Skip to content
/ Xmart-Shopping Public

Developed using the MERN stack and by integrating the Rest Services through WSO2 Enterprise Integrator (ESB)

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

manuka99/Xmart-Shopping

BranchesTags

Repository files navigation

Xmart Shopping Platform

Mern Stack + WSO2 Enterprise Integrator

Youtube video 🎥💥 : https://youtu.be/tztfJ2cpj5Y



Students Contribution

1. Manuka Yasas

  1. Product service to search (Full text), filter and perform all crud operations.
  2. Shopping cart management.
  3. Dummy credit card payment gateway service.
  4. Dummy mobile payment gateway service using Twilio.
  5. Place orders with multiple products.
  6. Track orders.
  7. Using WSO2 EI (Enterprise Integration – ESB) to integrate services at the backend and expose a common web API.
  8. Route the payment to either the banking payment gateway or the mobile operator, based on some parameter of the payment request message.
  9. Frontend of Delivery service.

2. Nethmi Divya https://github.com/NethmiDivyaT/Backend-item

  1. Seller service where sellers can add/update/delete items.

3. Harini https://github.com/Rane1998/ds_auth

  1. JWT authentication service to perform role based authentication.
  2. Delivery service to deliver orders.



High Level Diagram

High level Diagram

Technologies

  1. Node, Express, JWT, Passport.
  2. React and Redux.
  3. Mongo database.
  4. Twilio to send SMS.
  5. Node mail - Gmail SMTP to send emails.
  6. WSO2 Enterprise Integrator.

Authentication and Security Mechanism adopted with system

User Authentication

Json web token based authentication mechanism is used to verify user identity by returning a unique token. Guest have to verify the credential once and in return they will get a unique token which is allowed to access for 10 minutes. The token will have user’s basic details and role details. When registering a user and resetting a password the password entered is encrypted (using bcrypt) and stored in the database. Even when querying we can get only the highest version of the password unless specially quarried for the real password. User can request to reset the password then a hashed reset token will be generated and an email will be sent to the user’s email address along with the reset URL. Once user visit the reset URL, server checks the validity of the reset token and allows to change the password.

Service Authentication

Since the authentication is developed as a service, the buyer service and the seller service requires to be authenticated externally. For this the buyer service and the seller service will be using a middleware to send a request to the authentication service to validate the bearer token sent in request headers through the WSO2 EI (ESB). “Authenticate” middleware in the buyer/seller service is used to validate the response that is returned after requesting the authentication service with authorization token in request headers. If the response sent from the authentication service has a user, it will be added to the request object and the next function will be invoke.
Function “getAuthUserFromBearerToken” is used in the buyer/seller service to request the authentication service with the authorization token(JWT) and return back the response. The request will be sent through the ESB.
Function “validate token” is used in the Authentication service to validate the token sent in the request body and if the token is verified, user will be retrieved and returned.
If the token is valid then the user will be added to the request object in the Buyer and Seller service. Since the role “seller” must be validated in the seller service another middleware is used to validate the role in the request user.

Payment Security

In order to provide extra security when making a payment through credit card gateway or mobile payment gateway, order details along with the transfer amount will be hashed. When the user is paying through credit card / mobile then a request will be sent to the gateway with transfer amount and order id. Since these data could be changed, another parameter is sent which is a hashed value generated using the order id, transfer amount and order secret key. Order secret key will be saved in environment configurations in both the services. The payment gateway will hash the data received (transfer amount and order id) with the order secret and generate a hashed value. If this value and the hashed parameter sent along with the data matches then the payment is secure and can be made. (In real scenario payment gateways will use the Client User ID and Secret received when registering to the gateway) Also after completing the payment, gateway will send a request to the buyer service with the data such as order id, transfer amount and payment hash code. Payment hash code is generated using the order id, transfer amount and payment secret key. Payment secret key will be saved in environment configurations in both the services. Then the buyer service will validate and compare a payment hash codes and if valid the order payment will be updated as paid and notifications will be sent through mail and SMS.

User Interfaces 📷

2localhost_3000_products 3localhost_3000_search_perfumes 4localhost_3000_ product 5localhost_3000_ cart_add 6localhost_3000_cart 7localhost_3000_order_details 8localhost_3000_order_payment_card 9localhost_3000_order_payment_mobile 10localhost_3000_order_mobile_validator 11localhost_3000_order_payment_cod 12localhost_3000_order_success 13temp-mail org_fa_view 14Screenshot_20210505_012211_com google android apps messaging 15localhost_3000_track-order 16localhost_3000_login 17localhost_3000_register

About

Developed using the MERN stack and by integrating the Rest Services through WSO2 Enterprise Integrator (ESB)

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages