Version: 1.0.0 A complete web application for managing and scheduling social media posts with role-based access control.
Status: β Production Ready
Date: November 2025## Project Information
-
Mevin Jose****Authors: Mevin Jose, Prateek Meher, K Abhiram, K Rajeev
-
Prateek Meher****Date: November 2025
-
K Abhiram****Status: Draft / For Review
-
K Rajeev
-
Overview- β Secure login with session management
-
Quick Start- β Password hashing using bcrypt
-
Features- β Role-based access control (Admin/User)
-
Installation- β Session timeout (15 minutes of inactivity)
-
Configuration### Post Management (SMMS-F-005, F-006, F-007, F-012)
-
Database Schema- β Create posts with text content
-
API Endpoints- β Optional image upload with validation
-
Security Features- β Save posts as drafts
-
Testing Guide- β Edit and delete scheduled/draft posts
-
File Structure- β Published posts cannot be edited/deleted
-
Troubleshooting### Scheduling (SMMS-F-008, F-009)
- β Schedule posts for future date/time
---- β Auto-publish functionality (manual trigger)
- β Automatic status updates from scheduled to published
The Social Media Management System (SMMS) is a complete, production-ready web application for managing and scheduling social media posts. Built with Node.js, Express, and SQLite, it provides secure user authentication, post management, scheduling capabilities, and administrative controls.- β User dashboard with quick actions
- β View scheduled posts with date/time
-
Lines of Code: ~3,500+- β View draft posts
-
API Endpoints: 18
-
Database Tables: 3 (users, posts, audit_logs)### Analytics (SMMS-F-013)
-
Views/Templates: 9- β Total post count
-
Route Modules: 5- β Published post count
-
Security Features: 8+- β Scheduled post count
-
Test Cases: 18- β Draft post count
-
Requirement Coverage: 100%- β Monthly activity breakdown
---### Admin Features (SMMS-F-014)
- β View all users
- β Promote users to admin
- β Manual auto-publish trigger
# 1. Install dependencies
npm install### Security Requirements
- β
SMMS-SR-001: Password hashing with bcrypt
# 2. Create uploads directory- β
SMMS-SR-002: Session timeout (15 minutes)
mkdir public/uploads- β
SMMS-SR-003: Input validation & XSS prevention
- β
SMMS-SR-004: Role-based authorization
# 3. Start server- β
SMMS-SR-005: SQL injection prevention
npm start
```## Technology Stack
**Access the application:** http://localhost:3000**Backend:**
- Node.js
**Default Admin Credentials:**- Express.js (4.18.2)
```- SQLite3
Email: admin@smms.local- bcrypt for password hashing
Password: admin123- express-session for session management
```- EJS for server-side templating
- express-validator for input validation
---
**Frontend:**
## β
Features Implemented- HTML5
- CSS3 (responsive design)
### User Management (SMMS-F-001 to F-004)- Vanilla JavaScript (no frameworks)
- [x] **User Registration** - New users can create accounts with email validation
- [x] **User Login** - Secure authentication with session management (15-minute timeout)**Database:**
- [x] **Password Hashing** - bcrypt encryption with 12 rounds- SQLite
- [x] **Role-Based Access Control** - Admin and regular user roles with middleware protection
## Project Structure
### Post Management (SMMS-F-005 to F-007, F-012)
- [x] **Create Post** - Text-based post creation with rich content (max 5000 chars)```
- [x] **Image Upload** - Media attachment support (5MB limit, image validation)software-engineering-project/
- [x] **Save as Draft** - Store posts without publishingβββ server.js # Main Express application
- [x] **Edit/Delete Posts** - Full CRUD operations (drafts and scheduled posts only)βββ database.js # Database initialization and utilities
βββ package.json # Project dependencies
### Scheduling Features (SMMS-F-008 to F-011)βββ README.md # This file
- [x] **Schedule Posts** - Set future publication times with datetime pickerβββ .gitignore # Git ignore rules
- [x] **Auto-Publish** - Automated publishing system (runs every 10 seconds)βββ routes/
- [x] **View Scheduled Posts** - Display posts awaiting publicationβ βββ auth.js # Authentication routes
- [x] **View Published Posts** - Display live posts with published timestampsβ βββ posts.js # Post management routes
β βββ admin.js # Admin-only routes
### Analytics (SMMS-F-013)β βββ dashboard.js # Dashboard routes
- [x] **Basic Analytics** - Post statistics, counts, and monthly breakdown chartsβ βββ analytics.js # Analytics routes
