A webshop project from 2015 rebooted, demo https://www.youtube.com/watch?v=gUCBCB0Om-8

(swish payments!)

The project is written as a java EE webshop application with the following stack

• MySQL
• Bootstrap
• HTML5
• JSP/JSTL

While we could have replaced these with something never and more interesting, I think it would be more fun/challenging to keep the stack in place. I like to have some diversity in my projects, not everything has to be NoSQL and SPA :) I'm not much for EE, application servers, servlets and all that enterprisey stuff.

Challenges

• performance
  • make sure to upgrade to latest MySQL DB / driver.
  • analyze existing queries, check for missing/bad indexes.
  • find the fastest goddamn application server there is.
  • server side rendering causes database calls to block.
    • even worse, all our DB calls are synchronous and serialized.
• security
  • tons of forms here, we need some solid CSRF protection.
  • zero protection against XSS in place.
  • payment security; not required for simple swish integrations.
  • password hashing: uses PBKDF2, barely passable, upgrade to Argon2
  • prevent session fixation - regenerate session id.
  • use constant time compare for passwords / csrf token
• mobile support
  • we use bootstrap so it shouldn't be too hard.
  • upgrade bootstrap from v3 to v4.
  • add a favicon / pwa manifest.
• containerless deployment
  • tom EE / undertow / ? (i will NEVER touch spring.)
• payment
  • there is no existing payment implementation.
  • lets start with swish, and just use a URI / QR for payments.
  • maybe later we can explore more options, Ether etc?
• workflow
  • order management - update order status
  • handling of refunds / cancelled orders
  • prevent orders from never getting completed when items out of stock

Super easy,

./gradlew jar

Produces a standalone jar with an embedded application server.

If you want docker,

./gradlew jar && docker build .

Needs at least one MySQL server, we are using 8.0.12 for development.

Preload a new database with the file database.sql.

The default configuration looks like,

{
  "jdbcUrl" : "jdbc:mysql://localhost:3306/webshop?useSSL=false",
  "databaseUser" : "root",
  "databasePass" : "",
  "swishReceiver" : "07372151522"
}

This is my development settings, you you will need to place a file called application.json beside your jar, with values that matches your environment.

Start the application with,

java -jar <fileName>.jar

for docker,

docker run -it -p 8080:8080 <imageName>

Contributions are always welcome! pull requests, code reviews, new issues, comments on existing issues etc.