bradtraversy / proshop-v2 Goto Github PK

Hello to all of you! I want to say thanks to @bradtraversy for updating this wonderful and great course / repo.
It's great to see some improvements to be made but of course, everyone would like to see even more features to make it a full fledged e-commerce site that is great, redundant, and is ultimately safer and has a great UI. Ever since the first course, I have been making small tweaks here, minor tweaks there, and was really expecting for great features such as:

• Better Authentication such as Auth0 which allows for users to sign in with just a click with Options such as Google. I have this option of Sign In With Google, with the authentication from this course using passport, but having everything in a very secure and centralized platforms such as Auth0 will be such a great thing to do, especially for something such as an e-commerce store that needs to store sensitive information. Maybe even switching the project to FireBase might even be a better option. Also, things such as Email Verification for Sign Ups, as I've done is something that is missed here.

• Payment before order is placed is crucial to not have orders that will be empty and not be paid ever. For this case, I switched from PayPal and I am using Stripe and have moved the placement of screens. Stripe is great and allows for the Payment be done securely

• Using a Shipping API such as Shippo to calculate shipping based on where it is being sent. (I also have this feature in my repo, but needs a bit more work, any contributions to my repo would be great).

• Having Options. Many products have variations, so instead of creating new product listing for each variation, this can be done by creating new schemas. This is something that I think we can all work on together as a community

Minor Update could also be updated that can be done fairly easily:

• Reduce Stock once Order Is Placed
• Add Quantity To Cart and Check an API to see if product availability of stock is good.

So, if we can contribute together as devs, I know that we can create an even better version of this already great repository and great.

Thanks!

Below you can see my repository with features such as Email Verification using MailGun, Stripe, Shipping with Shippo API, and other minor improvements.

https://github.com/talmax1124/cdshop22

When deploying this project on Heroku and creating a product, the product image does not appear. It works fine on the development side, but on the production level, the image does not show up...

See

Just wanted to let you know there is no check and reviews can be added to product even if not purchased

facing this error while trying to run backend using npm run server

installed node_modules using npm install and then tried to run it but facing this error

NOTE: I've added URI in the .env file, placing it below

NODE_ENV = development
PORT = 5000
MONGO_URI = ''
JWT_SECRET = 'abc123'
PAYPAL_CLIENT_ID = your paypal client id
PAGINATION_LIMIT = 8

Description:
I am currently experiencing difficulties while following the course in the "Placing Order" section. Whenever I attempt to place an order, I encounter a "401 - Not authorized, no token" error, which appears to be related to authentication (refer to Image 1).

While I am able to successfully log in to the client, it seems that the JWT (JSON Web Token) cookie is not being set on the client after logging in (see Image 2). However, when I log in using Postman solely on the backend, the JWT cookie is successfully sent back (refer to Image 3).

To provide more context, I have shared the relevant images and code snippets below:

Image 1:

Image 2:

Image 3:

You can access my code repository here: TechMart

Upon reviewing the situation, I suspect that the error is caused by the absence of the JWT on the client side. Consequently, when I attempt to place an order, the protect middleware interferes.

I kindly request assistance in resolving this issue as I have been stuck on it for quite some time. If you are able to identify a solution, please feel free to submit a pull request to my repository.

Thank you for your attention and support.

Sincerely,
Khant Sithu

The cookie and the JWT expire after 30 days.
However for our private routing in the client our react app simply trusts that if we have a user in local storage, then that user is authenticated.
So we have a situation where in the client they can access private routes, but the API calls to the server fail because there is no cookie with a valid JWT.

