Infoshop

InfoShop — Full-Stack E-commerce Website

A production-grade full-stack shop with:

• 🚀 Node.js + Express backend
• 🗄️ SQLite database (no separate DB server needed)
• 🔐 bcrypt password hashing (no plain-text passwords!)
• 🎟️ JWT authentication tokens (7-day sessions)
• 🎨 Beautiful dark-mode frontend
• 🔑 Login / Register modal
• 🛒 Real shopping cart → places real orders in DB
• ⚙️ Admin panel (add/delete products, view orders & stats)

---

📁 Project Structure

infoshop/
├── server.js          ← Express backend (API + static file server)
├── package.json       ← Node.js dependencies
├── shop.db            ← SQLite database (auto-created on first run)
└── public/            ← All frontend files
    ├── index.html
    ├── style.css
    └── script.js

---

🚀 How to Run

Step 1 — Install Node.js (one time only)

Download from https://nodejs.org → install the LTS version (v20 or higher).

After installing, close and reopen PowerShell/Terminal.

Step 2 — Install dependencies

cd f:\infoshop
npm install

Step 3 — Start the server

node server.js

You’ll see:

🚀  InfoShop server running at  http://localhost:3000
🔑  Admin credentials: admin / P@v@n668652
📦  Database: shop.db

Step 4 — Open in browser

👉 http://localhost:3000

---

🔑 Default Credentials

Role	Username	Password
Admin	admin	P@v@n668652

Login with admin / P@v@n668652 in the Login modal to access the Admin Panel.

---

🛡️ Security Features (vs the basic version you saw)

Feature	Basic Version	InfoShop
Password storage	❌ Plain text	✅ bcrypt hash
Authentication	❌ None	✅ JWT tokens
Input validation	❌ None	✅ Server-side
SQL injection	❌ Vulnerable	✅ Parameterized
Admin protection	❌ None	✅ Role-based
Session expiry	❌ Never	✅ 7-day JWT

---

🌐 API Endpoints

Method	Route	Auth	Description
POST	/api/auth/register	Public	Create account
POST	/api/auth/login	Public	Login → get JWT
GET	/api/me	User	Your profile
GET	/api/products	Public	List all products
GET	/api/products/:id	Public	Single product
POST	/api/products	Admin	Add product
DELETE	/api/products/:id	Admin	Delete product
POST	/api/orders	User	Place order
GET	/api/orders	User/Admin	List orders
GET	/api/admin/stats	Admin	Dashboard stats

---

🧪 Test with cURL (cybersecurity practice!)

# Register
curl -X POST http://localhost:3000/api/auth/register \
  -H "Content-Type: application/json" \
  -d '{"username":"test","email":"t@t.com","password":"test123"}'

# Login
curl -X POST http://localhost:3000/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{"username":"test","password":"test123"}'

# Try admin route without token (should get 401)
curl http://localhost:3000/api/admin/stats

---

⚡ Next Steps to Harden Further

1. HTTPS — use https module or put behind nginx/Caddy
2. Rate limiting — npm install express-rate-limit
3. Helmet.js — security headers: npm install helmet
4. Input sanitization — npm install express-validator
5. Environment variables — move JWT_SECRET to .env file