βββ views/
### Administration (SMMS-F-014)β βββ login.ejs # Login page
- [x] **Admin User Management** - View all users in systemβ βββ register.ejs # Registration page
- [x] **Deactivate/Activate Users** - Disable/enable user accessβ βββ dashboard.ejs # User dashboard
- [x] **Promote/Demote Admins** - Change user rolesβ βββ create-post.ejs # Post creation form
- [x] **Manual Auto-Publish** - Trigger scheduled post publishingβ βββ draft-posts.ejs # Draft posts list
- [x] **System Statistics** - Overview dashboard with user/post countsβ βββ scheduled-posts.ejs # Scheduled/published posts list
- [x] **Database Backup** - Create, list, download, and delete backupsβ βββ analytics.ejs # Analytics dashboard
β βββ admin-dashboard.ejs # Admin panel
### Additional Featuresβ βββ error.ejs # Error page
- [x] **SMMS-F-015:** Flash Notifications - Success/error messages for user actionsβββ public/
- [x] **SMMS-NF-005:** Database Backup - Complete backup management systemβ βββ style.css # Main stylesheet
- [x] **Comprehensive Logging** - Auth logs, error logs, security logsβ βββ uploads/ # User uploaded images
- [x] **Rate Limiting** - Brute-force protection on login (5 attempts, 15min lockout)βββ smms.db # SQLite database (auto-generated)
- [x] **Input Sanitization** - XSS and SQL injection prevention```
---## Installation & Setup
## π» Installation### Prerequisites
- Node.js (v14+)
### System Requirements- npm (v6+)
**Minimum Requirements:**### Steps
- **Operating System:** Windows 10+, macOS 10.14+, or Linux (Ubuntu 18.04+)
- **Node.js:** v14.0.0 or higher (v20.18.0 recommended)1. **Clone the repository:**
- **npm:** v6.0.0 or higher ```bash
- **RAM:** 512 MB minimum (1 GB recommended) cd c:\Users\mjeni\OneDrive\Desktop\Software-Engineering-Project
- **Disk Space:** 200 MB (100 MB for application + 100 MB for uploads/database) ```
**Recommended Environment:**2. **Install dependencies:**
- **Node.js:** v20.18.0 ```bash
- **npm:** v10+ npm install
- **RAM:** 1 GB+ ```
- **Disk Space:** 500 MB+
3. **Create public/uploads directory:**
### Installation Steps ```bash
mkdir public/uploads
1. **Navigate to Project Directory** ```
```bash
cd path/to/Software-Engineering-Project4. **Start the application:**
``` ```bash
npm start
2. **Install Dependencies** ```
```bash Or for development with auto-reload:
npm install ```bash
``` npm run dev
```
**Dependencies Installed:**
- express (4.21.2) - Web framework5. **Access the application:**
- express-session (1.17.3) - Session management - Open your browser and navigate to: `http://localhost:3000`
- sqlite3 (5.1.6) - Database - You will be redirected to the login page
- bcrypt (5.1.0) - Password hashing
- ejs (3.1.8) - Template engine## Demo Credentials
- multer (1.4.5-lts.1) - File uploads
- express-validator (7.0.0) - Input validation**Admin Account:**
- Email: `admin@smms.local`
3. **Create Required Directories**- Password: `admin123`
```bash
# Linux/Mac## User Guide
mkdir -p public/uploads
mkdir -p logs### For Regular Users
mkdir -p backups
1. **Register:** Click "Register here" on the login page
# Windows (PowerShell)2. **Create Post:** Navigate to "Create Post" and fill in the form
New-Item -ItemType Directory -Path "public\uploads" -Force3. **Save Draft:** Submit with "Save as Draft" button
New-Item -ItemType Directory -Path "logs" -Force4. **Schedule Post:** Move posts to "Posts" section and set schedule time
New-Item -ItemType Directory -Path "backups" -Force5. **View Analytics:** Check your post statistics in "Analytics"
-
Configure Environment (Optional)
# Copy example environment file2. **Manage Users:** View, deactivate, or promote users cp .env.example .env3. **Auto-Publish:** Click "Auto-Publish Scheduled Posts" to publish ready posts 4. **System Stats:** View overall system statistics # Edit .env with your settings (optional - defaults work fine) ```## API Endpoints -
Start the Application### Authentication
```bash-
POST /auth/register- Register new usernpm start-
GET /auth/logout- Logout usernpm run dev-
GET /posts/create- Create post form```-
POST /posts/create- Submit new post
GET /posts/drafts- View draft posts
-
Access the Application-
GET /posts/scheduled- View scheduled/published posts-
Open browser: http://localhost:3000-
POST /posts/schedule- Schedule a post -
Login with admin credentials:
admin@smms.local/admin123-POST /posts/publish- Manually publish a post