To reproduce the issue change backend/utils/generateToken.js to:

const generateToken = (res, userId) => {
  const token = jwt.sign({ userId }, process.env.JWT_SECRET, {
    // expiresIn: '30d',
    expiresIn: '60s',
  });

  // Set JWT as an HTTP-Only cookie
  res.cookie('jwt', token, {
    httpOnly: true,
    secure: process.env.NODE_ENV !== 'development', // Use secure cookies in production
    sameSite: 'strict', // Prevent CSRF attacks
    // maxAge: 30 * 24 * 60 * 60 * 1000, // 30 days
    maxAge: 60 * 1000, // 60 seconds
  });
};

So that the token and cookie expire after one minute.
Then log in your user in the client and visit a private route such as /profile to see the users profile.
Wait one minute and refresh the browser:

This happens because we still have a user in LS but the JWT and cookie have expired.

https://github.com/bradtraversy/proshop-v2/blob/2e3eb75f94caa23108663b19eac7945020409410/backend/controllers/userController.js#L124C26-L124C26

Even for admin , access should be restricted.

Issue line : 124 : const users = await User.find({});

Fix : const users = await User.find({}).select("-password");

Hi Brad, i've been follwing your tutorial lately and it was going pretty well untill i faced this error in data:import script for importing data in the database

‼️ ValidationError: _id: Cast to ObjectId failed for value "1" (type string) at path "_id" because of "BSONError", password: Path `password` is required., email: Path `email` is required.

however the data:destroy script works fine 👍🏻.

it'll be glad if you could suggest a fix for this.

thanks!

after fetching data from mongo using asyncHandler it seems the latency is very high and loading is slow and sometimes get lagged. anyone facing the same issue ??

proshopdemo.dev, shows a 502 bad gateway error. Please kindly check

Unexpected Application Error!
Cannot read properties of undefined (reading 'length')
TypeError: Cannot read properties of undefined (reading 'length')
at Header (http://localhost:3000/static/js/bundle.js:680:51)
at renderWithHooks (http://localhost:3000/static/js/bundle.js:52269:22)
at mountIndeterminateComponent (http://localhost:3000/static/js/bundle.js:55555:17)
at beginWork (http://localhost:3000/static/js/bundle.js:56851:20)
at beginWork$1 (http://localhost:3000/static/js/bundle.js:61814:18)
at performUnitOfWork (http://localhost:3000/static/js/bundle.js:61083:16)
at workLoopSync (http://localhost:3000/static/js/bundle.js:61006:9)
at renderRootSync (http://localhost:3000/static/js/bundle.js:60979:11)
at recoverFromConcurrentError (http://localhost:3000/static/js/bundle.js:60471:24)
at performConcurrentWorkOnRoot (http://localhost:3000/static/js/bundle.js:60383:26)
💿 Hey developer 👋

You can provide a way better UX than this when your app throws errors by providing your own ErrorBoundary or errorElement prop on your route.

The following warning is displayed when loading the bootstrap table for the ProfileScreen.jsx component:
warning: Received 'true' for a non-boolean attribute table.

According to the react bootstrap table api, the 'table' attribute is not needed and is set by default. Removing the table attribute clears the warning.

Also, I found a small typo in the same file where the <tD></tD> tag should be <td></td>.

when frontend is deployed, the browser doesn't receive the jwt cookie sent to the browser on login and register. works perfectly the way it should when running locally.

Once we add an item to the cart using Redux Toolkit, we pass the entire product to the state, specifically the countInStock field, which has a fixed value as long as the user does not remove and re-add that item to the cart.

Suppose we added an item to the cart, closed the website, and came back later in the day. Ealier we selected to order 5 out of 5 products that were in stock. However, someone else ordered 3 of these products while we were gone. Despite this, we can still order the same amount because the countInStock data is not being updated in real-time. How can I ensure that doesn't happen in my application? Basically I want to know what is the simplest way to go about this.

what if i search something which is not similar or not in the products then won't it show any not found error message ?? because according to the implementation it seems not applied. can anybody make a pr on this by fixing it

When I login it goes through, i also see my user in localStorage and redux store, on the backend it also sets cookie and middleware also works, but somehow when i login or register on frontend and i go into Application/Cookies/localhost:3000 I dont see my jwt cookie? Any explanation or fix? ( i am using vite)