HackMyCart
The most hackable Web Shop!
How to use
Prepare development environment
- Install node.js
sudo apt install npm
# If outdated version:
sudo npm install -g n
sudo n stable
- Download + extract the project
- Open the root folder with VS Code (recommended)
- Open the bash inside VS Code, navigate to the
software/folder and install all necessary packages:
npm i
Test/development
There are multiple commands to test parts or the whole project:
npm run dev: Starts the Vue frontend onlynpm run server: Starts the ExpressJs backend onlynpm run serve: Starts front- and backend
The frontend runs on http://localhost:5173/ and the backend on http://localhost:3000/
Compile for production
TODO
Exercises
Group 0
Exercise 1
Solution: Create an account by click on the Account symbol (top right) -> Button "Create a new Account" -> "Create Account"
Group 3
Exercise 1
Solution: http://localhost:5173/events?city=Hannover&genre=<iframe src="javascript:alert(xss)"> or http://localhost:5173/events?city=<iframe src="javascript:alert(xss)">
Structure
Database
Backend API endpoints
The application host it's data in a SQLite database. The access is managed by an ExpressJs server which offers many REST-API endpoints for the frontend. The REST-API server runs on port 3000.
Listing existing
GET /events?city=cityName&genre=genreName&count=nrOfItems&sort=sortDirection (Get all events, filtered by city and genre)
Parameters
name type data type description cityNameoptional string Name of the city to filter for genreNameoptional string Name of the genre to filter for nrOfItemsoptional number Limits number of results sortDirectionoptional string Sort by number of concerts, 'asc' or 'desc'
Responses
http code content-type response 200application/jsonArray<Event + Array<Concert + Location + City> + Band & Genre>
GET /locations?count=nrOfItems&sort=sortDirection (Get all locations)
Parameters
name type data type description nrOfItemsoptional number Limits number of results sortDirectionoptional string Sort by number of concerts, 'asc' or 'desc'
Responses
http code content-type response 200application/jsonArray<Location + City + Array<Concert + Event>>
Down here: todo!
GET /bands (Get all bands)
Parameters
None
Responses
http code content-type response 200application/jsonArray<Band>
GET /bands/:id (Get all information about one band)
Parameters
name type data type description idrequired string ID of product in the database
Responses
http code content-type response 200application/jsonBand+Array<Rating>+Array<Member>
GET /shows/:id (Get all information about one show)
Parameters
name type data type description idrequired string ID of product in the database
Responses
http code content-type response 200application/jsonShow+Tour+Location+City
GET /tours (Get all tours)
Parameters
None
Responses
http code content-type response 200application/jsonArray<Tours>+Band+Show+Location+City
GET /genres (Get all genres)
Parameters
None
Responses
http code content-type response 200application/jsonArray<Genre>
GET /orders/:id (Get all orders of an user)
Parameters
name type data type description idrequired string ID of userAccount in the database
Responses
http code content-type response 200application/jsonProductModel+Order,OrderItem,Product
GET /categories/ (Get all Categories)
Parameters
None
Responses
http code content-type response 200application/jsonArray<Categories>
GET /brands (Get all Brands)
Parameters
None
Responses
http code content-type response 200application/jsonArray<Brand>
Creating new
POST /accounts/ (Create a new account)
Parameters
name type data type description None required object (JSON) Model of an Account
Responses
http code content-type response 201application/jsonAccountModel400application/json{code: 400, message: "Username too short!"}400application/json{code: 400, message: "Password too short!"}409application/json{code: 409, message: "Username already in use"}
POST /orders/ (Create a new order)
Parameters
name type data type description None required object (JSON) Model of an Order
Responses
http code content-type response 201application/jsonOrderModel
Updating existing
PATCH /accounts/ (Update data of an existing account)
Parameters
name type data type description None required object (JSON) Model of an Account
Responses
http code content-type response 200application/jsonAccountModel 400application/json{code: 400, message: "..."}
Delete existing
Miscs
GET /api/ (Check if server runs)
Parameters
None
Responses
http code content-type response 200None None
GET /resetDatabase/ (Reset the database to it's default values)
Parameters
None
Responses
http code content-type response 200None None
Validate
POST /accounts/login (Login for user)
Parameters
name type data type description username required string Username of the account password required string Password of the account
Responses
http code content-type response 200application/jsonAccountObject+Addresses,Payments,AccountRole400application/json{code: 400, message: "Bad Request"}401application/json{code: 401, message: "Unauthorized"}