-
POST /posts/edit/:postId- Edit a post
POST /posts/auto-publish- Auto-publish scheduled posts
On first run, the application will automatically:
-
Create
smms.dbSQLite database### Admin -
Initialize database tables (users, posts, sessions, audit_logs)-
GET /admin- Admin dashboard -
Seed admin user with default credentials-
POST /admin/deactivate/:userId- Deactivate user -
Create necessary directories-
POST /admin/activate/:userId- Activate user
POST /admin/promote/:userId- Promote to admin
---- POST /admin/demote/:userId - Demote from admin
POST /admin/publish-scheduled- Auto-publish posts
GET /analytics- Analytics dashboard
# Server Configuration## Security Considerations
PORT=3000
NODE_ENV=development1. **Password Security:** All passwords are hashed using bcrypt with a cost factor of 10
2. **Session Security:** Sessions are HTTP-only and expire after 15 minutes of inactivity
# Session Configuration (CRITICAL for production)3. **Input Validation:** All user inputs are validated and escaped to prevent XSS
SESSION_SECRET=your-secure-random-64-character-string-here-change-this4. **SQL Injection Prevention:** Using parameterized queries throughout
5. **CSRF Protection:** Session tokens are used for state management
# Database6. **File Upload Security:** Only image files are allowed, with size limits
DB_PATH=./smms.db
## Database Schema
# Upload Configuration
MAX_FILE_SIZE=5242880 # 5MB in bytes### Users Table
UPLOAD_PATH=public/uploads- `id` - Primary key
- `email` - Unique email address
# Security Settings- `password_hash` - Hashed password
BCRYPT_ROUNDS=12- `role` - 'admin' or 'user'
SESSION_TIMEOUT=900000 # 15 minutes in milliseconds- `is_active` - Account status
```- `created_at` - Registration timestamp
- `updated_at` - Last update timestamp
**β οΈ IMPORTANT:** Change `SESSION_SECRET` in production to a secure 64-character random string!
### Posts Table
### Database Configuration- `id` - Primary key
- `user_id` - Foreign key to users
The application uses SQLite and will automatically:- `title` - Post title (optional)
- Create `smms.db` on first run- `content` - Post content
- Initialize tables (users, posts, sessions, audit_logs)- `image_path` - Path to uploaded image
- Seed admin user with default credentials- `status` - 'draft', 'scheduled', or 'published'
- Handle migrations gracefully- `scheduled_time` - Scheduled publication time
- `published_at` - Actual publication time
---- `created_at` - Creation timestamp
- `updated_at` - Last update timestamp
## ποΈ Database Schema
## Testing
### Users Table
```sql### Manual Testing Checklist
CREATE TABLE users (
id INTEGER PRIMARY KEY AUTOINCREMENT,**Authentication:**
email TEXT UNIQUE NOT NULL,- [ ] Register new user with valid email and password
password_hash TEXT NOT NULL,- [ ] Login with incorrect credentials (should fail)
role TEXT DEFAULT 'user' CHECK(role IN ('admin', 'user')),- [ ] Login with correct credentials (should succeed)
is_active BOOLEAN DEFAULT 1,- [ ] Verify session timeout after 15 minutes
created_at DATETIME DEFAULT CURRENT_TIMESTAMP,- [ ] Logout and verify redirect to login
updated_at DATETIME DEFAULT CURRENT_TIMESTAMP
);**Posts:**
```- [ ] Create post with text only
- [ ] Create post with image upload
### Posts Table- [ ] Save post as draft
```sql- [ ] Schedule post for future date
CREATE TABLE posts (- [ ] Edit draft post
id INTEGER PRIMARY KEY AUTOINCREMENT,- [ ] Delete draft post
user_id INTEGER NOT NULL,- [ ] Cannot edit published post
title TEXT,
content TEXT NOT NULL,**Admin:**
image_path TEXT,- [ ] Access admin panel (admin only)
status TEXT DEFAULT 'draft' CHECK(status IN ('draft', 'scheduled', 'published')),- [ ] Deactivate user account
scheduled_time DATETIME,- [ ] Activate deactivated user
published_at DATETIME,- [ ] Promote user to admin
created_at DATETIME DEFAULT CURRENT_TIMESTAMP,- [ ] Demote admin to user
updated_at DATETIME DEFAULT CURRENT_TIMESTAMP,- [ ] Auto-publish scheduled posts
FOREIGN KEY(user_id) REFERENCES users(id) ON DELETE CASCADE
);**Analytics:**
```- [ ] View post statistics
- [ ] Verify correct counts
### Audit Logs Table- [ ] Check monthly breakdown
```sql
CREATE TABLE audit_logs (## Performance Considerations
id INTEGER PRIMARY KEY AUTOINCREMENT,
user_id INTEGER,- Database queries are optimized with proper indexing
action TEXT NOT NULL,- File uploads are limited to 5MB
details TEXT,- Sessions are stored in memory (can be upgraded to Redis for production)
