This project will be part of our new Quality Assurance and Information Security section. It was designed by @JosephLivengood.
The goal is for campers to be able to build these projects step by step following user stories. This will make the projects less intimidating and more fun. Oh, and donât worry - weâll still have plenty of optional projects where we donât provide you with any tests. And if youâve previously built these projects, you donât need to build them again.
If youâre interested in attempting this, please reply to the thread and let us know youâve started it. The more people who want to build this, the better, as we can start gathering feedback.
Thanks, and happy coding!
User Stories
- Only allow your site to be loading in an iFrame on your own pages.
- Do not allow DNS prefetching.
- Only allow your site to send the referrer for your own pages.
- I can POST a thread to a specific message board by passing form data text and delete_password to /api/threads/{board}.(Recommend res.redirect to board page /b/{board}) Saved will be at least _id, text, created_on(date&time), bumped_on(date&time, starts same as created_on), reported(boolean), delete_password, & replies(array).
- I can POST a reply to a thread on a specific board by passing form data text, delete_password, & thread_id to /api/replies/{board} and it will also update the bumped_on date to the comments date.(Recommend res.redirect to thread page /b/{board}/{thread_id}) In the threadâs replies array will be saved _id, text, created_on, delete_password, & reported.
- I can GET an array of the most recent 10 bumped threads on the board with only the most recent 3 replies each from /api/threads/{board}. The reported and delete_passwords fields will not be sent to the client.
- I can GET an entire thread with all itâs replies from /api/replies/{board}?thread_id={thread_id}. Also hiding the same fields the client should be see.
- I can delete a thread completely if I send a DELETE request to /api/threads/{board} and pass along the thread_id & delete_password. (Text response will be âincorrect passwordâ or âsuccessâ)
- I can delete a post(just changing the text to â[deleted]â instead of removing completely like a thread) if I send a DELETE request to /api/replies/{board} and pass along the thread_id, reply_id, & delete_password. (Text response will be âincorrect passwordâ or âsuccessâ)
- I can report a thread and change itâs reported value to true by sending a PUT request to /api/threads/{board} and pass along the thread_id. (Text response will be âsuccessâ)
- I can report a reply and change itâs reported value to true by sending a PUT request to /api/replies/{board} and pass along the thread_id & reply_id. (Text response will be âsuccessâ)
- Complete functional tests that wholly test routes and pass.
Should be last project potentially as its somewhat more complex and has a much more blank boilerplate canvas for them to implement these user stories however they want.
Passing prototype built on boilerplate: https://gomix.com/#!/project/horn-celery
Boilerplate: https://gomix.com/#!/project/fcc-message
Tester(ISQA_3-Anon Message Board): https://pricey-hugger.gomix.me/