Closed benjaminsunliu closed 1 week ago
The server.js is a lot more clean and less cluttered. It is now more readable with all the endpoints being put into their own file based on functionality. It makes it more maintainable at the same time. Good comments indicating which route is being used. Functionality seems to be maintained (nice)
Having the jwt secret key exposed in server.js, authenticateToken,js and authentication.js is a vulnerability to be considered.
Consider adding missing tests later on.
Overall, the server refactoring seems really good.
Summary
Backend routes have been refactor to different units for easier maintainability.
Detailed Summary
This pull request includes significant updates to the backend of the application, adding new middleware, models, and routes to enhance authentication, user management, and team functionalities. The most important changes are summarized below:
Middleware Enhancements:
authenticateToken
middleware to verify JWT tokens and attach user information to the request object (backend/middleware/authenticateToken.js
).isInstructor
middleware to restrict access to instructor-specific routes (backend/middleware/isInstructor.js
).Model Additions:
Rating
model to store student ratings with fields for cooperation, conceptual contribution, practical contribution, work ethic, and comments (backend/models/rating.js
).Student
model to store student details including first name, last name, email, student ID, and phone number (backend/models/student.js
).Team
model to manage team details including team name, instructor ID, and members (backend/models/team.js
).User
model with password hashing middleware to store user details and manage authentication (backend/models/user.js
).Route Implementations:
backend/routes/authentication.js
).backend/routes/createAccount.js
).authenticateToken
andisInstructor
middleware (backend/routes/createTeam.js
).backend/routes/get-teams.js
).backend/routes/instructor-rating.js
).nodemailer
(backend/routes/reset-password.js
).Dependency Updates:
nodemailer
package to handle email notifications for password reset functionality (backend/package-lock.json
,backend/package.json
). [1] [2]These changes collectively enhance the backend capabilities, providing robust user authentication, role-based access control, and comprehensive team and rating management functionalities.