Home
About SeeHouse project:
SeeHouse is an e-commerce backend application that provides all the materials, equipment, and employs various professionals (sellers, designers, workers, etc.) for home construction.
E-commerce, short for electronic commerce, refers to the buying and selling of goods and services over the internet. It involves the exchange of products and services between businesses, consumers, or both through online platforms. E-commerce transactions can include the online purchase of physical goods, digital products, or services.
Key components of e-commerce include online shopping websites, electronic payments, and various online marketplaces. The transactions can take place through different channels such as websites, mobile apps, or other online platforms. E-commerce has become increasingly popular due to its convenience, accessibility, and the ability to reach a global audience. It encompasses various models, including business-to-consumer (B2C), business-to-business (B2B), and consumer-to-consumer (C2C) transactions.
A backend application, often referred to as the backend or server-side, is the part of a software application responsible for managing and processing data, as well as handling business logic. It operates behind the scenes and interacts with the database, performs computations, and manages the communication between the user interface (frontend) and the database.
In the context of an e-commerce application like SeeHouse, the backend application would provide all the necessary APIs (Application Programming Interfaces) that enable communication between the frontend (user interface) and the server. These APIs serve as a bridge, allowing the frontend to request and send data to the backend.
Additionally, the backend application would manage the database, storing and retrieving data as needed. This includes storing information about products, user accounts, transactions, and other relevant data. The backend ensures data integrity, security, and efficient handling of requests from the frontend.
In summary, a backend application is a crucial component of a software system that handles the server-side operations, including providing APIs, managing the database, and processing data to support the overall functionality of the application.
APIs (Application Programming Interfaces):
An API, or Application Programming Interface, is a set of rules and tools that allows different software applications to communicate with each other. It defines the methods and data formats that applications can use to request and exchange information. APIs can be used to enable the integration of different systems, allowing them to work together and share data.
There are various types of APIs, including web APIs, which are commonly used for web development. Web APIs allow applications to communicate over the internet using standard protocols such as HTTP. They can return data in different formats, such as JSON (JavaScript Object Notation) or XML (eXtensible Markup Language).
JWT (JSON Web Token) authentication is a method of securely transmitting information between parties as a compact and self-contained token. JWTs are commonly used for authentication and information exchange in web development. Here's a basic overview of how JWT authentication works:
-
Token Structure:
- JWTs are encoded as JSON objects.
- They consist of three parts: a header, a payload, and a signature.
- These three parts are concatenated and base64-encoded to form the complete JWT.
-
Header:
- Contains information about how the JWT is encoded and signed.
- Typically includes the type of token (
"JWT") and the signing algorithm being used (e.g.,"HS256"for HMAC SHA-256).
-
Payload:
- Contains claims or statements about an entity (typically, the user) and additional data.
- Claims can be categorized into reserved, public, and private claims.
- Reserved claims include predefined keys such as
iss(issuer),exp(expiration time), andsub(subject).
-
Signature:
- Used to verify that the sender of the JWT is who it says it is and to ensure that the message wasn't changed along the way.
- The signature is generated by combining the encoded header, the encoded payload, a secret (for HMAC algorithms), and then applying the specified signing algorithm.
-
Authentication Process:
- When a user logs in, the server creates a JWT containing the user's information (e.g., user ID) and signs it with a secret key.
- This JWT is then sent to the client, which stores it.
- For subsequent requests to protected resources or APIs, the client includes the JWT in the Authorization header of the HTTP request.
-
Verification:
- On the server side, the server verifies the JWT by checking the signature and decoding the claims.
- If the signature is valid and the claims are not expired, the server considers the user authenticated.
JWTs are stateless, meaning the server doesn't need to store session information. This makes them scalable and suitable for use in distributed systems. However, it's crucial to secure the secret key used for signing, and if transmitting JWTs over insecure channels, encryption (JWE - JSON Web Encryption) should be considered. Additionally, proper token expiration and renewal policies should be implemented for security reasons.
