Bagel Patch Website

Created & designed by Corey Schneider

B.S. in Computer Science from the University of North Carolina at Charlotte

---

Resume note - This is the first Ruby on Rails application I have created. A live demo can be found at https://bagelpatch.onrender.com/.

A demo admin account can be logged into with the following credentials:

https://bagelpatch.onrender.com/login → demo@test.com : abc123

---

Credit to open-source contributors / tools used in the development of this project

Bagel Patch uses a number of open-source projects to work properly:

• Twitter Bootstrap - Open-source CSS framework (this makes the website pretty)
• jQuery - A fast, small, and feature-rich JavaScript library
• Ruby on Rails - Web application framework
• Cloud9 - In-browser IDE and server
• Heroku - Made deployment of this application VERY simple

TO DO:

• Enable "articles" (section 5 of https://guides.rubyonrails.org/getting_started.html)
• Add all contents to the menu
• Click on carousel to be taken to the menu
• Clickable phone / address links in footer
• Make the navigation bar look less like puke
• Make navigation bar work for mobile users
• Do not allow guests users to edit / delete / create any articles
• Footer link opens in new tab
• Administrator control panel
• Admin nav bar quick-controls
• Log out nav bar item for USERS only
• Visiting /login while logged in allows you to log in again. Remove that
• Make a portal and tie this into "deals" so logged-in users can edit / delete deals, testimonials, pictures, etc
• Do not allow guests to view / edit / delete / create any users (/users)
• Add picture gallery section
• Add contact us section with a space for a user to leave a testimonial that can be featured (and a chance to win a dozen bagels or something)
  • Instead, encourage a review on our Google page for a free entry to win a dozen bagels.
• Sign up with your email for exclusive offers? Point system with accounts maybe?
• Leave website feedback in bottom right corner - Add CAPTCHA for this
• Login CAPTCHA after 1 failed attempt
• Add Google maps iframe of store
• Make login email non-case sensitive
  • Solution: sessions_controller.rb, create method: add .downcase before email parameter is sent to database
• Add content to Contact section
• Add 404 pages before publishing
• Consider adding HTTPS
  • Solution: Porkbun --> Cloudflare --> Heroku
• Brute force password protection (CAPTCHA would fix this)
• Change password minimum from 6 --> 8
• https://guides.rubyonrails.org/security.html
• app/controllers/application_controller.rb: Return 404 instead of 302 and do the same for /admin
• Fix navigation collapse (mobile view) not working
• Catering
• Fix favicon to be creative commons licensed
• Individual bagel pictures
• Individual cream cheese pictures
• Omelette tab
• Search Engine Optimization (SEO)
  • title tags
  • meta tags

Current permissions:

• Admins can adjust admin roles for ALL users
• Users / guests cannot adjust admin roles
• Users can change their password and edit their account, but nobody else's
• Guests (non-logged in users) can see a list of the users
• Admin panel is only for admins

Goal permissions:

• Make guests unable to see the user list (or at least email addresses)
• Make guests unaware that /admin even exists. Throw a 404

Additional information:

• Addressed bootstrap issue @30553 - Bootstrap 4.4.1 collapse doesn't work with jQuery 3.5.0.
  • Solution: downgrade jQuery to 3.4.1 in ./package.json
    • Problem with this: jQuery 3.4.1 has a security vulnerability (CVE-2020-11022)
• Deploying to Heroku is sometimes a breeze, but when it's not:
  • issues with node-gyp? add heroku/nodejs buildpack (make sure it is placed ABOVE heroku/ruby buildpack) and set the node version in package.json to match your local machine (assuming your local machine is working as expected)

HTML formatter