Skip to main content

Saheb Jan. 5 - Jan. 9 Report

Saheb Backend - Features Overview

User Account Management

Users can create accounts by providing their email, password, and optional personal information like first name, last name, and username. The system ensures that each email address can only be used once. Passwords are securely stored using encryption, so even if someone gains access to the database, they cannot see the actual passwords.

Authentication and Security

The application provides secure login for both regular users and administrators. When users sign in, they receive special access tokens that allow them to use protected features. These tokens expire after a certain time for security purposes. Users can also refresh their session without having to log in again, using a special refresh token. When users want to sign out, the system properly clears their session tokens.

User Preferences

Users can customize their experience by selecting their preferred language (English, French, or Arabic) and their preferred visual theme (light mode or dark mode). These preferences are saved with their account and automatically applied when they log in.

Profile Management

Logged-in users can view their own profile information at any time. They can also update their personal details such as name, username, email, language preference, and theme preference. Additionally, users can change their password at any time by providing their current password and setting a new one.

Role-Based Access Control

The system supports two types of users: regular users and administrators. Administrators have special login endpoints and can access features that regular users cannot. The system automatically checks user roles to ensure that only authorized users can access certain features.

Security Features

The application includes several security measures to protect users and data:

  • All data sent to the server is validated to ensure it meets requirements and to prevent malicious input
  • The system limits how many requests can be made in a short period to prevent abuse
  • Security headers are set to protect against common web vulnerabilities
  • Cross-origin requests are controlled to ensure only approved websites can access the API
  • All user data sent over the network is validated before being processed

API Organization

The application is organized with a clear structure where all API endpoints are prefixed with "api" and versioned (currently version 1). This allows the system to evolve and add new features while maintaining compatibility with existing applications.

Logging and Monitoring

The system keeps detailed logs of all activities, which helps identify issues and understand how the application is being used. These logs are structured in a way that makes them easy to search and analyze.

Database Integration

User information is securely stored in a database. The system automatically tracks when accounts are created and when they are last updated. Users can be found by their email address or unique identifier.

Back to top