Skip to content

internetroger/photoroll

Repository files navigation

photoroll

Shopify Backend Developer Challenge

This project will be a quick Rails-based image uploader. I am focusing on proper auth and the ability to securely upload and delete images to start.

Caveat Emptor!

I have included some basic validations and security measures; they are by no means exhaustive. For example: passwords must be present, and they are hashed and securely stored, but I did not include checks on password strength for ease of testing. These can easily be added at a later date. Session management is done via cookies, which is a Rails default behavior. I have configured the production environment to require SSL for cookie transmission, but the development environment uses insecure transmission. Cookies expire upon logout or after 2 days. Routes have been restricted to disallow access to restricted resources via exploiting Rails path conventions.

Features

  • Login/Signup/Logout
  • Photo upload
  • Secure image storage and deletion
  • Public/private image designation
  • File type validation to prevent malicious uploads
  • Private images are only viewable by the user who uploaded them.
  • Automatic session expiration

Technologies

  • Rails 6
  • Active Storage (image storage)
  • file_validators gem for checking filetypes
  • SQLite
  • Active Model has_secure_password (Bcrypt for password management)
  • Static code analysis via brakeman gem
  • Additional static code analysis via dawnscanner gem

Environment setup

Clone down the repo -> cd ./photoroll -> rails db:migrate -> rails s -> localhost:3000 in your favorite browser!

Static analysis reports via brakeman: Run brakeman in the root Rails directory. View results in the terminal

Static analysis via dawnscanner: Run dawn . in the root Rails directory. Results will appear in a ~/dawnscanner folder as text files.

Screenshots

Please forgive the barebones styling!

Homepage Homepage

Login Login

Profile View Profile View

Other User View Other User View

TODO

  • Add columns to Post to allow for public/private viewing
  • Implement login/signup
  • Create basic routes (login/signup/logout, home, upload, view, delete)
  • Create unstyled views
  • Properly store images
  • Filetype validation (only jpeg, jpg, and png for now)
  • Delete images
  • Secure image storage
  • Session expiration
  • Styling
  • Testing via RSpec
  • Update readme with installation section
  • Add screenshots to readme
  • Add error page for routes when not following happy path that does not conflict with ActiveStorage

About

Shopify Backend Developer Challenge

Resources

License

Stars

1 star

Watchers

1 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors