efficient Query Design**: Optimized database queries with proper indexing.
4. **Caching**: Implementing strategic caching for frequently accessed data.
5. **Rate Limiting**: Preventing system overload from excessive requests.

### Frontend Performance Strategies

1. **Code Splitting**: Loading only necessary code for each route.
2. **Lazy Loading**: Deferring loading of non-critical components.
3. **Asset Optimization**: Compressing and optimizing static assets.
4. **Virtual List Rendering**: Efficient rendering of large data lists.
5. **Memoization**: Reducing redundant calculations with React's memo and useMemo.

### Production Deployment Optimizations

1. **Docker Container Optimization**: Efficient containerization for reduced resource consumption.
2. **Load Balancing**: Distribution of traffic across multiple instances.
3. **CDN Integration**: Serving static assets through content delivery networks.
4. **Database Sharding**: Horizontal scaling of the database for high-load scenarios.

## Monitoring and Logging

Effective monitoring and logging are essential for maintaining the security and performance of the voting application. This section outlines the implemented monitoring and logging strategies.

In [None]:
// Example Logging Implementation (from backend/src/utils/logger.js)
import winston from 'winston';
import { config } from '../config/config.js';

// Define log format
const logFormat = winston.format.combine(
  winston.format.timestamp({ format: 'YYYY-MM-DD HH:mm:ss' }),
  winston.format.errors({ stack: true }),
  winston.format.splat(),
  winston.format.json()
);

// Create a Winston logger
const logger = winston.createLogger({
  level: config.NODE_ENV === 'production' ? 'info' : 'debug',
  format: logFormat,
  defaultMeta: { service: 'secure-voting-api' },
  transports: [
    // Console logging
    new winston.transports.Console({
      format: winston.format.combine(
        winston.format.colorize(),
        winston.format.printf(({ level, message, timestamp, ...meta }) => {
          return `${timestamp} ${level}: ${message} ${
            Object.keys(meta).length ? JSON.stringify(meta, null, 2) : ''
          }`;
        })
      ),
    }),
    
    // File logging - separate files for each log level
    new winston.transports.File({ 
      filename: 'logs/error.log', 
      level: 'error',
      maxsize: 10485760, // 10MB
      maxFiles: 5
    }),
    new winston.transports.File({ 
      filename: 'logs/combined.log',
      maxsize: 10485760, // 10MB
      maxFiles: 5
    })
  ]
});

// Create a security logger for sensitive operations
const securityLogger = winston.createLogger({
  level: 'info',
  format: logFormat,
  defaultMeta: { service: 'secure-voting-security' },
  transports: [
    new winston.transports.Console({
      format: winston.format.combine(
        winston.format.colorize(),
        winston.format.printf(({ level, message, timestamp, ...meta }) => {
          return `${timestamp} ${level}: [SECURITY] ${message} ${
            Object.keys(meta).length ? JSON.stringify(meta, null, 2) : ''
          }`;
        })
      ),
    }),
    new winston.transports.File({ 
      filename: 'logs/security.log',
      maxsize: 10485760, // 10MB
      maxFiles: 10
    })
  ]
});

// Add environment-specific logging
if (config.NODE_ENV === 'production') {
  // Could add remote logging service integration here
  // Example: Sentry, LogDNA, Datadog, etc.
}

export { logger, securityLogger };

In [None]:
// Example Audit Logger Middleware (from backend/src/middleware/auditLogger.js)
import { securityLogger } from '../utils/logger.js';

export const auditLogger = (req, res, next) => {
  // Skip logging for health check endpoint
  if (req.path === '/health') {
    return next();
  }

  // Generate a unique request ID
  const requestId = req.headers['x-request-id'] || 
                   `req-${Math.random().toString(36).substring(2, 15)}`;
                   
  // Set request start time
  req.auditData = {
    requestId,
    startTime: Date.now(),
    userId: req.user ? req.user.id : 'unauthenticated',
    userRole: req.user ? req.user.role : 'none',
    method: req.method,
    path: req.path,
    ip: req.ip,
    userAgent: req.get('user-agent') || 'unknown'
  };
  
