Update readme

Author: guanquann

backend/question-service/README.md

@@ -1 +1,14 @@
 # Question Service
+
+
+## Running Question Service
+
+1. Open Command Line/Terminal and navigate into the `question-service` directory.
+
+2. Run the command: `npm install`. This will install all the necessary dependencies.
+
+3. Run the command `npm start` to start the Question Service in production mode, or use `npm run dev` for development mode, which includes features like automatic server restart when you make code changes.
+
+4. To view Question Service documentation, go to http://localhost:3001/docs.
+
+5. Using applications like Postman, you can interact with the Question Service on port 3000. If you wish to change this, please update the `.env` file.

backend/user-service/MongoDBSetup.md

@@ -1,4 +1,4 @@
-# Setting up MongoDB Instance for User Service
+# Setting up MongoDB Instance
 
 1. Visit the MongoDB Atlas Site [https://www.mongodb.com/atlas](https://www.mongodb.com/atlas) and click on "Try Free"
 
@@ -33,11 +33,10 @@
 
 ![alt text](./GuideAssets/Selection4.png)
 
-6. You will be prompted to set up Security for the database by providing `Username and Password`. Select that option and enter `Username` and `Password`. Please keep this safe as it will be used in User Service later on.
 
 ![alt text](./GuideAssets/Security.png)
 
-7. Next, click on `Add my Current IP Address`. This will whiteliste your IP address and allow you to connect to the MongoDB Database.
+7. Next, click on `Add my Current IP Address`. This will whitelist your IP address and allow you to connect to the MongoDB Database.
 
 ![alt text](./GuideAssets/Network.png)
 

backend/user-service/README.md

@@ -1,286 +1,69 @@
 # User Service Guide
 
-## Setting-up
+## Setting-up MongoDB
 
 > :notebook: If you are familiar to MongoDB and wish to use a local instance, please feel free to do so. This guide utilizes MongoDB Cloud Services.
 
-1. Set up a MongoDB Shared Cluster by following the steps in this [Guide](./MongoDBSetup.md).
+1. Set up a MongoDB Shared Cluster by following the steps in this [Guide](MongoDBSetup.md).
 
 2. After setting up, go to the Database Deployment Page. You would see a list of the Databases you have set up. Select `Connect` on the cluster you just created earlier on for User Service.
 
-   ![alt text](./GuideAssets/ConnectCluster.png)
+   ![alt text](GuideAssets/ConnectCluster.png)
 
 3. Select the `Drivers` option, as we have to link to a Node.js App (User Service).
 
-   ![alt text](./GuideAssets/DriverSelection.png)
+   ![alt text](GuideAssets/DriverSelection.png)
 
 4. Select `Node.js` in the `Driver` pull-down menu, and copy the connection string.
 
    Notice, you may see `<password>` in this connection string. We will be replacing this with the admin account password that we created earlier on when setting up the Shared Cluster.
 
-   ![alt text](./GuideAssets/ConnectionString.png)
+   ![alt text](GuideAssets/ConnectionString.png)
 
 5. In the `user-service` directory, create a copy of the `.env.sample` file and name it `.env`.
 
-6. Update the `DB_CLOUD_URI` of the `.env` file, and paste the string we copied earlier in step 4. Also remember to replace the `<password>` placeholder with the actual password.
+6. Update the `DB_CLOUD_URI` of the `.env` file, and paste the string we copied earlier in step 4. 
 
-## Running User Service
-
-1. Open Command Line/Terminal and navigate into the `user-service` directory.
-
-2. Run the command: `npm install`. This will install all the necessary dependencies.
-
-3. If you are running the user service for the first time, run `npm run seed`, to seed the database with a default admin account. If you wish to change the default, please update the `.env` file. Alternatively, you can also edit your credentials and user profile after you have created the default account.
-
-4. Run the command `npm start` to start the User Service in production mode, or use `npm run dev` for development mode, which includes features like automatic server restart when you make code changes.
-
-5. Using applications like Postman, you can interact with the User Service on port 3001. If you wish to change this, please update the `.env` file.
-
-## User Service API Guide
+## Setting-up Firebase
 
-### Create User
+1. Go to https://console.firebase.google.com/u/0/.
 
