Skip to content

martinabars/Train-Reservations

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
client
client
 
 
img
img
 
 
server
server
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

Exam #3: Train

Student: BARS MARTINA

1. Server-side

API Server

Authentication APIs

  • POST /api/sessions - User login. Body: {username, password}. Returns user info and canDoTotp flag.
  • POST /api/login-totp - TOTP verification for 2FA users. Body: {code}. Returns success confirmation.
  • DELETE /api/sessions/current - User logout. Returns 204.
  • GET /api/sessions/current - Get current user information.

Reservations APIs

  • GET /api/reservations - Retrieve all reservations for the logged-in user (auth required).
  • POST /api/reservations - Create new reservation (auth required, TOTP required for first class). Body: {class, seats}.
  • DELETE /api/reservations/:id - Delete user's reservation (auth required).

Seats APIs

  • GET /api/seats/:class - Get seat information for specific class (first/second/economy). Returns counts and occupied seats.
  • GET /api/seats/:class/user - Get user's reserved seats for specific class (auth required).

Database Tables

  • users: id (PK), username (unique), name, hash, salt, totp_secret
    Stores user credentials and 2FA secrets.
  • reservations: id (PK), user_id (FK), class (first/second/economy)
    Stores reservations made by users.
  • reservation_seats: id (PK), reservation_id (FK), row, seat
    Stores individual seats associated with each reservation.

2. Client-side

React Client Application Routes

  • / - Home page showing train seat statistics and public information for all classes.
  • /login - Authentication page with username/password and conditional TOTP verification.
  • /totp - Two-factor authentication (2FA) page for users with TOTP enabled.
  • /reservations - Protected route for authenticated users to view and manage seat reservations.
  • * - Not found page for undefined routes.

Main React Components

  • App - Root component managing authentication, routing, and global state.
  • MainLayout - Main layout wrapper with navigation and outlet for child routes.
  • HomePage - Public landing page displaying seat statistics for all travel classes.
  • LoginForm - Authentication form for username and password.
  • ReservationPage - Protected page for viewing and managing user reservations.
  • ReservationPanel - Panel for creating new reservations and selecting class.
  • Navbar - Navigation bar with user info and login/logout controls.
  • ClassSelector - Component for selecting travel class (first/second/economy).
  • SeatGrid - Interactive seat selection grid showing available, occupied, and user seats.
  • ConfirmationModal - Modal dialog for confirming user actions.

3. Overall

Screenshots

Home Page

Home Page

Login Page

Login Page

Reservations Page

Reservations Page

User Credentials

2FA-Enabled Users

  • Username: cla | Password: pwd | 2FA: Enabled | 2 reservations in first class
  • Username: matte | Password: pwd | 2FA: Enabled | 2 reservations in different classes

Regular Users (No 2FA)

  • Username: eric | Password: pwd | 2FA: Disabled | 1 reservation in each class
  • Username: marco | Password: pwd | 2FA: Disabled | without reservations
  • Username: ale | Password: pwd | 2FA: Disabled | without reservations

About

This repository contains a web application developed for Web Application exam in MS Cybersecurity at Politecnico di Torino, focused on train seat reservations. Built with React and Node.js, it demonstrates practical skills in authentication, state management, and database integration, following a full-stack approach.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages