ansopedia / user-service

The Ansopedia User Service is a backend service responsible for managing user accounts and authentication within the Ansopedia learning platform. It provides functionalities like authentication & authorization, profile management.
MIT License
5 stars 4 forks source link

FE - Implement Profile Management API #19

Closed sanjaysah101 closed 1 month ago

sanjaysah101 commented 6 months ago

Description:

The current Ansopedia user service lacks a dedicated API for detailed profile management. This limits users' control over their information and visibility.

Proposed Solution:

We propose a comprehensive profile management API within the user service, enabling users to:

Current Scenario:

Currently, we have a GET ...api/v1/users/username API endpoint to fetch user details. We propose extending this functionality by:

Implementation Considerations:

Benefits:

lord-mallik commented 2 months ago

Here are the key consideration points for implementing the profile management API:

Implementation Considerations

  1. Privacy and Access Control:

    • Implement checks for isPublic flag to control profile visibility.
    • Ensure only verified users (when isVerified is true) can perform certain actions or access specific profile details.
    • Restrict access to unverified accounts by showing a relevant message or prompting for verification.
  2. Error Handling:

    • Return a 404 error for non-existent user profiles.
    • Provide clear error messages for actions that are restricted due to privacy settings or verification status.
    • Define standardized error codes and messages for failed updates or retrieval attempts.
  3. Security:

    • Implement authentication and authorization to ensure only authorized users can access or modify profiles.
    • Use HTTPS to protect data during transmission.
    • Perform regular security audits and updates.
  4. Data Validation and Sanitization:

    • Validate all input data (e.g., email format, phone number, etc.) to prevent invalid data entry.
    • Sanitize inputs to prevent SQL injection, XSS, or other malicious attacks.
  5. Scalability:

    • Design the API and database schema to efficiently handle a large number of users and profiles.
    • Optimize queries and consider indexing frequently accessed fields for performance.
  6. Performance Optimization:

    • Minimize response times by optimizing database queries and caching frequently accessed data.
    • Ensure the API can handle concurrent requests without significant performance degradation.
  7. User Experience:

    • Clearly communicate default settings (e.g., isPublic is true) and provide easy options for users to change them.
    • Notify users of changes in their profile status (e.g., after verification) through emails or in-app notifications.
  8. Data Integrity and Consistency:

    • Ensure consistency between user data across different services within Ansopedia.
    • Implement data integrity checks during profile creation and updates.

These considerations will help ensure that the profile management API is robust, secure, and provides a seamless experience for users.

sanjaysah101 commented 1 month ago

To be covered in #60 #61 #62 #63 #64