Skip to content
/ cartlet Public

webshop and e-commerce web app on an old school stack - rebooted.

License

MIT license
5 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

codingchili/cartlet

BranchesTags

Repository files navigation

webshoppe Build Status

A webshop project from 2015 rebooted, demo https://www.youtube.com/watch?v=gUCBCB0Om-8

alt text

(swish payments!)

Background

The project is written as a java EE webshop application with the following stack

  • MySQL
  • Bootstrap
  • HTML5
  • JSP/JSTL

While we could have replaced these with something never and more interesting, I think it would be more fun/challenging to keep the stack in place. I like to have some diversity in my projects, not everything has to be NoSQL and SPA :) I'm not much for EE, application servers, servlets and all that enterprisey stuff.

Challenges

  • performance
    • make sure to upgrade to latest MySQL DB / driver.
    • analyze existing queries, check for missing/bad indexes.
    • find the fastest goddamn application server there is.
    • server side rendering causes database calls to block.
      • even worse, all our DB calls are synchronous and serialized.
  • security
    • tons of forms here, we need some solid CSRF protection.
    • zero protection against XSS in place.
    • payment security; not required for simple swish integrations.
    • password hashing: uses PBKDF2, barely passable, upgrade to Argon2
    • prevent session fixation - regenerate session id.
    • use constant time compare for passwords / csrf token
  • mobile support
    • we use bootstrap so it shouldn't be too hard.
    • upgrade bootstrap from v3 to v4.
    • add a favicon / pwa manifest.
  • containerless deployment
    • tom EE / undertow / ? (i will NEVER touch spring.)
  • payment
    • there is no existing payment implementation.
    • lets start with swish, and just use a URI / QR for payments.
    • maybe later we can explore more options, Ether etc?
  • workflow
    • order management - update order status
    • handling of refunds / cancelled orders
    • prevent orders from never getting completed when items out of stock

Building

Super easy,

./gradlew jar

Produces a standalone jar with an embedded application server.

If you want docker,

./gradlew jar && docker build .

Installing

Needs at least one MySQL server, we are using 8.0.12 for development.

Preload a new database with the file database.sql.

The default configuration looks like,

{
  "jdbcUrl" : "jdbc:mysql://localhost:3306/webshop?useSSL=false",
  "databaseUser" : "root",
  "databasePass" : "",
  "swishReceiver" : "07372151522"
}

This is my development settings, you you will need to place a file called application.json beside your jar, with values that matches your environment.

Start the application with,

java -jar <fileName>.jar

for docker,

docker run -it -p 8080:8080 <imageName>

Contributing

Contributions are always welcome! pull requests, code reviews, new issues, comments on existing issues etc.

About

webshop and e-commerce web app on an old school stack - rebooted.

Topics

mysql java bootstrap jsp javaee java-8 e-commerce webshop

Resources

Readme

License

MIT license
Activity

Stars

5 stars

Watchers

3 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages