My Book Trading Club is open - Any feedback is welcome

I just completed the project. Here is my Book Trading Club app:

It doesn’t have fancy UI and perfect UX. I’ve been more into the backend part and it seems to work.
Please review my app. :smiley:

1 Like

I got a crashed screen. Are you working on it?bor is it just buggy?

If the former, did you know you can put heroku apps into maintenance mode while developing so users get a more encouraging error screen?

terminal: heroku maintenance:on

I’m not working on it right now. It seems like a bug. (I guess someone opened my API with wrong input that shutdowned the server). I just restarted heroku and I’m gonna find out what happens in the log. Right now the app is live again.
And I’m gonna take a look at heroku maintenance. Thank you :slight_smile:

Edited: Found and fixed it! a bug in user information API.

I accidentally created 2 copies of the same book. There doesn’t seem to be a way to delete it.

I’m also not super keen that you publish my real email address without warning! Can I delete that?

You can change your email in “My profile”. Just fill in everything (only changing email won’t work) and click update.

I absolutely agree with you, that your email address should be hidden. The server should take care of the mailing. Also maybe a city is specific enough.

Also even without adding any books, your data is freely available:

1 Like

Sorry had to try, just updated your profile data. Everybody can do that…

1 Like

Ha, that’s funny! Thanks for obscuring my details in suck a devilishly hacky way :slight_smile:

Needless to say at this point @lequanghuylc, your app has some security holes :slight_smile:

Check the docs of whatever package you are using for authentication and see what their best practices are.


@JacksonBates and @BenGitter: Thank you for pointing out those issues. My first intent for putting email & address in public is just for members who interest in trading books with the owner can have a way to contant the owner. These members can also look at the address to decide if it’s convenient to trade. A real app is gonna have profile page and a message system to help member communicate right inside the app. But I think it’ll take lots of work to build message system so It alone can be another project. I just thought showing email is the quickest way to go.

Obviously I didn’t think much about security, and as @JacksonBates said my app has security holes (I think it’s many, not just some :smiley: ). I’m browsing some stuff to see what I can do about that. But right now, don’t use real personal information.

I added some basic authentication and now people can’t freely get user information via API. (but loged users still can, if they happen to know some existed username)
(Ex: )

About the ability to delete books, it’s gonna take awhile to implement (hope not so long :smile: )

Thank you again for helping me improve my app.