diff --git a/.cursorrules b/.cursorrules index e66373a..0bd5ff5 100644 --- a/.cursorrules +++ b/.cursorrules @@ -71,3 +71,69 @@ • Document non-trivial logic with inline comments and consider implementing error boundaries where needed. • New code must adhere to these conventions to avoid ambiguity. • Use descriptive names that reflect the purpose and domain, avoiding abbreviations unless standard in the project. + +## Group 4 – Backend & API Guidelines + +1. API Endpoint Design & Documentation: + • Follow RESTful naming conventions; all route handlers should be named clearly and consistently. + • Document endpoints with Swagger annotations to provide descriptions, expected request bodies, and response codes. + • Examples (for Auth endpoints): + - POST /api/auth/signin/local + • Description: Logs the user into the system. + • Request Body (application/json): + { "email": "admin@flatlogic.com", "password": "password" } + • Responses: + - 200: Successful login (returns token and user data). + - 400: Invalid username/password supplied. + - GET /api/auth/me + • Description: Retrieves current authorized user information. + • Secured via Passport JWT; uses req.currentUser. + • Responses: + - 200: Returns current user info. + - 400: Invalid credentials or missing user data. + - POST /api/auth/signup + • Description: Registers a new user. + • Request Body (application/json): + { "email": "admin@flatlogic.com", "password": "password" } + • Responses: + - 200: New user signed up successfully. + - 400: Invalid input supplied. + - 500: Server error. + +## Group 5 – Testing, Quality Assurance & Error Handling + +1. Testing Guidelines: + • Write unit tests for critical backend and frontend components using frameworks such as Jest, React Testing Library, and Mocha/Chai. + • Practice test-driven development and maintain high test coverage. + • Regularly update tests following changes in business logic. + +2. Quality Assurance: + • Enforce code quality with ESLint, Prettier, and static analysis tools. + • Integrate continuous testing workflows (CI/CD) to catch issues early. + • Ensure documentation is kept up-to-date with the implemented code. + +3. Error Handling: + • Back-end: + - Wrap asynchronous route handlers with a helper (e.g., wrapAsync) to capture errors. + - Use centralized error handling middleware (e.g., commonErrorHandler) for uniform error responses. + - Verify the existence of req.currentUser in protected routes and return clear errors if authentication fails. + • Front-end: + - Implement error boundaries in React to gracefully handle runtime errors. + - Display user-friendly error messages and log errors for further analysis. + +2. Authentication & Security: + • Protect endpoints by using Passport.js with JWT (e.g., passport.authenticate('jwt', { session: false })). + • Ensure that secure routes check for existence of req.currentUser. If absent, return a ForbiddenError. + +3. Consistent Error Handling & Middleware Usage: + • Wrap asynchronous route handlers with helpers like wrapAsync for error propagation. + • Use centralized error handling middleware (e.g., commonErrorHandler) to capture and format errors uniformly. + +4. Modular Code Organization: + • Organize backend code into separate files for routes, services, and database access (e.g., auth.js, projects.js, tasks.js). + • Use descriptive, lowercase filenames for modules and routes. + +5. Endpoint Security Best Practices: + • Validate input data and sanitize requests where necessary. + • Restrict sensitive operations to authenticated users with proper role-based permissions. + diff --git a/frontend/json/runtimeError.json b/frontend/json/runtimeError.json new file mode 100644 index 0000000..9e26dfe --- /dev/null +++ b/frontend/json/runtimeError.json @@ -0,0 +1 @@ +{} \ No newline at end of file