  // Log the request
  securityLogger.info('API Request', {
    requestId,
    userId: req.auditData.userId,
    method: req.method,
    path: req.path,
    ip: req.ip,
    userAgent: req.auditData.userAgent
  });
  
  // Capture the response data
  const originalSend = res.send;
  res.send = function(body) {
    res.responseBody = body;
    return originalSend.call(this, body);
  };
  
  // Log the response after completion
  res.on('finish', () => {
    const responseTime = Date.now() - req.auditData.startTime;
    
    // Don't log sensitive data
    const logData = {
      requestId: req.auditData.requestId,
      userId: req.auditData.userId,
      method: req.method,
      path: req.path,
      statusCode: res.statusCode,
      responseTime,
    };
    
    // Log detailed information for security-related events
    if (
      req.path.includes('/auth') ||
      req.path.includes('/admin') ||
      req.path.includes('/voting/vote') ||
      res.statusCode >= 400
    ) {
      securityLogger.info('API Response', logData);
      
      // For security events, save to the audit_logs table
      if (req.auditData.userId !== 'unauthenticated') {
        try {
          // Here we would save to the database
          // This is just an example - actual implementation would use a service
          /*
          await auditLogService.create({
            user_id: req.auditData.userId,
            action: `${req.method} ${req.path}`,
            details: JSON.stringify(logData),
            status: res.statusCode < 400 ? 'success' : 'failure',
            ip_address: req.ip,
            user_agent: req.auditData.userAgent
          });
          */
        } catch (error) {
          securityLogger.error('Failed to save audit log', { 
            error: error.message,
            requestId: req.auditData.requestId 
          });
        }
      }
    }
  });
  
  next();
};

## Troubleshooting

This section provides solutions for common issues that may occur during setup or operation of the Secure Web-Based Voting Application.

### Common Issues and Solutions

#### Database Connection Issues

**Issue**: Backend cannot connect to PostgreSQL database
**Solution**:
1. Verify that the PostgreSQL service is running: `docker-compose ps`
2. Check database credentials in the .env file
3. Ensure the database has been properly initialized: `docker-compose exec database psql -U voting_user -d secure_voting -c '\dt'`

#### Authentication Problems

**Issue**: Users cannot log in or receive unauthorized errors
**Solution**:
1. Verify JWT secrets in the .env file
2. Check if tokens are being properly stored in localStorage
3. Ensure CORS settings allow requests from the frontend domain
4. Verify that cookies are being properly set (check sameSite and secure attributes)

#### Docker Setup Issues

**Issue**: Docker containers fail to start or communicate with each other
**Solution**:
1. Check network configuration in docker-compose.yml
2. Verify that ports are not already in use: `netstat -tuln`
3. Ensure volumes are properly mounted
4. Check container logs: `docker-compose logs -f backend`

In [None]:
# Diagnostic Commands for Troubleshooting

# Check Docker containers status
docker-compose ps

# View container logs
docker-compose logs -f backend
docker-compose logs -f frontend
docker-compose logs -f database

# Database diagnostic commands
docker-compose exec database psql -U voting_user -d secure_voting -c '\dt'
docker-compose exec database psql -U voting_user -d secure_voting -c 'SELECT COUNT(*) FROM users'

# Check backend health endpoint
curl http://localhost:3001/health

# Restart specific services
docker-compose restart backend
docker-compose restart frontend

## Conclusion

This technical documentation notebook provides a comprehensive guide to the Secure Web-Based Voting Application. The application implements industry-standard security practices, efficient performance optimizations, and a robust architecture to ensure secure and reliable electronic voting.

Key takeaways:

1. **Security First Approach**: The application prioritizes security through multiple layers of protection.
2. **Modern Architecture**: Separation of concerns with dedicated frontend, backend, and database components.
3. **Scalable Design**: Containerized architecture allows for easy deployment and scaling.
4. **Comprehensive Monitoring**: Detailed logging and monitoring for security and performance.

For additional resources and updates, please refer to the project repository and related documentation.