📌 Sticky Board

Collaborative sticky notes board with role-based access control

A modern web application for managing sticky notes with user authentication, admin panel, public sharing, and activity tracking.

---

🏗️ Project Structure

live-coding-3/
├── docker-compose.yml      ← Docker Compose configuration
├── DOCKER.md               ← Docker documentation
├── .gitignore              ← Git ignore file
├── backend/
│   ├── app.js              ← Express server entry point
│   ├── db.js               ← SQLite database setup and queries
│   ├── package.json        ← Node.js dependencies
│   ├── Dockerfile          ← Backend Docker configuration
│   ├── .dockerignore       ← Docker ignore file
│   ├── .env.example        ← Environment variables template
│   ├── middleware/
│   │   └── auth.js         ← JWT authentication middleware
│   └── routes/
│       ├── auth.js         ← Authentication routes
│       ├── notes.js        ← Notes CRUD operations
│       ├── shared.js       ← Public sharing features
│       ├── admin.js        ← Admin panel routes
│       └── activity.js     ← Activity logging
└── frontend/
    ├── Dockerfile          ← Frontend Docker configuration
    ├── nginx.conf          ← Nginx server configuration
    ├── .dockerignore       ← Docker ignore file
    ├── index.html          ← Landing page
    ├── registro/
    │   └── registro.html   ← Registration page
    ├── dashboard/
    │   └── dashboard.html  ← User dashboard
    ├── admin/
    │   └── admin.html      ← Admin panel
    ├── public/
    │   └── public.html     ← Public notes view
    ├── css/
    │   └── style.css       ← Global styles
    └── js/
        ├── config.js       ← API configuration
        ├── main.js         ← Login logic
        ├── registro.js     ← Registration logic
        ├── dashboard.js    ← Dashboard logic
        ├── admin.js        ← Admin panel logic
        └── share.js        ← Sharing functionality

---

🚀 Quick Start

🐳 Docker Compose (Recommended)

The easiest way to run the entire application with a single command:

docker compose up --build

That's it! The application will be available at:

• Frontend: http://localhost:8080
• Backend API: http://localhost:3000/api

Additional Commands:

# Run in background (detached mode)
docker compose up -d

# View logs
docker compose logs -f

# Stop all services
docker compose down

# Stop and remove database (fresh start)
docker compose down -v

Features:

• ✅ Automatic setup of backend and frontend
• ✅ Persistent SQLite database
• ✅ Health checks for both services
• ✅ Auto-restart on failure
• ✅ Isolated network for services

📖 See DOCKER.md for advanced Docker usage, troubleshooting, and production deployment.

---

🛠️ Manual Setup (Alternative)

If you prefer to run the services manually without Docker:

Prerequisites

• Node.js 16+ or higher
• npm (comes with Node.js)
• A modern web browser

Backend Setup

1. Navigate to the backend directory:

cd backend

2. Install Node.js dependencies:

npm install

3. Start the development server:

npm run dev

Or for production:

npm start

The backend API will be available at http://localhost:3000

Frontend Setup

1. Navigate to the frontend directory:

cd frontend

2. Serve the static files using one of these methods:

Option A: Using Python's built-in server

python -m http.server 8080

Option B: Using Live Server (VS Code extension)

• Right-click on index.html and select "Open with Live Server"

Option C: Using Node.js http-server

npx http-server . -p 8080

The frontend will be available at http://localhost:8080

• Main page: http://localhost:8080/index.html
• Public notes: http://localhost:8080/public/public.html

---

✨ Features

User Management

• User registration with email validation
• Secure login with JWT authentication
• Password hashing with bcrypt (12 rounds)
• Rate limiting on login/register (10 attempts per 15 minutes)
• Role-based access control (user/admin)

Sticky Notes

• Create, edit, and delete personal notes
• Color-coded notes for visual organization
• Title and content fields
• Timestamp tracking (created/updated)
• Search and filter capabilities

Public Sharing

• Share notes publicly via unique links
• Enable/disable public access per note
• Public gallery view of shared notes
• No authentication required for viewing shared notes

Admin Panel

• View all users and their notes
• User management (view, delete users)
• System-wide statistics
• Activity monitoring
• Admin-only access with role verification

Activity Tracking

• Log all user actions (create, edit, delete notes)
• Admin activity dashboard
• Timestamp and action type recording

Security Features

• JWT-based authentication with expiration
• Password hashing with bcrypt
• Rate limiting on authentication endpoints
• Input validation and sanitization
• SQL injection prevention (prepared statements)
• XSS protection (textContent usage)
• CORS configuration
• Role-based authorization
• Request size limiting (50kb max)

---

🔌 API Endpoints

Authentication

• POST /api/auth/register - Register new user
• POST /api/auth/login - Login and receive JWT token

Notes (Requires Authentication)

