dancbarbu / fresh-tech

0 stars 0 forks source link

FRESHTECH-1 BE: User Profile Management #7

Open dancbarbu opened 4 months ago

dancbarbu commented 4 months ago

Acceptance Criteria: Access Profile:

The user should be able to access their profile page after logging in. The profile page should display current details including name, email, and any additional customizable fields like phone number or address.

Update Profile:

The user should be able to edit their profile details such as name, email, phone number, and address. The system should validate the email and other inputs for correctness (e.g., proper email format, valid phone numbers). Changes should be saved immediately upon the user confirming the update action. The user should receive visual confirmation on the screen that their profile has been updated successfully.

Security and Privacy:

Any changes to sensitive information (like email) might require re-verification. Users should be able to update their password. This process should include current password verification, a new password entry, and a password confirmation step.

Integration with API Gateway:

All profile management requests should go through the API Gateway. The Gateway should ensure that requests are authenticated and route them to the appropriate microservice handling user data.

TECHNICAL INFO Frontend (ReactJS):

Use React for the profile management interface, ensuring a responsive and user-friendly UI. Implement forms with validation using Formik and Yup for schema validation. Handle state and side effects with Context API or Redux for managing user data across components. Backend (NodeJS, Microservices):

Develop a microservice specifically for user profile management. This service will handle CRUD operations for user data. Use JSON Web Tokens (JWT) to manage and verify user sessions. Protect endpoints using middleware that checks for valid authentication tokens. Database (MySQL):

Design the users table to include fields for storing user profile information such as phone_number and address. Ensure that any change in the database schema does not disrupt the existing data integrity. API Gateway:

Configure routes for profile management (e.g., GET /api/profile, POST /api/profile/update). Implement rate limiting and monitoring on these endpoints to prevent abuse. Security:

Ensure encrypted communication between the client and server using HTTPS. Use hashing for passwords and sensitive data storage. Implement proper access control to prevent unauthorized users from accessing or modifying another user's profile.

Robert-g18 commented 4 months ago

da

TaniaStefanaPop commented 4 months ago

miau

Dei11 commented 4 months ago

da

AlexC0906 commented 4 months ago

Siuu

balc-tatiana commented 4 months ago

Oui