Skip to content

Sahanasrajan/CS6083_Project_Part_2

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

12 Commits
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

Snickr 🟦

Enterprise communication platform β€” CSGY 6083 Spring 2026, Project #2
Sarah Rakhamimov (sr5649) & Kanthimathi Sundararajan (ks8555)

A Slack-like web application backed by a PostgreSQL relational database.
Users can register, create workspaces and channels, post messages, send and respond to invitations, and search message history.


Architecture

snickr/
β”œβ”€β”€ backend/                  # Node.js + Express REST API
β”‚   β”œβ”€β”€ server.js             # Entry point
β”‚   β”œβ”€β”€ db/
β”‚   β”‚   β”œβ”€β”€ pool.js           # pg connection pool
β”‚   β”‚   └── schema.sql        # Full schema + seed data
β”‚   β”œβ”€β”€ middleware/
β”‚   β”‚   └── auth.js           # Session auth guard
β”‚   └── routes/
β”‚       β”œβ”€β”€ auth.js           # /api/auth/*
β”‚       β”œβ”€β”€ workspaces.js     # /api/workspaces/*
β”‚       β”œβ”€β”€ channels.js       # /api/channels/*
β”‚       β”œβ”€β”€ messages.js       # /api/messages/*
β”‚       β”œβ”€β”€ invitations.js    # /api/invitations/*
β”‚       └── search.js         # /api/search
└── frontend/                 # Vanilla JS SPA (served by Express)
    β”œβ”€β”€ index.html
    β”œβ”€β”€ css/main.css
    └── js/
        β”œβ”€β”€ api.js            # Fetch wrapper
        β”œβ”€β”€ app.js            # Bootstrap + utilities
        β”œβ”€β”€ auth.js
        β”œβ”€β”€ workspaces.js
        β”œβ”€β”€ channels.js
        β”œβ”€β”€ messages.js
        β”œβ”€β”€ invitations.js
        └── search.js

Prerequisites


Setup

1. Clone & install dependencies

git clone <your-repo-url>
cd snickr/backend
npm install

2. Create the database

psql postgres -c "DROP DATABASE snickr;"
psql postgres -c "CREATE DATABASE snickr;"
psql -d snickr -f db/schema.sql

3. Configure environment

# Edit .env with your DB credentials and a session secret

4. Run the server

npm run dev     # development (nodemon auto-reload)
# or
npm start       # production

Open http://localhost:3000 in your browser.


Demo Accounts

All demo users have the password: password123

Username Email Role
alice [email protected] CEO, admin of both workspaces
bob [email protected] CFO
cathy [email protected] Product Manager
daniel [email protected] SysAdmin, admin of ABC_Company
ethan [email protected] Data Engineer
frank [email protected] Sales Manager
greg [email protected] Chairman, admin of ABC_CSuite

Features

Feature Status
User registration & login βœ…
Password hashing (bcrypt) βœ…
Session-based authentication βœ…
Create / browse workspaces βœ…
Create channels (public / private / direct) βœ…
Post & view messages βœ…
Invite users to workspaces βœ…
Invite users to channels βœ…
Accept / reject invitations βœ…
Search messages (keyword + workspace filter) βœ…
SQL injection prevention (parameterized queries) βœ…
XSS prevention (input validation + HTML escaping) βœ…
Transactions (workspace/channel creation + invitation acceptance) βœ…
Stored procedures (accept_workspace_invitation, accept_channel_invitation) βœ…
Access control (workspace/channel membership checks) βœ…

Security

SQL Injection

All database queries use parameterized statements via the pg library's $1, $2, … placeholders. No string concatenation is used for queries. Input is additionally validated with express-validator before reaching the DB layer.

Cross-Site Scripting (XSS)

  • Server: express-validator sanitizes and escapes all user inputs before they're stored.
  • Client: all user-generated content is rendered through the escapeHtml() utility, which escapes &, <, >, ", and ' before insertion into the DOM.

Concurrency / Transactions

Multi-step operations (creating a workspace and auto-enrolling the creator, accepting an invitation and adding the member) are wrapped in explicit BEGIN / COMMIT / ROLLBACK transactions to ensure consistency under concurrent usage.


API Reference

Auth

Method Path Description
POST /api/auth/register Register a new user
POST /api/auth/login Login
POST /api/auth/logout Logout
GET /api/auth/me Get current session user

Workspaces

Method Path Description
GET /api/workspaces List user's workspaces
POST /api/workspaces Create workspace
GET /api/workspaces/:wID Workspace details + members

Channels

Method Path Description
GET /api/channels/workspace/:wID List accessible channels
POST /api/channels Create channel
GET /api/channels/:cID Channel details + members
POST /api/channels/:cID/join Join a public channel

Messages

Method Path Description
GET /api/messages/:cID Get messages (paginated)
POST /api/messages/:cID Post a message

Invitations

Method Path Description
GET /api/invitations/pending Get pending invitations
POST /api/invitations/workspace Invite user to workspace
POST /api/invitations/channel Invite user to channel
POST /api/invitations/workspace/:wiID/respond Accept/reject workspace invite
POST /api/invitations/channel/:ciID/respond Accept/reject channel invite

Search

Method Path Description
GET /api/search?q=keyword&wID=1 Search messages

Database Schema

See backend/db/schema.sql for the full DDL, stored procedures, indexes, and seed data.

Key tables: Member, Workspace, WorkspaceMember, Channel, ChannelMember, Message, WorkspaceInvitation, ChannelInvitation


License

Academic project β€” CSGY 6083 NYU, Spring 2026.

About

No description, website, or topics provided.

Resources

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors