Welcome to the Playtrade repository — a card trading platform designed to enhance your collecting experience.
- Getting Started
- User Authentication & Management
- Schemas & Data Structures
- Seller-Specific Card Management API Endpoints
- Cloudinary API Integration
- Stripe Payment Integration
- Technologies Used
- Authors
- Contributing & Improvements
- License
- Clone the repository onto your local device (following steps):
git clone git@github.com:Code-the-Dream-School/ffprac-team6.git
cd ffprac-team6
npm install
- Set up Mongo database by installing MongoDB
- Obtain the following API Keys:
- Copy the
.env.examplefile and rename it to.env:
cp .env.example .env
- Replace the placeholders with your specific values:
JWT_SECRET= <your_unique_jwt_secret_key>
JWT_LIFETIME= <your_desired_jwt_lifetime>
NEXTAUTH_URL= <your_desired_port_number>
NEXTAUTH_SECRET= <your_nextauth_secret_key>
MAIL_USERNAME= <your_desired_email_address>
GOOGLE_CLIENT_ID= <your_client_id>
GOOGLE_CLIENT_SECRET= <your_client_secret>
GOOGLE_CLIENT_REFRESH_TOKEN= <your_refresh_token>
REDIRECT_URI= <your_redirect_uri>
NEXT_PUBLIC_CLOUDINARY_NAME=<your_cloud_name>
NEXT_PUBLIC_CLOUDINARY_API_KEY=<your_api_key>
NEXT_PUBLIC_CLOUDINARY_PRESET_SECRET=<your_present_secret>
CLOUDINARY_API_SECRET=<your_cloud_api_secret>
NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY= <your_stripe_publishable_key>
NEXT_PUBLIC_STRIPE_SECRET_KEY= <your_stripe_secret_key>
- Run
npm run devto start the development server - The app will be served at http://localhost:3000/.
Our application ensures secure user management through:
- Registration: Securely registers new users.
- Login and Logout: Manages sessions securely from creation to termination.
- Password Management: Includes methods for setting, updating, and verifying passwords.
- JWT Token Creation: Generates JSON Web Tokens for secure authentication.
We utilize NextAuth.js configured in api/auth/[...nextauth].js for centralized, dynamic session management:
- JWT and Session Synchronization: Custom callbacks enrich JWTs with user details for consistent sessions.
- Secure Session Handling: Uses HTTP-only cookies for secure, scalable session management.
Configuration:
session: {
strategy: "jwt"
},
secret: process.env.NEXTAUTH_SECRET,
pages: {
signIn: "/signin"
}| HTTP Verbs | Endpoints | Action | Description |
|---|---|---|---|
| POST | /api/register | Register User | |
| POST | /api/auth/[...nextauth] | Handles various auth actions | Dynamically handles login, logout, token and session refresh actions. |
| GET | /api/auth/[...nextauth] | Retrieves session & user information | Used to fetch current user session and profile data securely. |
| POST | /api/forget-password | Forgot Password | |
| POST | /api/reset-password | Reset Password | |
| POST | /api/verify-token | Verify Reset Token | |
| GET | /api/auth/profile | User Profile | |
| GET | /api/auth/session | Check Session Status | |
| PUT | /api/auth/profile/update | Update User Profile |
Note: All endpoints include robust validation and error handling for enhanced security.
Purpose: Defines the data structure for user accounts. Fields:
username: The user's chosen username.email: The user's email address.password: The user's hashed password for secure storage.
Purpose: Manages listings in the market, linking cards and sellers. Fields:
items: An array ofMarketItemsubdocuments, each representing a unique listing in the marketplace.
Purpose: Represents an individual listing in the market. Fields:
cardId: Reference to theCardschema, indicating the card being sold.sellerId: Reference to theUserschema, identifying the seller.
Purpose: Profiles for users who purchase cards, tracking their buying history. Fields:
userId: Link to the user's profile.cardsPurchasedId: Array of card IDs that the user has purchased.
Purpose: Tracks each transaction, providing a history of card purchases. Fields:
buyerId: Reference to the buyer's user profile.cardId: Reference to the purchased card.sellerId: Reference to the seller's user profile.purchaseDate: The date on which the purchase was made.
