Technologies Used

Frontend

• React
• Tailwind CSS

Backend

• Python 3 + FastAPI
• JSON file storage (data.json)

Encryption

• Python Scripts

System Architecture

Browser (React)  ⇄  FastAPI Python Server  ⇄  data.json
   ↑                    ↑
   │                    │
   └── REST / WebSocket ┘

• The Client communicates with the Server through HTTPS and WebSocket. The WebPage is shared with HTTPS while real time auction information are delivered through WebSocket.
• Backend reads/writes auction data and user data from/to a local JSON file.

---

Data Storage Format

All persistent information is stored in JSON files.

{
  "users": [
    {
      "username": "alice",
      "password_hash": "sha256_hash_here",
      "selling": "auction_id"
    }
  ],
  "auctions": [
    {
      "id": "auction_id",
      "item": "auction_title",
      "seller": "username_hash",
      "highest_bid": 150,
      "highest_bidder": "username_hash",
      "status": "open",
      "time_remaining": 120
    }
  ]
}

Communication Protocol

All messages between client and server travel through:

• REST API (HTTP)
• WebSocket (ws:// or wss:// for real-time events)

---

User Operations

Register

Request

POST /register
Content-Type: application/json

{
  "username": "username",
  "password": "password_hash"
}

Response

{
  "status": "registered"
}

---

Login

Request

POST /login

{
  "username": "username",
  "password": "password_hash"
}

Response

{
  "status": "ok"
}

---

Auction Operations

List Active Auctions

Request

GET /auctions

Response

[
  {
    "id": "auction_id",
    "item": "auction_title",
    "seller": "username_hash",
    "highest_bid": 150,
    "highest_bidder": "username_hash",
    "status": "open",
    "time_remaining": 120
  },
  {
    "id": "auction_id",
    "item": "auction_title",
    "seller": "username_hash",
    "highest_bid": 80,
    "highest_bidder": "username_hash",
    "status": "open",
    "time_remaining": 49
  }
]

---

Get Auction Status

Request

GET /auction_id

Response

 {
   "id": "auction_id",
   "item": "auction_title",
   "seller": "username_hash",
   "highest_bid": 150,
   "highest_bidder": "username_hash",
   "status": "open",
   "time_remaining": 120
 }

---

Place a Bid

Request

POST /bid
Content-Type: application/json

{
  "id": "auction_id",
  "bidder": "username_hash",
  "amount": 200
}

Response

{
  "status": "accepted",
  "new_highest": 200
}

If bid is too low :

{
	"status": "refused",
  "detail": "Bid too low"
}

---

Create Auction

Request

POST /auction
Content-Type: application/json

{
  "id": "auction_id",
  "item": "auction_title",
  "seller": "username_hash",
  "highest_bid": MIN_OFFER,
  "highest_bidder": void,
  "time_remaining": MAX_TIME,
}

Response

{
  "status": "accepted",
  "new_highest": MIN_OFFER
}

---

Real-Time Updates (WebSocket)

Clients connect to:

ws://<server_address>:8000/ws

When a bid is placed, the server broadcasts a message to all connected clients.

Broadcast Message Example

{
  "event": "NEW_BID",
  "id": "auction_id",
  "bidder": "username_hash",
  "amount": 200,
  "timestamp": "2025-11-03 12:30:00"
}

Security and Trust

Concept	Description
Encryption	Use symmetric encryption to have fast and secure communication between client-server (AES-128).
Key-Exchange	Asymmetric key is used to securely exchange the symmetric one
Passwords	Passwords are stored as SHA-256 hashes.
Fairness	All bids are timestamped and broadcast to all participants.

---

Protocol Requests

1. User registers → POST /register
2. User logs in → POST /login
3. Frontend fetches active auctions → GET /auctions
4. Fetch auction info → GET /auction_id
5. User places a bid → POST /bid
6. User places an auction → POST /auction
7. Server updates data.json and broadcasts event → WebSocket message sent to all clients