• GET /api/notes - List user's notes
• POST /api/notes - Create new note
• GET /api/notes/:id - Get specific note
• PUT /api/notes/:id - Update note
• DELETE /api/notes/:id - Delete note
• PUT /api/notes/:id/share - Toggle public sharing

Public Sharing

• GET /api/shared - List all public notes
• GET /api/shared/:id - View specific public note

Admin (Requires Admin Role)

• GET /api/admin/users - List all users
• GET /api/admin/stats - System statistics
• DELETE /api/admin/users/:id - Delete user

Activity Tracking

• GET /api/activity - Get user activity log
• GET /api/activity/admin - Get all activity (admin only)

Health Check

• GET /api/health - Server status

All authenticated requests must include:

Authorization: Bearer <your_jwt_token>

---

📦 Dependencies

Backend

• express - Web framework
• better-sqlite3 - SQLite database
• bcryptjs - Password hashing
• jsonwebtoken - JWT authentication
• cors - CORS middleware
• validator - Input validation
• uuid - Unique ID generation
• dotenv - Environment variables
• express-rate-limit - Rate limiting

---

🗄️ Database Schema

SQLite database with the following tables:

Users Table

- id (TEXT, PRIMARY KEY)
- email (TEXT, UNIQUE)
- password (TEXT) -- bcrypt hashed
- role (TEXT) -- 'user' or 'admin'
- created_at (TEXT)

Notes Table

- id (TEXT, PRIMARY KEY)
- user_id (TEXT, FOREIGN KEY)
- title (TEXT)
- content (TEXT)
- color (TEXT)
- is_public (INTEGER) -- 0 or 1
- created_at (TEXT)
- updated_at (TEXT)

Activity Table

- id (TEXT, PRIMARY KEY)
- user_id (TEXT, FOREIGN KEY)
- action (TEXT) -- 'create', 'edit', 'delete'
- note_id (TEXT)
- timestamp (TEXT)

---

🎯 Usage

For Regular Users

1. Open http://localhost:8080 in your browser
2. Register a new account (valid email format required)
3. Login with your credentials
4. Create sticky notes with titles, content, and colors
5. Share notes publicly using the share toggle
6. View your activity history

For Admins

1. Login with an admin account
2. Navigate to the admin panel
3. View system statistics and all users
4. Monitor user activity
5. Manage users and notes

---

⚠️ Security Considerations

Implemented

• Bcrypt password hashing (12 rounds)
• JWT authentication with expiration
• Rate limiting on auth endpoints (10 req/15min)
• Input validation and sanitization
• SQL injection prevention (prepared statements)
• XSS protection (textContent usage)
• CORS whitelist
• Role-based authorization
• Request size limiting (50kb)
• Authorization checks on all protected endpoints

Pending for Production

• ✅ JWT_SECRET via environment variable (already implemented in Docker)
• Implement HTTPS/SSL (use reverse proxy like Traefik or Caddy)
• Add refresh token mechanism
• Implement email verification
• Add password reset functionality
• Set up proper logging system
• Implement audit logging
• ✅ Add backup strategy for SQLite database (Docker volumes)
• Consider migration to PostgreSQL for production
• Add brute force protection
• Implement session management
• Add content security policy headers

---

🐳 Docker Deployment

This project includes full Docker Compose support for easy deployment.

Quick Deploy

# Clone the repository
git clone <your-repo-url>
cd live-coding-3

# Start with Docker Compose
docker compose up -d

Production Deployment

1. Configure Environment Variables:

   # Edit docker-compose.yml or create a .env file
   JWT_SECRET=your_production_secret_here_change_this

2. Start Services:

   docker compose up -d

3. Check Status:

   docker compose ps
   docker compose logs -f

4. Database Backup:

   docker compose exec backend cat /app/data/stickyboard.db > backup-$(date +%Y%m%d).db

Container Architecture

• Backend Container: Node.js 20 Alpine, Express API, SQLite database
• Frontend Container: Nginx Alpine, serves static files
• Network: Isolated Docker network for service communication
• Volumes: Persistent storage for SQLite database

For detailed Docker documentation, see DOCKER.md

---

🔧 Environment Variables

The application uses environment variables for configuration:

Backend (.env or docker-compose.yml):

PORT=3000
JWT_SECRET=your_secure_secret_key_change_in_production
FRONTEND_URL=http://localhost:8080
NODE_ENV=production

Docker Compose (recommended for production):

• Edit docker-compose.yml environment section
• Or use docker compose up with environment variables:

  JWT_SECRET=mysecret docker compose up -d

A .env.example file is provided in the backend directory.

---

📝 Default Admin Account

For testing purposes, you may want to manually create an admin user. Run this SQL after the database is initialized:

UPDATE users SET role = 'admin' WHERE email = 'your-email@example.com';

Or modify the registration logic to create the first user as admin.