This is the project that I have done at Politecnico di Torino for the Web Applications Exam.
- Route
/: Displays the home page with a concert selector in view mode. It allows users to browse available concerts and view details. - Route
/reserved-area: Manages the reserved area where authenticated users can view, add, or delete their reservations. It includes login functionality and displays the user's reservations. - Route
/reserved-area/reserve: Allows users to add new reservations with manual or automatic seat selection. User authentication is required. - Route
/reserved-area/confirmed: Displays a confirmation message after a reservation is successfully made.
- if a non authenticated user tries to use a protected API receives in response the following error:
- Error (401):
{ "error": "Unauthorized" }
- Error (401):
-
Description: Retrieve the current session information of the authenticated user. If the user is authenticated, their session data is returned. If the user is not authenticated, an error is returned.
-
Response:
- Success (200): Returns the session information of the authenticated user.
{ "username": "gdemaria", "user_id": 4, "displayed_name": "Giovanni de Maria" } - Error (401): User is not authenticated.
{ "error": "Not authenticated" }
- Success (200): Returns the session information of the authenticated user.
- Description: Authenticate a user.
- Request Parameters:
username(string): The user's username.password(string): The user's password.
- Response:
- Success (200):
{ "username": "gdemaria", "user_id": 4, "displayed_name": "Giovanni de Maria" } - Error (401):
{ "message": "Login failed" } - Error (500):
{ "error": "Error message" }
- Success (200):
- Description: Log out the authenticated user.
- Response:
- Success (200):
{ "message": "Logged out successfully" } - Error (500):
{ "error": "Error message" }
- Success (200):
-
Description: Retrieve a list of all concerts.
-
Response:
-
Success (200):
[ { "concert_id": 1, "concert_name": "Rock Fest 2024", "concert_date": "2024-09-30", "theater_name": "Rock Arena", "theater_rows": 9, "theater_cols": 14, "theater_size": "large", "reserved_seats": ["1A","1B","2A","2B"] }, { "concert_id": 2, "concert_name": "Jazz Night", "concert_date": "2024-10-05", "theater_name": "Symphony Hall", "theater_rows": 4, "theater_cols": 8, "theater_size": "small", "reserved_seats": ["1A","1B","2A","2B"] }, { "concert_id": 3, "concert_name": "The Marriage of Figaro", "concert_date": "2024-11-20", "theater_name": "Teatro Regio Turin", "theater_rows": 6, "theater_cols": 10, "theater_size": "medium", "reserved_seats": [] }, ... ] -
Error (500):
{ "error": "Error message" }
-
- Description: Retrieve detailed information for a specific concert.
- Request Parameters:
id(int): The ID of the concert.
- Response:
- Success (200):
{ "concert_id": 1, "concert_name": "Rock Fest 2024", "concert_date": "2024-09-30", "theater_name": "Rock Arena", "theater_rows": 9, "theater_cols": 14, "theater_size": "large", "reserved_seats": ["1A", "1B", "2A", "2B"] } - Error (404):
{ "error": "Concert not found" }- Error (422): Invalid concert ID.
{ "errors": [ { "msg": "Invalid concert ID", "param": "id", "location": "params" } ] }
- Success (200):
Here’s the updated documentation with the condition that either howMany or seat must be used, but not both and not neither:
- Description: Reserve a specified number of random seats for a concert. The
howManyparameter must be provided, but notseat. - Authentication: This endpoint requires the user to be authenticated (e.g., logged in).
- Request Body:
concert_id(int): The ID of the concert.howMany(int): The number of random seats to reserve.
- Constraints:
- The
howManyparameter is required. - The request will fail if there are not enough available seats.
- The
- Response:
- Success (201):
{ "message": "Reservation successful", "seats": ["1A", "2B", "3C"] } - Error (422): Invalid concert ID or howMany params.
{ "errors": [ { "msg": "Invalid concert ID", "param": "id", "location": "params" } ] } - Error (400): Not enough available seats to reserve.
{ "error": "Not enough available seats" } - Error (400): Concert or theater not found.
{ "error": "Concert or theater not found" } - Error (400): Seats already reserved.
{ "message": "Seats already reserved", "error": "SQLITE_CONSTRAINT: UNIQUE constraint failed" } - Error (500): Internal server error.
{ "message": "Reservation failed", "error": "An error message" }
- Success (201):
-
Description: Reserve specific seats for a concert by providing seat numbers. The
seatsparameter must be provided, and each seat will be validated against the concert’s theater size and reserved seats. -
Authentication: This endpoint requires the user to be authenticated (e.g., logged in).
