• Table of Contents

Mandatory

Goal

• This project is about creating a website for the mighty Pong contest!

Overview

• Thanks to your website, users will play Pong with others. You will provide a nice user interface, a chat, and real-time multiplayer online games!
• Your work has to comply with the following rules:
  • Your website backend must be written in NestJS.
  • The frontend must be written with a TypeScript framework of your choice.
  • You are free to use any library you want to in this context. However, you must use the latest stable version of every library or framework used in your project.
  • You must use a PostgreSQL database. That’s it, no other database.
  • Your website must be a single-page application. The user should be able to use the Back and Forward buttons of the browser.
  • Your website must be compatible with the latest stable up-to-date version of *Google Chrome* and one additional web browser of your choice.
  • The user should encounter no unhandled errors and no warnings when browsing the website.
  • Everything has to be launch by a single call to: docker-compose up --build

<aside> ❗ When your computers in clusters run under Linux, you will use Docker in rootless mode for security reasons. This comes with 2 sideways: 1) your Docker runtime files must be located in /goinfre or /sgoinfre. 2) you can’t use so called “bind-mount volumes” between the host and the container if non-root UIDs are used in the container. Depending on the project, your situation and the context, several fallbacks exist: Docker in a VM, rebuild you container after your changes, craft your own docker image with root as unique UID.

</aside>

Security Concerns

• In order to create a fully functional website, here are a few security concerns that you have to tackle:
  • Any password stored in your database must be hashed.
  • Your website must be protected against SQL injections.
  • You must implement some kind of server-side validation for forms and any user input.

<aside> ❗ Please make sure you use a strong password hashing algorithm. For obvious security reasons, any credentials, API keys, env variables etc... must be saved locally in a .env file and ignored by git. Publicly stored credentials will lead you directly to a failure of the project.

</aside>

User Account

• The user must login using the OAuth system of 42 intranet.
• The user should be able to choose a unique name that will be displayed on the website.
• The user should be able to enable two-factor authentication. For instance, Google Authenticator or sending a text message to their phone.