-- This endpoint allows adding a new user to the database (i.e., user registration).
+2. Create a project and choose a project name. Navigate to `Storage` and click on it to activate it.
 
-- HTTP Method: `POST`
+3. Select `Start in production mode` and your preferred cloud storage region. 
 
-- Endpoint: http://localhost:3001/users
-
-- Body
-
-  - Required: `firstName` (string), `lastName` (string), `username` (string), `email` (string), `password` (string)
-
-    ```json
-    {
-      "firstName": "SampleFirstName",
-      "lastName": "SampleLastName",
-      "username": "SampleUserName",
-      "email": "[email protected]",
-      "password": "SecurePassword"
-    }
+4. After Storage is created, go to `Rules` section and set rule to:
     ```
-
-- Responses:
-
-  | Response Code               | Explanation                                           |
-  | --------------------------- | ----------------------------------------------------- |
-  | 201 (Created)               | User created successfully, created user data returned |
-  | 400 (Bad Request)           | Missing fields                                        |
-  | 409 (Conflict)              | Duplicate username or email encountered               |
-  | 500 (Internal Server Error) | Database or server error                              |
-
-### Get User
-
-- This endpoint allows retrieval of a single user's data from the database using the user's ID.
-
-  > :bulb: The user ID refers to the MongoDB Object ID, a unique identifier automatically generated by MongoDB for each document in a collection.
-
-- HTTP Method: `GET`
-
-- Endpoint: http://localhost:3001/users/{userId}
-
-- Parameters
-
-  - Required: `userId` path parameter
-  - Example: `http://localhost:3001/users/60c72b2f9b1d4c3a2e5f8b4c`
-
-- <a name="auth-header">Headers</a>
-
-  - Required: `Authorization: Bearer <JWT_ACCESS_TOKEN>`
-
-  - Explanation: This endpoint requires the client to include a JWT (JSON Web Token) in the HTTP request header for authentication and authorization. This token is generated during the authentication process (i.e., login) and contains information about the user's identity. The server verifies this token to ensure that the client is authorized to access the data.
-
-  - Auth Rules:
-
-    - Admin users: Can retrieve any user's data. The server verifies the user associated with the JWT token is an admin user and allows access to the requested user's data.
-    - Non-admin users: Can only retrieve their own data. The server checks if the user ID in the request URL matches the ID of the user associated with the JWT token. If it matches, the server returns the user's own data.
-
-- Responses:
-
-  | Response Code               | Explanation                                              |
-  | --------------------------- | -------------------------------------------------------- |
-  | 200 (OK)                    | Success, user data returned                              |
-  | 401 (Unauthorized)          | Access denied due to missing/invalid/expired JWT         |
-  | 403 (Forbidden)             | Access denied for non-admin users accessing others' data |
-  | 404 (Not Found)             | User with the specified ID not found                     |
-  | 500 (Internal Server Error) | Database or server error                                 |
-
-### Get All Users
-
-- This endpoint allows retrieval of all users' data from the database.
-- HTTP Method: `GET`
-- Endpoint: http://localhost:3001/users
-- Headers
-
-  - Required: `Authorization: Bearer <JWT_ACCESS_TOKEN>`
-  - Auth Rules:
-
-    - Admin users: Can retrieve all users' data. The server verifies the user associated with the JWT token is an admin user and allows access to all users' data.
-    - Non-admin users: Not allowed access.
-
-- Responses:
-
-  | Response Code               | Explanation                                      |
-  | --------------------------- | ------------------------------------------------ |
-  | 200 (OK)                    | Success, all user data returned                  |
-  | 401 (Unauthorized)          | Access denied due to missing/invalid/expired JWT |
-  | 403 (Forbidden)             | Access denied for non-admin users                |
-  | 500 (Internal Server Error) | Database or server error                         |
-
-### Update User
-
-- This endpoint allows updating a user and their related data in the database using the user's ID.
-
-- HTTP Method: `PATCH`
-
-- Endpoint: http://localhost:3001/users/{userId}
-
-- Parameters
-
-  - Required: `userId` path parameter
-
-- Body
-
-  - At least one of the following fields is required: `username` (string), `email` (string), `password` (string)
-
-    ```json
-    {
-      "username": "SampleUserName",
-      "email": "[email protected]",
-      "password": "SecurePassword"
-    }
-    ```
-
-- Headers
-
-  - Required: `Authorization: Bearer <JWT_ACCESS_TOKEN>`
-  - Auth Rules:
-
-    - Admin users: Can update any user's data. The server verifies the user associated with the JWT token is an admin user and allows the update of requested user's data.
-    - Non-admin users: Can only update their own data. The server checks if the user ID in the request URL matches the ID of the user associated with the JWT token. If it matches, the server updates the user's own data.
-
-- Responses:
-
-  | Response Code               | Explanation                                             |
-  | --------------------------- | ------------------------------------------------------- |
-  | 200 (OK)                    | User updated successfully, updated user data returned   |
-  | 400 (Bad Request)           | Missing fields                                          |
-  | 401 (Unauthorized)          | Access denied due to missing/invalid/expired JWT        |
-  | 403 (Forbidden)             | Access denied for non-admin users updating others' data |
-  | 404 (Not Found)             | User with the specified ID not found                    |
-  | 409 (Conflict)              | Duplicate username or email encountered                 |
-  | 500 (Internal Server Error) | Database or server error                                |
-
-### Update User Privilege
-
-- This endpoint allows updating a user’s privilege, i.e., promoting or demoting them from admin status.
-
-- HTTP Method: `PATCH`
-
-- Endpoint: http://localhost:3001/users/{userId}
-
-- Parameters
-
-  - Required: `userId` path parameter
-
-- Body
-
-  - Required: `isAdmin` (boolean)
-
-    ```json
-    {
-      "isAdmin": true
+    rules_version = '2';
+    service firebase.storage {
+      match /b/{bucket}/o {
+        match /{allPaths=**} {
+          allow read: if true;
+          allow write: if request.auth != null;
+        }
+      }
     }
     ```
+    This rule ensures that only verified users can upload images while ensuring that URLs of images are public. Remember to click `Publish` to save changes.
 