ip_address TEXT,- Static assets are cached through browser caching
created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
FOREIGN KEY(user_id) REFERENCES users(id) ON DELETE SET NULL## Future Enhancements
);
```- [ ] Real social media API integration
- [ ] Advanced analytics with engagement metrics
---- [ ] Post templates
- [ ] Bulk post scheduling
## π API Endpoints- [ ] Email notifications
- [ ] Two-factor authentication
### Authentication (3 endpoints)- [ ] OAuth integration
```- [ ] Database backup automation
POST /auth/register - Register new user- [ ] Post preview before publishing
POST /auth/login - Login user- [ ] Collaborative features
GET /auth/logout - Logout user
```## Troubleshooting
### Posts (7 endpoints)### Database errors
```- Delete `smms.db` and restart the application to reset database
GET /posts/create - Show create post form- Ensure the `public/uploads` directory exists and is writable
POST /posts/create - Submit new post
GET /posts/drafts - View draft posts### Session timeout issues
GET /posts/scheduled - View scheduled/published posts- Clear browser cookies
POST /posts/schedule - Schedule a post- Check system time is correct
POST /posts/edit/:id - Edit existing post- Verify session timeout setting in `server.js`
DELETE /posts/:id - Delete post
```### File upload errors
- Ensure `public/uploads` directory has write permissions
### Dashboard (1 endpoint)- Check file size is under 5MB
```- Verify file type is an image
GET /dashboard - User dashboard with stats
```## Support & Contact
### Analytics (1 endpoint)For issues or questions, please refer to the Software Test Plan (STP) documentation included with this project.
GET /analytics - Analytics page with charts## License
MIT License - See LICENSE file for details
### Admin (6 endpoints)
```## Version History
GET /admin - Admin control panel
POST /admin/deactivate/:id - Deactivate user**v1.0.0 (November 2025)**
POST /admin/activate/:id - Activate user- Initial release with all core features
POST /admin/promote/:id - Promote to admin- Complete security implementation
POST /admin/demote/:id - Demote from admin- Full admin panel
POST /admin/publish-scheduled - Manual auto-publish trigger- Analytics dashboard
POST /admin/backup - Create database backup
GET /admin/backups - List available backups
GET /admin/backup/download/:fileName - Download backup
DELETE /admin/backup/:fileName - Delete backup
- β bcrypt hashing with 12 cost factor
- β No plain-text passwords stored or transmitted
- β Secure password validation (min 6 chars, letters + numbers required)
- β Password confirmation on registration
- β 15-minute inactivity timeout with automatic logout
- β HttpOnly cookies (JavaScript cannot access session cookies)
- β Secure session IDs generated by express-session
- β Rolling session updates to maintain active users
- β sameSite: 'strict' for CSRF protection
- β Session data stored securely in database
- β Email format validation (RFC 5322 compliance)
- β Content length validation (max 5000 chars)
- β File type validation (images only: jpg, jpeg, png, gif)
- β File size limit (5 MB maximum)
- β XSS prevention with custom sanitization utility
- β express-validator for all form inputs
- β HTML entity encoding on output
- β Parameterized queries throughout entire codebase
- β No string concatenation in SQL statements
- β Input sanitization via custom sanitizer utility
- β SQLite prepared statements for all database operations
- β Role-based access control (RBAC) middleware
- β
Admin-only routes protected with
isAdminmiddleware - β Users can only access/modify their own posts
- β Unauthorized actions return 403 Forbidden
- β Session validation on every protected route
- β Content Security Policy (CSP) - Prevents XSS attacks
- β X-XSS-Protection: 1; mode=block
- β X-Content-Type-Options: nosniff
- β X-Frame-Options: DENY (Clickjacking protection)
- β Login attempt tracking (5 attempts maximum)
- β 15-minute lockout after failed attempts
- β IP-based tracking with automatic cleanup
- β Prevents brute-force attacks
- β
Authentication logs (
logs/auth.log) - β
Error logs (
logs/error.log) - β
Security event logs (
logs/smms.log) - β Audit trail in database (user actions tracked)
- β Structured logging with timestamps and severity levels
The project includes comprehensive test coverage to ensure code quality and reliability.
