Asp.Net Mvc Core E-commerce Api

Table of Contents

• Introduction
• Full-stack Applications
  • E-commerce (shopping cart)
    • Server side implementations
    • Client side implementations
  • Blog/CMS
    • Server side implementations
    • Client side
      • The next come are
  • Simple CRUD(Create, Read, Update, Delete)
    • Server side implementations
    • Client side implementations
      • The next come are
  • CRUD + Pagination
    • Server side implementations
      • The next come are
    • Client side implementations
      • The next come are
• Follow me

Introduction

This is one of my E-commerce API app implementations. It is written in .Net C Sharp using ASP.Net Core MVC framework. This is not a finished project by any means, but it has a valid enough shape to be git cloned and studied if you are interested in this topic. If you are interested in this project take a look at my other server API implementations I have built(see below).

Full-stack Applications

E-commerce (shopping cart)

Server side implementations

• Spring Boot + Spring Data Hibernate
• Spring Boot + JAX-RS Jersey + Spring Data Hibernate
• Node Js + Sequelize
• Node Js + Bookshelf
• Node Js + Mongoose
• Python Django
• Flask
• Golang go gonic
• Ruby on Rails
• AspNet Core
• Laravel

The next to come are:

• Spring Boot + Spring Data Hibernate + Kotlin
• Spring Boot + Jax-RS Jersey + Hibernate + Kotlin
• Spring Boot + mybatis
• Spring Boot + mybatis + Kotlin
• Asp.Net Web Api v2
• Elixir
• Golang + Beego
• Golang + Iris
• Golang + Echo
• Golang + Mux
• Golang + Revel
• Golang + Kit
• Flask + Flask-Restful
• AspNetCore + NHibernate
• AspNetCore + Dapper

Client side implementations

This client side E-commerce application is also implemented using other client side technologies:

• React Redux
• React
• Vue
• Vue + Vuex
• Angular

Blog/CMS

Server side implementations

• Spring Boot + Spring Data Hibernate
• Go + Gin Gonic
• NodeJs + Mongoose
• Laravel
• Ruby on Rails + JBuilder
• Django + Rest-Framework
• Asp.Net Core
• Flask + Flask-SQLAlchemy

The next to come are:

• Spring Boot + Spring Data Hibernate + Kotlin
• Spring Boot + Jax-RS Jersey + Hibernate + Kotlin
• Spring Boot + mybatis
• Spring Boot + mybatis + Kotlin
• Asp.Net Web Api v2
• Elixir
• Golang + Beego
• Golang + Iris
• Golang + Echo
• Golang + Mux
• Golang + Revel
• Golang + Kit
• Flask + Flask-Restful
• AspNetCore + NHibernate
• AspNetCore + Dapper

Client side

• Vue + Vuex
• Vue
• React + Redux
• React
• Angular

The next come are

• Angular NgRx-Store
• Angular + Material
• React + Material
• React + Redux + Material
• Vue + Material
• Vue + Vuex + Material
• Ember

Simple CRUD(Create, Read, Update, Delete)

Server side implementations

• Spring Boot + Spring Data Hibernate
• Spring boot + Spring Data Reactive Mongo
• Spring Boot + Spring Data Hibernate + Jersey
• NodeJs Express + Mongoose
• Nodejs Express + Bookshelf
• Nodejs Express + Sequelize
• Go + Gin-Gonic + Gorm
• Ruby On Rails
• Ruby On Rails + JBuilder
• Laravel
• AspNet Core
• AspNet Web Api 2
• Python + Flask
• Python + Django
• Python + Django + Rest Framework

Client side implementations

• VueJs

The next come are

• Angular NgRx-Store
• Angular + Material
• React + Material
• React + Redux + Material
• Vue + Material
• Vue + Vuex + Material
• Ember
• Vanilla javascript

CRUD + Pagination

Server side implementations

• Spring Boot + Spring Data + Jersey
• Spring Boot + Spring Data
• Spring Boot Reactive + Spring Data Reactive
• Go with Gin Gonic
• Laravel
• Rails + JBuilder
• Rails
• NodeJs Express + Sequelize
• NodeJs Express + Bookshelf
• NodeJs Express + Mongoose
• Python Django
• Python Django + Rest Framework
• Python Flask
• AspNet Core
• AspNet Web Api 2

The next come are

• NodeJs Express + Knex
• Flask + Flask-Restful
• Laravel + Fractal
• Laravel + ApiResources
• Go with Mux
• AspNet Web Api 2
• Jersey
• Elixir

Client side implementations

• Angular
• React-Redux
• React
• Vue + Vuex
• Vue

The next come are

• Angular NgRx-Store
• Angular + Material
• React + Material
• React + Redux + Material
• Vue + Material
• Vue + Vuex + Material
• Ember
• Vanilla javascript

Social media links

• Youtube Channel I publish videos mainly on programming
• Blog Sometimes I publish the source code there before Github
• Twitter I share tips on programming

Getting Started

1. Git clone the project
2. Run reset_db.bat or execute each one of his commands to reset the database migrations, or if you prefer to just go ahead and migrate with the given migration files.
3. Run the app, the application will automatically try to seed the database if there are no enough records, most likely the app will crash because Bogus(Faker for dotnet) generates product names for seeding that may not be unique, since there is a UNIQUE constraint on the database the app may crash, in that case run it again, hopefully this time will generate a product name that is not in the database yet.
4. You can import the api.postman_collection.json into postman to make the requests by yourself

Features

• Authentication / Authorization
• Paging
• Admin feature (incomplete)
• CRUD operations on products, comments, tags, categories
• Orders, guest users may place an order

Useful commands

• Create Initial Migration dotnet ef migrations add InitialCreate
• Migrate dotnet ef database update I always prefer to use dotnet instead of Nuget Console. But If you want the equivalent Nuget console commands then: Add-Migration InitialCreate Update-Database

TODO:

• The Jwt middleware that ships with Asp.Net Core is fine, but it does not validate if the user actually exists, it only checks if the Jwt is valid, I have to create a middleware that does that validation, or at least, make sure user is not null when retrieving it from IUserService.GetCurrentUserAsync()
• Refractoring, there are some repeated code, check if it can be placed in a common place
• A lot of refactoring related to move files to appropriate namespaces, useful comments, cleanup code.
• Admin features
• Benchmark middleware or filter that prints in the console how much time it took the request to get the response
• Unique clauses for slugs and role.name
• User profile feature
• Improving database performance, there are some queries made that retrieve more data than used
• Improve performance by telling EF Core which model entry has its state changed: added/modified/deleted, instead of calling SaveChangesAsync() for each change
• Also related with security, I have to review the authorization(access control) to actions
• Rethink the Comment model(Rating, replies, etc.)
• Change CORS from allowing any to allow origins, methods and headers configured in settings json file
• There is a lack of validations and security checks in:
  • OriginalFileName, (I have to research if this can lead to some kind of SQLi)
  • Reflected XSS: comments, user's data(username, firstName, etc.)
  • LFI: nots sure for now, review later.
  • Not implemented yet access control for tags and categories management
  • Every single input has to be validated, the code is trusting a lot, I have to add checks pretty much everywhere
• App Settings:
  • The admin should be able to decide if user has to validate email registration or not
  • I have to test if svg uploads may lead to XSS and how to prevent them

Resources

• SQLi and ASP.NET Core
• Prevent XSS