Share My Creation [Web] Shao - micro blog API server and web client

Current version: 1.20
Status: Released
Price: $100


Shao - ( 少 in Chinese ) means less
is a micro blogging app like twitter, threads or weibo, but less...

About this project
  1. Backend:
    • B4J Server (Windows or Linux VPS is required for production)
    • Web API Server v3.10
    • Return JSON format response
    • RESTful API
  2. Frontend:
    • Velocity Template Engine
    • HTML based file
    • Responsive design on mobile, tablet and desktop browser
  3. Database:
    • KeyValueStore
    • MinimaList library
  4. File Uploader:
    • jquery-uploader with nice image viewer
  5. Security:
    • Basic Authentication for managing clients (web app server)
    • JSON Web Token for generating access and refresh tokens
    • Cookie (httponly) to store refresh token (cannot be read/write by JavaScript)
    • LocalStorage to store access token
    • No SQL injection attack concern
    • Password hashing
    • Random GUID
  6. Knowledge:
    • Basic knowledge in web development is recommended
  7. Test:
    • Build-in API documentation testing page
    • Store tokens and Client ID/Secret inside browser
  8. Bonus libraries:
    • Firebase Sending Tool (FCMTool)
    • Slugify
  9. Updated libraries:
    • JsonWebToken 2.20
    • Velocity 3.00
    • ImageScaler 1.01
JSON Web Token (JWT) is used to generate access token and refresh token.
For first time login, these tokens are returned to the client.
Access token is a short live token which will be expired in 30 minutes.
Meanwhile, the refresh token has expiry of 24 hours.
The duration can be set to shorter during development or longer period depending on developer's consideration such as for mobile app use.

When the access token has expired, the client need to request for a new access token.
This is done by a JavaScript function by sending the refresh token kept inside the browser cookie.
To make it more secure, the cookie is httponly and only writable from the backend.

Each API or Route can be protected using a server filter (JWTAuthFilter).
When an API path is added into this filter, an access token is required to send in the Authentication header as Bearer.

The refresh token id is stored in the database and can be revoked by Administrator.
The mascot is a sloth (I wish I can draw better), represents a relax and slow life...
It is showing a smiling facial expression similar to the Chinese word less.
Life is short, don't write so long and let people take so much time to read.
Life is sweet, a little emoji can brightens up one's day.
Life is simple, don't complicate an app (social blogging platform) with advanced features.
Life is stupid, it is funny when we recall the past.
Life is selfish, don't care so much what others say about you or not respond to you.
Life is a story, it begins and ends then a new one will start.
Life is having a secret, sometimes you just want to keep it only with some of your mates.
 

Attachments

  • shao-respond.png
    shao-respond.png
    471 KB · Views: 1,639
  • shao-upload.png
    shao-upload.png
    244 KB · Views: 217
Last edited:

aeric

Expert
Licensed User
Longtime User
This project is experimental.
However it is a good project to study how I implemented Json Web Token, file uploads, velocity template and there is also a bonus library.
I believe there are much to learn.

I am considering to sell this project as it-is.
Take note that I don't promise I will update this project much in the future.

I remember someone asked before. Is anyone interested?
Will announce the price later when I confirmed.
 

aeric

Expert
Licensed User
Longtime User
For celebrating my 10 years on B4X forum, I decided to offer this project for $10.
Offer will be last for 10 days.
I am updating this project using the latest Web API Server Template v3.00 beta 3.
Offer has ended.
The project source code has been sent to member who has sent me $10.
Thanks for the support.
 

aeric

Expert
Licensed User
Longtime User
If you missed the last offer, I have decided to extend the offer for 1 more time.
In conjunction of 11-11 (11 November), I will offer the price for $11 for order made on 11 November 2024 (-1 and +1 day).
Meaning only 3 days offer following GMT+8 timezone.
Don't miss it again.
 
Top