- Lines: 76.79% (450/586)
- Statements: 76.74% (452/589)
- Functions: 79.26% (65/82)
- Branches: 60.77% (110/181)
Run all tests with coverage report:
npm testThis command will:
- Run all 89 test cases using Jest
- Generate coverage metrics
- Create an HTML coverage report
After running npm test, open the HTML coverage report:
Location: coverage/index.html
To view:
- Double-click the file in Windows Explorer, or
- Open it in your browser:
file:///path/to/project/coverage/index.html
The interactive HTML report shows:
- π’ Green lines - Covered by tests
- π΄ Red lines - Not covered by tests
- π‘ Yellow lines - Partially covered branches
- Drill-down capability - Click on folders/files to see line-by-line coverage
The project includes 12 test suites covering:
-
Integration Tests:
tests/auth.test.js- Authentication flows (register, login, logout)tests/posts.test.js- Post management (create, edit, delete, drafts)tests/admin.test.js- Admin dashboard and user managementtests/health.integration.test.js- Health check endpoints
-
Unit Tests:
tests/unit.test.js- Post and user modelstests/middleware.test.js- Authentication and authorization middlewaretests/posts.routes.test.js- Post route handlerstests/admin.routes.test.js- Admin route handlerstests/additional_unit.test.js- Backup, analytics, and scheduler logictests/publishers.test.js- Scheduler publisher logictests/analytics.routes.test.js- Analytics route handlerstests/scheduler.test.js- Background scheduler functionality
| Module | Line Coverage | Status |
|---|---|---|
features/admin/backup.js |
100% | β Excellent |
features/analytics/queries.js |
100% | β Excellent |
features/analytics/routes.js |
100% | β Excellent |
features/scheduler/index.js |
100% | β Excellent |
features/auth/middleware.js |
95.45% | β Excellent |
features/dashboard/routes.js |
84.61% | β Good |
features/posts/models.js |
82.85% | β Good |
features/posts/routes.js |
76.33% | β Good |
features/auth/routes.js |
69.51% | |
features/admin/routes.js |
66.03% | |
features/admin/users.js |
64.81% |
# Run a specific test file
npx jest tests/auth.test.js
# Run tests matching a pattern
npx jest --testNamePattern="should create post"
# Run tests in watch mode
npx jest --watch
# Run tests without coverage
npx jest --no-coverageTests are configured in jest.config.js:
- Test Environment: Node.js
- Coverage Collection:
features/**/*.js(excluding config files) - Test Timeout: 10 seconds
- Setup File:
tests/setup.js(initializes in-memory database)
All tests run automatically on every commit to ensure:
- No regressions are introduced
- Code coverage remains above 70%
- All critical paths are tested
Pre-configured Test Users:
- Admin User: admin@smms.local / admin123
- Test User: Create via registration form
TC-Auth-01: User Registration
Steps:
1. Navigate to http://localhost:3000/auth/register
2. Enter email: testuser@example.com
3. Enter password: Test123
4. Confirm password: Test123
5. Click "Register"
Expected: Registration success, redirect to login
Pass Criteria: User created in database, password hashed
TC-Auth-02: User Login
Steps:
1. Navigate to http://localhost:3000/auth/login
2. Enter email: admin@smms.local
3. Enter password: admin123
4. Click "Login"
Expected: Login success, redirect to dashboard
Pass Criteria: Session created, user authenticated
TC-Sec-01: Password Hashing
Steps:
1. Register new user
2. Check database: SELECT password_hash FROM users WHERE email='testuser@example.com'
Expected: Password is hashed (bcrypt format starting with $2b$)
Pass Criteria: No plain-text password in database
TC-Sec-02: Session Timeout
Steps:
1. Login as any user
2. Wait 15 minutes without activity
3. Try to navigate to /dashboard
Expected: Redirect to login with session expired message
Pass Criteria: Session invalidated after 15 minutes
TC-Post-01: Create Post
Steps:
1. Login as user
2. Navigate to "Create Post"
3. Enter title: "Test Post"
4. Enter content: "This is test content"
5. Select status: "Draft"
6. Click "Create Post"
Expected: Post created successfully
Pass Criteria: Post appears in drafts list
TC-Post-02: Image Upload
Steps:
1. Create post with image (< 5MB, valid format)
2. Submit post
Expected: Image uploaded successfully
Pass Criteria: Image stored in public/uploads/, path saved in database
TC-Post-03: Save as Draft
Steps:
1. Create post with status "Draft"
2. Navigate to "View Drafts"
Expected: Post visible in drafts
Pass Criteria: Post has status='draft' in database
TC-Post-04: Edit/Delete Post
Steps:
1. Create draft post
2. Click "Edit" button
3. Modify content
4. Save changes
5. Click "Delete" button
Expected: Edit saves changes, delete removes post
Pass Criteria: Changes persisted, post removed from database
TC-Sched-01: Schedule Post
Steps:
1. Create post
2. Select status: "Scheduled"
3. Choose future date/time
4. Submit
Expected: Post scheduled successfully
Pass Criteria: Post has scheduled_time in future, status='scheduled'
TC-Sched-02: Auto-Publish
Steps:
1. Schedule post for 1 minute in future
2. Wait for auto-publish scheduler (runs every 10 seconds)
3. Check post status
Expected: Post auto-published when time reached
Pass Criteria: Status changed to 'published', published_at timestamp set
TC-View-01: View Scheduled Posts
Steps:
1. Navigate to "Scheduled Posts"
Expected: All scheduled and published posts displayed
Pass Criteria: Posts shown with correct status badges
TC-View-02: View Published Posts
Steps:
1. Publish a post
2. Navigate to "Scheduled Posts" (shows both scheduled and published)
Expected: Published post visible with green badge
Pass Criteria: Published posts have published_at timestamp
TC-Analy-01: Analytics Counts
Steps:
1. Create posts with different statuses
2. Navigate to Analytics
Expected: Accurate counts displayed
Pass Criteria: Total, published, scheduled, draft counts match database
TC-Admin-01: Admin Manage Users
Steps:
1. Login as admin
2. Navigate to Admin Panel
3. View users list
Expected: All users displayed
Pass Criteria: User details visible (email, role, status)
TC-Admin-02: Deactivate User
Steps:
1. Login as admin
2. Click "Deactivate" on a user
3. User tries to login
Expected: User cannot login (account deactivated)
Pass Criteria: is_active=0 in database, login fails
TC-Sec-03: SQL Injection Prevention
Steps:
1. Try login with email: admin' OR '1'='1
2. Check if login succeeds
Expected: Login fails, no SQL injection
Pass Criteria: Parameterized query prevents injection
TC-Sec-04: XSS Prevention
Steps:
1. Create post with content: <script>alert('XSS')</script>
2. View post on dashboard
Expected: Script tags escaped/sanitized
Pass Criteria: No script execution, content displayed as text
TC-Sec-05: Access Control
Steps:
1. Login as regular user
2. Try to access /admin directly
Expected: Access denied (403 Forbidden)
Pass Criteria: Non-admin cannot access admin routes
To run automated tests (if implemented):
npm testSoftware-Engineering-Project/
β
βββ Core Application Files
β βββ server.js # Main Express server & entry point
β βββ database.js # SQLite database initialization
β βββ package.json # Dependencies & scripts
β βββ debug-scheduler.js # Debugging tool for scheduled posts
β βββ .env # Environment variables (not in git)
β βββ .env.example # Environment template
β βββ .gitignore # Git ignore rules
β
βββ routes/ # API Route Handlers (5 modules)
β βββ auth.js # Authentication (register, login, logout)
β βββ posts.js # Post management (CRUD operations)
β βββ admin.js # Admin features (user mgmt, backups)
β βββ dashboard.js # Dashboard (user stats)
β βββ analytics.js # Analytics (counts & breakdown)
β
βββ views/ # EJS HTML Templates (9 views)
β βββ login.ejs # Login page
β βββ register.ejs # Registration page
β βββ dashboard.ejs # Main dashboard
β βββ create-post.ejs # Post creation form
β βββ edit-post.ejs # Post editing form
β βββ draft-posts.ejs # Draft posts list
β βββ scheduled-posts.ejs # Scheduled/published posts list
β βββ analytics.ejs # Analytics dashboard
β βββ admin-dashboard.ejs # Admin control panel
β βββ error.ejs # Error page
β
βββ public/ # Static Assets
β βββ style.css # Main responsive stylesheet
β βββ modal.js # Modal dialog functionality
β βββ uploads/ # User-uploaded images directory
β βββ [user-images-stored-here]
β
βββ utils/ # Utility Modules (5 utilities)
β βββ logger.js # Centralized logging system
β βββ backup.js # Database backup management
β βββ rateLimiter.js # Login rate limiting/brute-force protection
β βββ sanitizer.js # Input sanitization (XSS/SQLi prevention)
β βββ envCheck.js # Environment validation
β
βββ logs/ # Application Logs (auto-created)
β βββ smms.log # General application logs
β βββ error.log # Error logs
β βββ auth.log # Authentication logs
β
βββ backups/ # Database Backups (auto-created)
β βββ smms-backup-[timestamp].sql
β
βββ db/ # Database Files
β βββ (Reserved for future use)
β
βββ smms.db # SQLite Database (auto-created)
| Category | Count | Files |
|---|---|---|
| Core Application | 7 | server.js, database.js, package.json, debug-scheduler.js, .env, .env.example, .gitignore |
| Route Handlers | 5 | auth, posts, admin, dashboard, analytics |
| HTML Templates | 10 | login, register, dashboard, create/edit-post, drafts, scheduled, analytics, admin, error |
| Static Assets | 2 | style.css, modal.js |
| Utilities | 5 | logger, backup, rateLimiter, sanitizer, envCheck |
| TOTAL | 29 | Source Files |
# Install & Setup
npm install # Install dependencies
mkdir public/uploads # Create uploads directory
npm start # Start production server
npm run dev # Start development server (if configured)
# Stop Server
Ctrl+C # Stop running server
# Database Operations
# Delete smms.db and restart to reset database
# Clear Dependencies
Remove-Item node_modules -Recurse -Force # Windows
rm -rf node_modules # Linux/Mac
npm install # ReinstallAdd a New Route
// In routes/example.js
const express = require('express');
const router = express.Router();
router.get('/path', async (req, res) => {
// Your logic here
res.render('view-name', { data });
});
module.exports = router;
// In server.js, add:
const exampleRoutes = require('./routes/example');
app.use('/example', isAuthenticated, exampleRoutes);Add a New Database Table
// In database.js, add to initializeDatabase():
await db.run(`
CREATE TABLE IF NOT EXISTS table_name (
id INTEGER PRIMARY KEY AUTOINCREMENT,
column_name TEXT NOT NULL,
created_at DATETIME DEFAULT CURRENT_TIMESTAMP
)
`);Check Session Data
// In any route handler:
console.log('User ID:', req.session.userId);
console.log('User Email:', req.session.userEmail);
console.log('User Role:', req.session.userRole);Database Query Examples
// Get single row
const user = await db.get('SELECT * FROM users WHERE id = ?', [userId]);
// Get multiple rows
const posts = await db.all('SELECT * FROM posts WHERE user_id = ?', [userId]);
// Insert
await db.run('INSERT INTO users (email, password_hash) VALUES (?, ?)', [email, hash]);
// Update
await db.run('UPDATE posts SET status = ? WHERE id = ?', ['published', postId]);
// Delete
await db.run('DELETE FROM posts WHERE id = ?', [postId]);isAuthenticated - Checks if user is logged in
function isAuthenticated(req, res, next) {
if (req.session && req.session.userId) {
return next();
}
res.redirect('/auth/login');
}isAdmin - Checks if user has admin role
function isAdmin(req, res, next) {
if (req.session && req.session.userRole === 'admin') {
return next();
}
res.status(403).send('Access denied');
}http://localhost:3000/ # Home (redirects to dashboard)
http://localhost:3000/auth/login # Login page
http://localhost:3000/auth/register # Registration
http://localhost:3000/dashboard # User dashboard
http://localhost:3000/posts/create # Create post
http://localhost:3000/posts/drafts # View drafts
http://localhost:3000/posts/scheduled # Scheduled/published posts
http://localhost:3000/analytics # Analytics
http://localhost:3000/admin # Admin panel (admin only)
http://localhost:3000/auth/logout # Logout
View Server Logs
# View general logs
Get-Content logs/smms.log -Tail 50
# View error logs
Get-Content logs/error.log -Tail 50
# View auth logs
Get-Content logs/auth.log -Tail 50Test Scheduled Posts
# Use the debug scheduler
node debug-scheduler.jsCheck Database Content
sqlite3 smms.db
sqlite> SELECT * FROM users;
sqlite> SELECT * FROM posts;
sqlite> .exitError: EADDRINUSE: address already in use
Solution:
# Find process using port 3000
netstat -ano | findstr :3000
# Kill the process (replace PID with actual process ID)
taskkill /PID <PID> /F
# Or change port in .env
PORT=3001Error: SQLITE_BUSY: database is locked
Solution:
- Close any SQLite browser/viewer applications
- Restart the server
- If persists, delete
smms.db(will lose data) and restart
Error: Warning: connect.session() MemoryStore is not designed for production
Solution:
- Add SESSION_SECRET to .env file (64 characters minimum)
- For production, use session store like connect-sqlite3
Error: ENOENT: no such file or directory, open 'public/uploads/...'
Solution:
mkdir public/uploads
# Or Windows:
New-Item -ItemType Directory -Path "public\uploads" -ForceError: Cannot find module 'express'
Solution:
rm -rf node_modules package-lock.json # Remove existing
npm install # Reinstall dependenciesError: EACCES: permission denied
Solution:
- Run terminal as Administrator (Windows)
- Use sudo on Linux/Mac:
sudo npm install - Check file/folder permissions
Issue: Scheduled posts not publishing automatically
Solution:
- Check scheduler is running in server.js console output
- Verify scheduled_time format:
YYYY-MM-DDTHH:MM:SS - Use debug-scheduler.js to verify post status
- Ensure scheduled_time is in the past for immediate publishing
Issue: Cannot login after multiple failed attempts
Solution:
- Wait 15 minutes for lockout to expire
- Or manually clear rate limit in code (development only)
If you encounter issues not covered here:
- Check console output for error messages
- Review log files in
/logsdirectory - Verify all dependencies are installed:
npm list - Ensure Node.js version is v14+:
node --version - Check database exists and is not corrupted
- Change
SESSION_SECRETto secure random string (64+ chars) - Set
NODE_ENV=productionin .env - Remove default admin credentials (or change password)
- Configure proper session store (not MemoryStore)
- Set up HTTPS/SSL certificate
- Configure reverse proxy (nginx, Apache)
- Set up process manager (PM2, systemd)
- Configure firewall rules
- Set up automated backups
- Enable log rotation
- Configure monitoring/alerting
NODE_ENV=production
PORT=3000
SESSION_SECRET=<64-char-random-string>
DB_PATH=/var/lib/smms/smms.db
UPLOAD_PATH=/var/lib/smms/uploads
MAX_FILE_SIZE=5242880# Install PM2
npm install -g pm2
# Start application
pm2 start server.js --name smms
# Monitor
pm2 monit
# View logs
pm2 logs smms
# Restart
pm2 restart smms
# Stop
pm2 stop smmsThis project is part of an academic software engineering course.
For questions or issues:
- Review this documentation
- Check the troubleshooting section
- Contact the development team
| Requirement ID | Feature | Status | Test Case |
|---|---|---|---|
| SMMS-F-001 | User Registration | β | TC-Auth-01 |
| SMMS-F-002 | User Login | β | TC-Auth-02 |
| SMMS-F-003 | Password Hashing | β | TC-Sec-01 |
| SMMS-F-004 | RBAC | β | TC-RBAC-01 |
| SMMS-F-005 | Create Post | β | TC-Post-01 |
| SMMS-F-006 | Image Upload | β | TC-Post-02 |
| SMMS-F-007 | Save Draft | β | TC-Post-03 |
| SMMS-F-008 | Schedule Post | β | TC-Sched-01 |
| SMMS-F-009 | Auto-Publish | β | TC-Sched-02 |
| SMMS-F-010 | View Scheduled | β | TC-View-01 |
| SMMS-F-011 | View Published | β | TC-View-02 |
| SMMS-F-012 | Edit/Delete Posts | β | TC-Post-04 |
| SMMS-F-013 | Analytics | β | TC-Analy-01 |
| SMMS-F-014 | Admin Users | β | TC-Admin-01 |
| SMMS-F-015 | Notifications | β | Manual Test |
| SMMS-NF-005 | Database Backup | β | Manual Test |
| SMMS-SR-001 | Password Hashing | β | TC-Sec-01 |
| SMMS-SR-002 | Session Timeout | β | TC-Sec-02 |
| SMMS-SR-003 | Input Validation | β | TC-Sec-04 |
| SMMS-SR-004 | Authorization | β | TC-Sec-05 |
| SMMS-SR-005 | SQL Injection Prevention | β | TC-Sec-03 |
Total Coverage: 21/21 Requirements (100%)
Last Updated: November 2025
Documentation Version: 1.0.0