-
Request Body:
concert_id(int): The ID of the concert.seats(array of strings): An array of specific seats to reserve (e.g.,["1A", "2B"]).
-
Constraints:
- The
seatsparameter is required. - The format for each seat must match the pattern of a row number followed by a capital letter (e.g.,
1A,2B). - The seat must be within the bounds of the theater size and not already reserved.
- The
-
Response:
- Success (201):
{ "message": "Reservation successful", "seats": ["1A", "2B"] } - Error (422): Invalid concert ID or seats params.
{ "errors": [ { "msg": "Invalid concert ID", "param": "id", "location": "params" } ] } - Error (422): Invalid seat format.
{ "error": "Invalid seat format: 5Z" } - Error (400): Seat out of bounds for the theater size.
{ "error": "Seat 7Z is out of bounds for theater size 6x5" } - Error (400): Concert or theater not found.
{ "error": "Concert or theater not found" } - Error (400): Some seats are already reserved.
{ "message": "Seats already reserved" } - Error (500): Internal server error.
{ "message": "Reservation failed", "error": "An error message" }
- Success (201):
- Description: Retrieve all reservations for the authenticated user.
- Authentication: This endpoint requires the user to be authenticated (e.g., logged in).
- Response:
- Success (200):
[ { "user_id": 1, "username": "emusk", "concert_id": 2, "concert_name": "Jazz Night", "concert_date": "2024-10-05", "theater_name": "Symphony Hall", "theater_rows": 4, "theater_cols": 8, "reserved_seats": ["1A","1B"] }, { "user_id": 1, "username": "emusk", "concert_id": 7, "concert_name": "Reggae Nights", "concert_date": "2025-02-20", "theater_name": "Verona Arena", "theater_rows": 9, "theater_cols": 14, "reserved_seats": ["2A","2B"] }, ... ] - Error (500): Internal server error.
{ "error": "An error message" }
- Success (200):
-
Description: Cancel the seats of the authenticated user for a specific concert.
-
Authentication: This endpoint requires the user to be authenticated (e.g., logged in).
-
Request Parameters:
concertId(int): The ID of the concert.
-
Response:
-
Success (200):
{ "message": "Reservation deleted successfully" } -
Error (404):
{ "error": "Reservation not found" } -
Error (422): Invalid concert ID param.
{ "errors": [ { "msg": "Invalid concert ID", "param": "concertId", "location": "params" } ] } -
Error (500): Internal server error.
{ "message": "Reservation failed", "error": "An error message" }
-
- Description: Retrieve the reservation details for a specific concert made by the authenticated user.
- Authentication: This endpoint requires the user to be authenticated (e.g., logged in).
- Request Parameters:
concertId(int): The ID of the concert for which the reservation was made.
- Authentication: This endpoint requires the user to be authenticated (e.g., logged in).
- Response:
- Success (200): Returns the reservation details for the specified concert.
{ "user_id": 1, "username": "emusk", "concert_id": 2, "concert_name": "Jazz Night", "concert_date": "2024-10-05", "theater_name": "Symphony Hall", "theater_rows": 4, "theater_cols": 8, "reserved_seats": ["1A", "1B"] } - Error (404): Reservation not found.
{ "error": "Reservation not found" } - Error (422): Invalid concert ID.
{ "errors": [ { "msg": "Invalid concert ID", "param": "concertId", "location": "params" } ] } - Error (500): Internal server error.
{ "error": "An error message" }
- Success (200): Returns the reservation details for the specified concert.
- Description: Get a JWT token for the authenticated user.
- Authentication: This endpoint requires the user to be authenticated (e.g., logged in).
- Response:
- Success (200):
{ "token": "jwtTokenString" } - Error (500): Internal server error.
{ "message": "Reservation failed", "error": "An error message" }
- Success (200):
-
Description: Calculate a discount based on the seats and whether the user is loyal.
-
Request Body:
seats(array of strings): An array of seat identifiers.- Example:
["1A","1B","2A","2B"]
- Example:
-
Response:
-
Success (200):
{ "discount": 25 } -
Error (400):
{ "errors": [ { "msg": "Seats are required and must be a non-empty string", "param": "seats", "location": "body" } ] } -
Error (422):
{ "error": "Invalid seat format: ..." } -
Error (401):
{ "error": "Invalid token. error: ..." }
-
- Description: The API requires a JWT token for authorization.
- Token Source: The token must be provided in the
Authorizationheader.- Example:
Authorization: Bearer <jwt_token>
- Example:
- JWT Algorithm: HS256
- JWT Secret: The API uses a secret key for signing the token:
qTX6walIEr47p7iXtTgLxDTXJRZYDC9egFjGLIn0rRiahB4T24T4d5f59CtyQmH8.