-- Headers
-
-  - Required: `Authorization: Bearer <JWT_ACCESS_TOKEN>`
-  - Auth Rules:
-
-    - Admin users: Can update any user's privilege. The server verifies the user associated with the JWT token is an admin user and allows the privilege update.
-    - Non-admin users: Not allowed access.
-
-> :bulb: You may need to manually assign admin status to the first user by directly editing the database document before using this endpoint.
-
-- Responses:
+5. Go to `Settings`, `Project settings`, `Service accounts` and click `Generate new private key`. This will download a `.json` file, which will contain your credentials.
 
-  | Response Code               | Explanation                                                     |
-  | --------------------------- | --------------------------------------------------------------- |
-  | 200 (OK)                    | User privilege updated successfully, updated user data returned |
-  | 400 (Bad Request)           | Missing fields                                                  |
-  | 401 (Unauthorized)          | Access denied due to missing/invalid/expired JWT                |
-  | 403 (Forbidden)             | Access denied for non-admin users                               |
-  | 404 (Not Found)             | User with the specified ID not found                            |
-  | 500 (Internal Server Error) | Database or server error                                        |
+6. In `.env` of question service, replace:
+   - `FIREBASE_PROJECT_ID` with `project_id` found in the downloaded json file.
+   - `FIREBASE_PRIVATE_KEY` with `private_key` found in the downloaded json file.
+   - `FIREBASE_CLIENT_EMAIL` with `client_email` found in the downloaded json file.
+   - `FIREBASE_STORAGE_BUCKET` with the folder path of the Storage. It should look something like `gs://<appname>.appspot.com`.
 
-### Delete User
-
-- This endpoint allows deletion of a user and their related data from the database using the user's ID.
-- HTTP Method: `DELETE`
-- Endpoint: http://localhost:3001/users/{userId}
-- Parameters
-
-  - Required: `userId` path parameter
-
-- Headers
-
-  - Required: `Authorization: Bearer <JWT_ACCESS_TOKEN>`
-
-  - Auth Rules:
-
-    - Admin users: Can delete any user's data. The server verifies the user associated with the JWT token is an admin user and allows the deletion of requested user's data.
-
-    - Non-admin users: Can only delete their own data. The server checks if the user ID in the request URL matches the ID of the user associated with the JWT token. If it matches, the server deletes the user's own data.
-
-- Responses:
-
-  | Response Code               | Explanation                                             |
-  | --------------------------- | ------------------------------------------------------- |
-  | 200 (OK)                    | User deleted successfully                               |
-  | 401 (Unauthorized)          | Access denied due to missing/invalid/expired JWT        |
-  | 403 (Forbidden)             | Access denied for non-admin users deleting others' data |
-  | 404 (Not Found)             | User with the specified ID not found                    |
-  | 500 (Internal Server Error) | Database or server error                                |
-
-### Login
-
-- This endpoint allows a user to authenticate with an email and password and returns a JWT access token. The token is valid for 1 day and can be used subsequently to access protected resources. For example usage, refer to the [Authorization header section in the Get User endpoint](#auth-header).
-- HTTP Method: `POST`
-- Endpoint: http://localhost:3001/auth/login
-- Body
-
-  - Required: `email` (string), `password` (string)
-
-    ```json
-    {
-      "email": "[email protected]",
-      "password": "SecurePassword"
-    }
-    ```
-
-- Responses:
+## Running User Service
 
-  | Response Code               | Explanation                                        |
-  | --------------------------- | -------------------------------------------------- |
-  | 200 (OK)                    | Login successful, JWT token and user data returned |
-  | 400 (Bad Request)           | Missing fields                                     |
-  | 401 (Unauthorized)          | Incorrect email or password                        |
-  | 500 (Internal Server Error) | Database or server error                           |
+1. Open Command Line/Terminal and navigate into the `user-service` directory.
 
-### Verify Token
+2. Run the command: `npm install`. This will install all the necessary dependencies.
 
-- This endpoint allows one to verify a JWT access token to authenticate and retrieve the user's data associated with the token.
-- HTTP Method: `GET`
-- Endpoint: http://localhost:3001/auth/verify-token
-- Headers
+3. If you are running the user service for the first time, run `npm run seed`, to seed the database with a default admin account. If you wish to change the default, please update the `.env` file. Alternatively, you can also edit your credentials and user profile after you have created the default account.
 
-  - Required: `Authorization: Bearer <JWT_ACCESS_TOKEN>`
+4. Run the command `npm start` to start the User Service in production mode, or use `npm run dev` for development mode, which includes features like automatic server restart when you make code changes.
 
-- Responses:
+5. To view User Service documentation, go to http://localhost:3001/docs.
 
-  | Response Code               | Explanation                                        |
-  | --------------------------- | -------------------------------------------------- |
-  | 200 (OK)                    | Token verified, authenticated user's data returned |
-  | 401 (Unauthorized)          | Missing/invalid/expired JWT                        |
-  | 500 (Internal Server Error) | Database or server error                           |
+6. Using applications like Postman, you can interact with the User Service on port 3001. If you wish to change this, please update the `.env` file.