Worthsec is a social media platform that offers accessibility for diverse groups of people, enabling them to exchange ideas, connect with others, and efficiently manage their events.
- Explore
- CRUD
- Share
- Chat
- Invite
- Join
- Favour
- Search
- Follow
- User can create an account
- User can login
- user can sign up
- user can upload a picture
- user can create an event
- user can join an event
- user can follow other users
- user can search user
- user can favour events
- user can share events with friends
- user can receive a notification
- user can chat
- Login - Implemented
- Sign up - Implemented
- Create events - Implemented
- Delete events - Implemented
- Search other users - Implemented
- Follow - Implemented
- Explore events - Implemented
- Join - Implemented
- Favour - Implemented
- Notification - in process
- Chat - Not Implemented
- Invite - Not Implemented
- Share- Not Implemented
This project contains data that the user-generated by interacting with the application. There is no external data involved! Users can create their events by filling out the form. For this process, they must provide information such as Title, date, time, event - cover, type of event, and more. Furthermore, users can upload a profile picture for their account, which is visible to other users. The application has little data because it is still in the development phase. Please note that some tables and attributes are still missing for the simplicity of the MVP.
Please note that for these common steps, you need to set up Node.js and use the Express.js microservice framework for the backend.
-
Install PostgreSQL from Node.js:
npm install pg -
Set up the Prisma Client on your prisma.shema file:
-
Create the Database Server through pgAdmin (DBMS): In pgAdmin, set up your database server configuration requirements such as user, host, database name, password, and port. Furthermore connect your express.js with the database server. All of this information can be stored in the .env file for security purposes. Add the connection to your prisma.shema file:
-
Install the Prisma ORM to connect Prisma with the PostgreSQL Database Server:
=> Install the Prisma CLI:
npm install prisma @prisma/client
=> Initialize the Prisma project:
npx prisma init
=> During initialization, Prisma will ask for information about the project. Please provide the connection information.
=> After the configuration, generate a new Prisma client:
npx prisma generate
-
Set up the Express.js Backend Logic to Use Prisma Client:
=> Operation Example with the Prisma Client:
Index strategies are applied to four tables:
- account: Target column -
userName - event: Target column -
eventHost - picture: Target column -
picture_owner_id - userTouser: Target column -
userRequested_idanduserFollwed
This threat model evaluates potential security risks associated with the social media platform “Worthsec.”
- User personal data (email, interests, birthday)
- Account credentials (username/password)
- Backend database
- User location
- Hackers
- Cybercriminals
- Nation-state actors
- Thrill seekers (e.g., script kiddies)
The attacker embeds a malicious webpage to trick users into entering their credentials in order to steal their passwords.
The attacker injects malicious scripts into the website, allowing them to manipulate site behavior.
The attacker floods the server with a large volume of unnecessary requests or data, making the service fail.
The attacker downgrades a secure HTTPS connection to an insecure HTTP one. This allows them to intercept and steal user data due to the lack of encryption.
- JWT-based authentication system
- Password hashing using bcrypt
- Password hashing salt encryption
- Email verification requirement
- Password complexity requirements (8–25 characters)
- Input field length restrictions
- Password verification during login
- Schema-full database design with strict type checking
- Unique index constraints on critical fields
- Environment variable–based configuration
- Input validation
- Email format validation
- Field length restrictions
- Role-based access control structure – 50%
- Protected routes using dependencies (CORS + authentication)
- Error handling stack implementation
- Row level security - Database - still in process
- Docker containerization
- Environment variable configuration
- Separate development and production configurations
- Continuous deployment with GitHub Actions
- SSL/TLS support through Fly.io deployment
- Proper error handling and logging
- Secure session management