Advanced Features - aelassas/bookcars GitHub Wiki

Table Of Contents

  1. Security Practices
  2. Monitoring & Logging
  3. Deployment & Hosting
  4. Extensibility & Customization
  5. Analytics & Tracking

Security Practices

BookCars prioritizes security across all layers of the platform:

  • Authentication: The backend uses JWT (JSON Web Tokens) for secure and stateless authentication. Tokens are signed with a secret and validated on each request to protect user sessions.
  • Refresh Tokens: Long-lived refresh tokens are securely issued and rotated to maintain user sessions without exposing credentials.
  • Secure Headers: Security-related HTTP headers are enforced using the helmet middleware to protect against common vulnerabilities such as clickjacking and MIME sniffing.
  • Input Validation:
    • Frontend: Uses Zod to validate user input and enforce schema correctness.
  • CORS Policies: Configured to allow only trusted domains to interact with the backend.
  • Rate Limiting: Protects against brute-force attacks and abusive traffic patterns.
  • HTTPS in Production: All production traffic is served over HTTPS to ensure encrypted communication.
  • Secure Payments: Integrated with Stripe and PayPal using tokenized and encrypted transactions.
  • Role-Based Access Control:
    • Admin: Full access
    • Supplier: Restricted to managing their own content
    • Customer: Can browse and book vehicles

Monitoring & Logging

Logging and debugging are vital for observability and diagnostics:

  • Backend Logging: Uses Winston, a flexible and extensible logging library that supports multiple transports (console, file, remote).
  • MongoDB Debug Mode: Can be enabled in backend/.env to trace database operations:
BC_DB_DEBUG=true

You can find more details about logging here.

BookCars supports error monitoring through Sentry (https://sentry.io), which captures runtime exceptions and performance metrics. This is useful for diagnosing backend issues in production or staging environments. You can find more details here.

Deployment & Hosting

BookCars supports multiple deployment strategies:

  • Docker Support: Includes Docker and Docker Compose for development and production setups.
  • VPS Hosting: The app can also be deployed manually on virtual private servers (self-hosted).
  • Static File Delivery: Uses Express to serve frontend static assets.
  • Environment Configuration:
    • All environments (development, staging, production) are configured via .env files.
    • Self-hosted Deployment instructions and required variables are documented here.
    • Docker Deployment instructions and required variables are documented here.

Extensibility & Customization

BookCars is highly configurable and easy to customize:

  • Language Support:
    • Add new translations by following this guide.
  • Currency Support:
    • Add support for more currencies by following this guide
  • Modular Design:
    • Shared packages and isolated features make customization seamless across mobile, web, and admin interfaces.

Analytics & Tracking

  • Google Analytics: The frontend includes optional integration with Google Analytics. Configured via:
VITE_BC_GOOGLE_ANALYTICS_ENABLED=false
VITE_BC_GOOGLE_ANALYTICS_ID=G-XXXXXXXXXX
  • Analytics support:
    • Page view tracking in SPA mode
    • Environment-aware logic (disabled in development)
    • GDPR-friendly implementation

Configuration is located in frontend/.env.