ari/research-school-2025
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
research-school-2025/writeups/task.md
Arija A. 46abc0fc76
 Create project plan and task 
Signed-off-by: Arija A. <ari@ari.lt>
2025-11-23 13:23:24 +02:00

114 lines
7.2 KiB
Markdown
Raw Permalink Blame History

### Develop a Comprehensive Blogging Platform
Design and implement a fully functional, feature-rich blogging platform with the following core features and functionality:
1. **User Management**
- **Registration & Authentication:** Allow users to create accounts, log in, and manage their profiles. Support user authentication via email/password and multi-factor authentication.
- **Role-based Access Control:** Implement different user roles (e.g., Moderator, Admin, Author, Reader) with varying levels of access and permissions.
- **Profile Management:** Users should be able to update their profile, change passwords, and manage account settings.
- **Password Reset:** Implement secure password recovery functionality.
2. **Blog Post Management**
- **Create, Read, Update, Delete:** Enable authors to create, edit, view, and delete blog posts. Posts should include:
- Title, body, tags, and publication status (draft, published, archived)
- Option to add images or media (via file upload).
- The posts shall be written using markdown.
- **Versioning & History:** Track changes made to each post (diffs), including the ability to revert to previous versions.
- **Scheduling Posts:** Allow authors to schedule posts for future publication.
3. **Commenting & Engagement**
- **Comments:** Allow users to comment on blog posts. Support threaded comments and allow users to reply to comments.
- **Moderation Tools:** Implement a basic moderation system that allows post authors and admins to delete inappropriate comments or flag them for review.
- **Likes & Reactions:** Users should be able to like or react to posts and comments.
4. **Search & Content Discovery**
- **Search:** Implement a search function that allows users to find posts by title, body text, tags, and categories.
- **Filters:** Users should be able to filter posts by tags, author, publication date, and post category.
- **Categories & Tags:** Support categorisation of posts by topic (e.g., technology, lifestyle) and tags for additional metadata.
- **Subscriptions:** Users should be able to subscribe to blogs and see their feed in their home page.
5. **Security & Privacy**
- **Data Encryption:** Ensure sensitive data is securely stored by using encryption (where applicable).
- **Input Validation & Sanitisation:** Prevent SQL injection, XSS, and other common web vulnerabilities by implementing thorough input validation and output sanitisation across the platform.
- **Session Management:** Implement secure user sessions, with features such as session expiry, logout functionality, and session tracking.
6. **Performance & Optimisation**
- **Caching:** Implement resource caching.
- **Pagination:** Implement pagination for blog posts and comments.
- **Optimised Media Upload:** Ensure that media is uploaded efficiently, with automatic resizing and compression.
7. **Analytics & Reporting**
- **Post Analytics:** Track and display metrics for each post, such as views, comments, likes, and shares.
- **User Engagement:** Provide basic analytics for authors regarding the performance of their posts (e.g., most viewed posts, most engaged users).
- **Reporting Dashboard:** Implement a simple dashboard for admins to monitor platform activity, user registrations, and post statistics.
8. **Legal Framework**
- <https://ari.lt/legal/>
### Development of 6 Versions of the Platform
You will create **6 distinct versions** of the blogging platform, each with different priorities. For each version, consider how the balance between **security**, **readability**, and **maintainability** impacts the development process.
#### Version A (High Security, Manual Development)
This version will focus on implementing **robust security** measures, prioritising secure coding practices, and ensuring the platform is resistant to common vulnerabilities.
**Focus Areas:**
- Implement secure authentication, including multi-factor authentication.
- Apply best practices for password hashing (e.g., Argon2).
- Implement comprehensive input validation and output sanitisation (e.g., to prevent SQL injection, XSS).
- Use encryption for sensitive data storage (e.g., personal information, media) and ensure secure transmission of data via SSL/TLS.
- Implement secure session management (e.g., secure cookies, session expiration).
- Deploy logging and monitoring to detect and respond to potential threats.
#### Version B (High Readability, Manual Development)
This version will focus on **clean, readable, and maintainable code**. The emphasis will be on creating clear, well-organised code that is easy to understand, refactor, and extend.
**Focus Areas:**
- Use a modular architecture, breaking down functionality into small, reusable functions and components.
- Consistent naming conventions, well-documented code, and descriptive comments.
- Simplicity in design: prioritise clear and straightforward solutions over complex or highly optimised approaches.
- Easy-to-follow code structures, avoiding deep nesting and ensuring functions/classes are focused on single responsibilities.
#### Version C (Balanced, Manual Development)
This version will seek a **balance between security, readability, and maintainability**, incorporating key practices from both versions A and B.
**Focus Areas:**
- Ensure robust but not over-engineered security practices (e.g., secure authentication and input validation).
- Maintain clean and modular code, with an emphasis on readability without sacrificing necessary security features.
- Simple, clear architecture with focus on maintainability and scalability for future development.
#### Version D (High Security, AI Optimised)
This version will leverage **AI tools** to help optimise the security of the platform, with a particular focus on ensuring the code is secure while maintaining readability.
**Focus Areas:**
- AI-driven recommendations for secure coding practices (e.g., encryption, authentication mechanisms, input validation).
- Use AI to identify and suggest improvements for areas prone to security risks (e.g., weak password storage, insecure endpoints).
- AI-powered refactoring to optimise security-heavy code for better readability without compromising security.
#### **Version E (High Readability, AI Optimised)**
This version will use **AI tools** to improve the readability and maintainability of the code, ensuring the platform remains both understandable and efficient.
**Focus Areas:**
- AI-assisted refactoring to improve the clarity of complex code and simplify error handling.
- AI suggestions for improving code structure, modularity, and adherence to best practices for readability.
- Optimise security practices via AI while ensuring the platform remains simple and intuitive.
#### Version F (Balanced, AI Optimised)
This version will combine the strengths of **both security and readability** using AI, with the aim of finding the optimal balance between the two priorities.
**Focus Areas:**
- AI-driven insights for balancing security features (e.g., encryption, authentication) with modular and clean code.
- Use AI to identify the trade-offs between complexity and readability in security code and suggest the best balance.
- Real-time AI feedback during development to guide decision-making on code quality and security.
Reference in a new issue View git blame Copy permalink