radziel/spotlightcam
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0e5dc34cbfcc0e58288b86e838760be35083060b
spotlightcam/backend
History
Radosław Gierwiało a6e4981f17 fix: prevent bypassing event check-in via page refresh 
Users could gain unauthorized access to event chats by refreshing the page after leaving an event. The socket handler was automatically creating participation records when users joined rooms, completely bypassing the QR code check-in requirement. This fix verifies that users have legitimately checked in before allowing socket room access.
2025-11-14 14:36:49 +01:00
..
prisma
feat: add QR code event check-in system
2025-11-14 14:11:24 +01:00
src
fix: prevent bypassing event check-in via page refresh
2025-11-14 14:36:49 +01:00
.env.example
security: implement CRITICAL and MEDIUM security fixes with environment profiles
2025-11-13 16:39:27 +01:00
.env.production.example
fix: AWS SES configuration and email verification flow
2025-11-13 18:59:28 +01:00
.gitignore
feat: add backend setup with Express and unit tests
2025-11-12 21:42:52 +01:00
docker-entrypoint.sh
build: add Docker entrypoint scripts for automated setup
2025-11-14 13:35:10 +01:00
Dockerfile
build: add Docker entrypoint scripts for automated setup
2025-11-14 13:35:10 +01:00
package-lock.json
security: implement CRITICAL and MEDIUM security fixes with environment profiles
2025-11-13 16:39:27 +01:00
package.json
security: implement CRITICAL and MEDIUM security fixes with environment profiles
2025-11-13 16:39:27 +01:00
README.md
feat: add backend setup with Express and unit tests
2025-11-12 21:42:52 +01:00

README.md

spotlight.cam Backend

Node.js + Express backend for spotlight.cam - P2P video exchange app for dance events.

Features

  • Express REST API
  • CORS enabled
  • Health check endpoint
  • Error handling
  • Unit tests (Jest + Supertest)
  • PostgreSQL integration (planned)
  • JWT authentication (planned)
  • Socket.IO for real-time chat (planned)
  • WebRTC signaling (planned)

API Endpoints

Health Check

  • GET /api/health - Backend health status

Future Endpoints

  • POST /api/auth/register - Register new user
  • POST /api/auth/login - Login user
  • GET /api/users/me - Get current user
  • GET /api/events - List events
  • POST /api/matches - Create match
  • POST /api/ratings - Rate partner

Development

Install dependencies

npm install

Run in development mode

npm run dev

Run tests

npm test

Run tests in watch mode

npm run test:watch

Run in production mode

npm start

Environment Variables

Create a .env file (see .env.example):

NODE_ENV=development
PORT=3000
CORS_ORIGIN=http://localhost:8080

Project Structure

backend/
├── src/
│   ├── __tests__/          # Unit tests
│   │   └── app.test.js
│   ├── routes/             # API routes (future)
│   ├── controllers/        # Business logic (future)
│   ├── middleware/         # Custom middleware (future)
│   ├── utils/              # Helper functions (future)
│   ├── app.js              # Express app setup
│   └── server.js           # Server entry point
├── .env                    # Environment variables (gitignored)
├── .env.example            # Environment variables template
├── package.json
└── Dockerfile

Testing

Tests are written using:

  • Jest - Test framework
  • Supertest - HTTP assertions

Run tests:

npm test

Current test coverage:

  • Health check endpoint
  • 404 error handling
  • CORS configuration
  • JSON body parsing

Docker

Build and run with Docker Compose (from project root):

docker compose up --build

Backend will be available at:

Next Steps

  1. Basic Express setup
  2. Health check endpoint
  3. Unit tests
  4. PostgreSQL connection
  5. Database schema and migrations
  6. Authentication (JWT + bcrypt)
  7. Socket.IO for real-time chat
  8. WebRTC signaling

License

TBD