--- tags: devtools2022 --- # Final Project **Due: 11 Nov 2022, 12PM** The final project serves as a tool for participants to demonstrate that they have fulfilled all of the learning outcomes specified [here](https://hackmd.io/4pxFJSB6TrOrgMitdeu_IQ?both). For this project, each participant should create a simple full stack app and deploy it **from scratch** on EC2. Here's the requirement for the app: - [x] **Frontend**: simple, CRUD app (single page is preferred) - [x] **Backend**: any database system, runs **locally** on EC2 - [x] Runs over `https` (port 443), - With the assigned domain name obtained during the lesson - Using a self-signed certificates - [x] **Dockerise** frontend and backend - [x] Deploy in the assigned EC2 - [x] Runs reverse-proxy, e.g using: Caddy/Nginx, reachable via specific URI and not plain port number - [x] Utilises **git** to track changes and features during project development Participants are not allowed to use services like DigitalOcean, Heroku, NGROK, AWS Lightsail or other similar services. The apps must be hosted at the given EC2 instance. ## Sample This section gives a simple example of the project. ### Frontend A sample frontend project can be found here: https://natalieagus.net/devtools. This app supports basic CRUD transactions: - Create - Read - Update - Delete ### Backend A sample backend project can be found here: https://natalieagus.net/api/transactions The following table shows overview of the Rest APIs that are supported: | METHOD | URL | Action | | ---- | ---- | ---- | | GET | `"/api/transactions"` | get all Transactions | | POST | `"/api/transactions/create"`| add new Transaction | | PUT | `"/api/transactions/update"`| update existing Transaction identified by `orderID` in the body| | DELETE | `"/api/transactions/delete"`| delete existing Transaction identified by `orderID` | The payload is expected to be in `json` format with the following fields: ```json { "orderDetails": [string], "orderDate": [int], "orderID": [string], "sourceName": [string], "sourceDesc": [string], "amountCrypto": [float], "amount": [int], "cryptoCurrency":[string], "currency": [string], "orderStatus": ["failed"/"pending"/"completed"] } ``` ### Tech Stack - express - mysql2 - next.js - MUI - eslint, prettier - docker - deployed on AWS EC2 ### Demo Run the following `curl` commands to try to communicate with the backend app directly. You can create the corresponding `PUT` and `DELETE` commands accordingly. #### `GET` ```bash= curl -X GET \ 'https://natalieagus.net/api/transactions' \ --header 'Accept: */*' ``` #### `POST` Please replace the `ENTRY-TEST-X` with something else, else you're facing duplicate entry error. ```bash= curl -X POST \ 'https://natalieagus.net/api/transactions/create' \ --header 'Accept: */*' \ --header 'Content-Type: application/json' \ --data-raw '{"orderDetails":"9WDHZ2NW35","orderDate":1665650992,"orderID":"ENTRY-TEST-X","sourceName":"VU8SI56RIT","sourceDesc":"2GFHSIQUML","amountCrypto":3547190000,"amount":7568,"cryptoCurrency":"RAO","currency":"$","orderStatus":"failed"}' ``` ### Submission and README file Your submission should contain a README file detailing: 1. **All** necessary **steps** (required packages, installation, system requirements, how to access the app, etc) for us to redeploy your application in a fresh Ubuntu 22.04 EC2 instance **and**, 2. **How** to access and utilise your app via the internet, and 3. **Two** network security vulnerability that your app might suffer from and offer a possible solution (there's no need to actually do it) in **less** than 800 words, excluding screenshot captions. * You should **clearly** outline the scenario of your app's vulnerability, how the attack might happen, the consequences, and the possible fix explaining how it exactly *handles* the attack. You may write this in markdown format, placed at the **root** directory of your application, one for **frontend** and one for **backend**. You may assume it is the same EC2 instance specs as what was originally given to you in the beginning of this course. * You may assume that it has the same security group * Domain name used is what's already set up during the lesson **Create** a directory called `devtools2022-project` in your `$HOME` directory. **Leave** all your files for submission in this `~/devtools2022-project` directory inside your designated EC2 instances. The instructors and TAs will access these instances after the due date. You will be required to **demonstrate** your project on the **11th of Nov 2022, 2PM**. > If you have any further enquiries, please do not hesitate to contact Natalie at natalie_agus@sutd.edu.sg