{
"user_id": 1,
"username": "user123",
"loyal": true
}- Contains information about theaters where concerts are held.
- Columns:
id(integer, primary key): Unique identifier for each theater.name(text): Name of the theater.rows(integer): Number of seating rows in the theater.cols(integer): Number of seats per row in the theater.size(text): Size or capacity description of the theater.
- Contains details about individual concerts held in various theaters.
- Columns:
id(integer, primary key): Unique identifier for each concert.name(text): Name of the concert.theater_id(integer, foreign key): Reference to the theater where the concert is held (fromtheaterstable).date(text): Date when the concert is scheduled.
- Contains information about users who reserve concert seats.
- Columns:
id(integer, primary key): Unique identifier for each user.username(text, not null): Unique username of the user.hashed_pwd(text): Hashed password for user authentication.salt(text): Salt used in password hashing.loyal(integer, default 0, not null): Indicates if the user is a loyal customer (1 for yes, 0 for no).displayed_name(text): Name displayed publicly for the user.
- Constraints:
usernameis unique across the table.loyalcan only have values of 0 or 1.
A unique index is created on the username column of the table users to ensure that each username is unique across the table, preventing duplication and enhancing query performance.
- Tracks reserved seats for users attending concerts.
- Columns:
user_id(integer, foreign key): Reference to the user who reserved the seat (fromuserstable).concert_id(integer, foreign key): Reference to the concert where the seat is reserved (fromconcertstable).seat(text): The specific seat number reserved for the concert.
- Constraints:
- Primary key is a combination of
concert_idandseatto ensure that each seat in a concert is reserved by only one user, avoiding inconsistent states in the database. This ensures data integrity at the database level.
- Primary key is a combination of
- Provides detailed information about concerts, including the theater and reserved seats.
- Columns:
concert_id: Unique identifier for the concert.concert_name: Name of the concert.concert_date: Date of the concert.theater_name: Name of the theater where the concert is held.theater_rows: Number of rows in the theater.theater_cols: Number of seats per row in the theater.theater_size: Description of the theater's size.reserved_seats: Comma-separated list of reserved seats for the concert (if any).
- Shows seat reservations for each user.
- Columns:
user_id: Unique identifier for the user.username: Username of the user.concert_id: Unique identifier for the concert.concert_name: Name of the concert.concert_date: Date of the concert.theater_name: Name of the theater where the concert is held.theater_rows: Number of rows in the theater.theater_cols: Number of seats per row in the theater.reserved_seats: Comma-separated list of seats reserved by the user for the concert.
App(inApp.jsx): The main component that sets up the routing and navigation for the application (In this way the authenticated status is visible in all the application in the navbar). It manages user authentication and displays different pages based on the route.Home(inHome.jsx): Displays the home page with a concert selector and a seat viewer.ReservedArea(inReservedArea.jsx): Manages the reserved area where authenticated users can view, add, or delete their reservations. It includes login functionality and displays the user's reservations.ReservationCreatorPage(inReservationCreatorPage.jsx): Allows users to create new reservations. It supports both manual and automatic seat selection modes.ConfirmationPage(inConfirmationPage.jsx): Displays a confirmation message after a reservation is successfully made. It also fetches and displays the discount from server2.LoginForm(incomponents/LoginForm.jsx): Provides a form for users to log in. It handles user authentication and displays error messages if login fails.ConcertSelector(incomponents/ConcertSelector.jsx): Allows users to select a concert from a list.SeatsManager(incomponents/SeatsManager.jsx): Manages the seat selection process for a concert. It displays available, occupied, and requested seats and handles seat reservation submissions for the manual mode.AutomaticSeatsReserver(incomponents/AutomaticSeatsReserver.jsx): Handles automatic seat reservation by allowing users to specify the number of seats they want to reserve. It integrates with the seat selection process.SeatsStats(incomponents/SeatsStats.jsx): Shows Total, Available, Requested, Occupied seats of a selected concert.ReservationTable(incomponents/ReservationTable.jsx): Displays a table of the user's current reservations with options to delete them.
-
Username: emusk
- Password: pwd1
- Loyal: Yes
- Displayed Name: Elon Musk
-
Username: sjobs
- Password: pwd2
- Loyal: Yes
- Displayed Name: Steve Jobs
-
Username: cbrown
- Password: pwd3
- Loyal: No
- Displayed Name: Charlie Brown
-
Username: gdemaria
- Password: pwd4
- Loyal: No
- Displayed Name: Giovanni de Maria