The user should get feedback that wrong credentials were used on login

"You email or password is wrong. Please try again!"

session cookie is not removed on account deletion (leads to error)

deleting account weird behaviour → I just entered [email protected] or [email protected] but it still worked (should only work with [email protected])

The create post text field should be reset after creating a post

Hey Malik, here's some feedback! Hope it helps :)

Frontend

• Empty messages shouldn't be possible. (Block them both in Frontend and Backend)
• The input box should have a fixed width.
• "standup" and "Recent" & "Calendar" should be vertically centered, e.g. with align-items: center;
• CSS looks fine, although it's not very scalable. You might look into the following:
  • SASS
  • TailwindCSS

Backend

I can't say too much about the python code unfortunately, because I haven't worked in Python too much. But here's what I can say:

• You should rate-limit the requests. Would be easy to spam your backend with requests right now.
• Make sure to encrypt any passwords in the database, use "sugared cryptographically-safe hash functions" for that. (Just google it lol) -- If someone stole your DB, it would be impossible to crack the passwords then.
• Try to split the app.py into multiple modules, extract functions wherever it makes sense. (Anything that's repeated at least once, or benefits from better naming)

General

These specific suggestions might give you some idea on what to improve, but if I would go on with every tiny detail, it'd take forever. So in general:

• Follow the "Clean Code" advice, especially:
  • DRY: Don't repeat yourself.
  • Try to write code that explains itself. A well-named function is better than a well-written comment.
• Look into automated testing! I'm sure there's good tooling for Python.
  • This is a bit advanced maybe, but it's crucial for stable applications. Try to stick to TDD (test-driven-development) as soon as possible.
  • You'll have to learn to write "testable" code. A few keywords to research here: "Mocks", "Stubs", "Fakes" (those are all similar), "Dependency Injection"... The goal is to be able to switch out real libraries (like flask) with your own testing dummies. Then you can use them to verify that your code behaves as it should.
  • Automated testing & clean code complement each other. Although both can be very difficult, if you start early, they will save you a lot of trouble.

I liked your general architecture. There's not too many files in each folder, it's clear what each module does. Try to stick to that, when the app grows. Make sure to extract functionality into separate modules wherever possible to avoid messy code.

The two concerns that I'd have before launching this tool publicly are 1. Security and 2. Testing.

1. For Security, read into the OWASP principles.
2. For Testing, stick to my earlier advice. Use any python testing framework.

I know this might all be a bit overwhelming, but I hope it helps anyway. Consider this a roadmap to becoming an "Advanced Developer", or at least one who can be confident in their production code! 😄

Here's some quick thoughts on things I need to work on for releasing version 1.0:

• There's no landing page which means there's no way for people to know what the product is all about.
• Users cannot recover their password which means they'll have to create a new account or stop using the product.
• The invite code hasn't been properly implemented. Which means I can't onboard new users.
• When people sign up, they are redirected to the login page but there are no visual cues or aids telling them they can already login.
• The email notification people receive when they sign up for Cuiff does not provide any call to action and is still being sent with Fuzzboard name and my gmail which will confuse new users.
• When people login for the first time, the next steps might be confusing. There's not a lot of visual cues or explanation about what you can do at Cuiff.
• There's also no explanation about the difference between personal boards and workspaces.
• When you're inside a board, there's no way to know where you are. You might be inside a workspace or personal area, who knows?
• There's no way to delete workspaces, change their names or see who's part of it.
• There's no way to delete boards or change the prompt.
• The keyboard shortcut is malfunctioning and that affects the user experience.
• I'm not handling 404 errors which results in a bad user experience.

The Sign up and Login form is off center for me.
I have not done a lot of testing but This happens on both my screens: aspect ratio: 16:9 and 14:9

A user can set a very weak password as their account password (examples: "1", "123", "password")

I suggest validation including (but not limited to):

• at least 8 letters
• capital and non capital letters
• at least one numbers
• at least one special character (".","/"."?")

This needs to be discussed:

Rate limit for creating posts (or boards) to prevent spam creating

There is no confirmation for the user on account creation that it was successful (just redirects to main page)