Purpose: Defines the details of trading cards available for sale. Fields:
name: The name of the card.set: The set or series to which the card belongs.price: The sale price of the card.currency: The currency in which the price is denoted.shippingCost: The cost of shipping the card.description: A description of the card.conditions: The condition of the card.category: The category of the card (e.g., Magic, Pokemon).imageURL: A URL link to an image of the card.quantity: The number of such cards available.available: The availability status of the card (e.g., available, sold).createdBy: The user who listed the card.createdAt: The timestamp when the card was listed.
| HTTP Verbs | Endpoints | Action | Description |
|---|---|---|---|
| GET | /api/cards | Get All Cards | Retrieves all cards with optional filters like name, condition, price range, category, and availability. Supports pagination. |
| POST | /api/cards | Create Card | Allows authenticated sellers to create a new card. Ensures only sellers can post new cards. Requires JWT for verification. |
| DELETE | /api/cards | Delete All Cards | Allows sellers to delete all cards they created |
| GET | /api/cards/[id] | Get Single Card | Retrieves a specific card by its ID. Accessible to all users. |
| PATCH | /api/cards/[id] | Update Card | Allows sellers to update a specific card they own |
| DELETE | /api/cards/[id] | Delete Card | Allows sellers to delete a specific card they own |
Purpose: Profiles for users who sell on the platform, tracking their sales and feedback. Fields:
userId: Link to the user's profile.rating: The seller's overall rating.feedback: Array of feedback comments from buyers.numberOfSales: Total number of sales completed.isRequestedAt: The date when the user requested to become a seller.
| HTTP Verbs | Endpoints | Action | Description |
|---|---|---|---|
| GET | /api/seller/[id] | Get Seller by ID | Retrieves comprehensive information about a seller. |
Purpose: Details the card listings managed by a seller. Fields:
sellerId: Reference to the seller's user profile.cardId: Reference to the card being listed.cardsForSaleId: Array of card IDs that are available for sale from the seller.
This section details the API endpoints available for sellers to manage their trading cards. These endpoints allow for creating, viewing, and deleting cards within the permissions granted to authenticated sellers.
| HTTP Verbs | Endpoints | Action | Description |
|---|---|---|---|
| GET | /api/cards/seller/[id] | Get Cards by Seller | Retrieves all cards created by a specific seller. Supports filtering and pagination. |
| POST | /api/cards/seller | Create Card | Allows authenticated sellers to post a new card. |
| PATCH | /api/cards/seller/[id] | Update Seller's Card | Allows sellers to update details of a specific card they own. |
| DELETE | /api/cards/seller/[id] | Delete Seller's Card | Enables sellers to delete a specific card they own. |
| DELETE | /api/cards/seller | Delete All Seller Cards | Allows sellers to delete all cards they have created. |
This section describes the API endpoint for generating a signature necessary for securely uploading files to Cloudinary. This ensures that file uploads are authenticated without exposing sensitive API secrets to the client.
| HTTP Verbs | Endpoint | Action | Description |
|---|---|---|---|
| GET | /api/cloudinary | Get Cloudinary Signature | Generates a signature for client-side upload tasks. |
This section explains the API endpoint used for creating payment intents with Stripe. This is critical for processing secure transactions within our application.
| HTTP Verbs | Endpoint | Action | Description |
|---|---|---|---|
| POST | /api/stripe | Create Payment Intent | Initiates a payment process for a specified amount. |
- Anna Pestova
- Anna Solovykh
- Elena Cherpakova
- Oksana Feterovskaya
- Victoria Taiwo
- Liubov Rodin
- Cesar Lopez
We're always looking to improve and enhance our project. If you have suggestions, improvements, or find any bugs, please feel free to open a pull request or an issue on our GitHub repository.
Before submitting a pull request, please ensure the following:
- Your code is well-documented and follows the project's coding style.
- Your changes are well-tested and do not introduce new bugs.
- Include a detailed description of the changes you are proposing.
We appreciate all contributions and look forward to collaborating with you!
This project is available for use under the MIT License.