EduCourse is a small full-stack tutorial web application (Node.js + Express) that demonstrates a simple course-exploration frontend and a minimal authentication API backed by a JSON file.
What this repository contains:
- Frontend: static HTML/CSS/JS pages in the
public/folder (landing page, login/register, user profile, course pages). - Backend: a lightweight Express server in
server3.jsthat exposes authentication endpoints and a login-status endpoint. - Demo credentials: stored in
SRC/cred.json(this is for demonstration only — do NOT use in production).
Quick Start
Prerequisites:
- Node.js (v14+ recommended)
Install dependencies:
npm install
Start the API server (uses nodemon as configured in package.json):
npm start
The server listens on port 8000 by default. Open your browser to:
http://localhost:8000/— root landing page (served from the project root)
Notes about serving the frontend:
- The frontend pages are in the
public/folder.server3.jscurrently serves the root landing page but does not automatically expose the entirepublic/folder. - To serve the static frontend from the same Express server, add this line to
server3.js(near otherapp.use(...)calls):
const path = require('path');
app.use(express.static(path.join(__dirname, 'public')));Alternatively you can serve the public/ folder with a static file server and run the API server concurrently. Example using http-server:
npx http-server public -p 8080
npm start
# then open http://localhost:8080 for frontend and http://localhost:8000 for API
API Endpoints (server3.js)
GET /— returns the root landing page (landing-page.htmlfrom repository root).GET /isLogedIn— returns the currently logged-in user as JSON ornull.POST /login— expects JSON{ username, password }. On success the server responds with a redirect path (frontend will redirect). On failure it returns an error message.POST /logout— logs out the current user and returns a redirect.POST /register— expects JSON{ name, username, password, email }and appends a new user toSRC/cred.json.
Authentication / Data
- User credentials and session state are stored in
SRC/cred.json(this is a simple JSON file used for the demo). Example default accounts are included (e.g. username:admin, password:admin). - The server-side auth logic lives in
SRC/AUTH.js,SRC/loginStatus.js, andSRC/Logout.js.
Security NOTE: This project is for learning/demo purposes only. Storing plaintext passwords in a JSON file and using isLogedIn flags is NOT secure. Do not use this pattern in production.
Known issues & suggested fixes
- Static files: as noted above,
server3.jsdoes not callexpress.static(...)by default so many files inpublic/will 404 if you only run the server as-is. Add theapp.use(express.static(...))line shown earlier to serve the frontend from the same server. validateLoginbehavior:SRC/AUTH.jssometimes callsres.json(...)inside the helper, butserver3.jsalso expects a return value fromvalidateLogin. This can produce inconsistent behavior. Recommended fix: makevalidateLoginreturn a result object and let the route handler callres.json(...)(or keep the helper responsible for sending the response but adjustserver3.jsaccordingly).
Project file map (important files)
server3.js— Express server and API routes (port8000).package.json— project scripts and dependencies (npm startrunsnodemon server3.js).public/— frontend HTML/CSS/JS files (landing, login, profile, course pages).SRC/cred.json— demo user database (JSON array of users).SRC/AUTH.js— registration and login helper functions.SRC/loginStatus.js— helper to read which user is flagged as logged in.SRC/Logout.js— helper to clearisLogedInfor the current user.
How the auth flow works (quick explanation)
- Frontend (e.g.
public/Login.html) sendsPOST /loginwith{ username, password }. - Backend checks
SRC/cred.jsonfor a matching user and setsisLogedIn: trueon success. - Frontend uses
GET /isLogedInto decide whether to show user profile elements and to populateuser-profile.html. POST /logoutclearsisLogedInfor the user.
If you'd like, I can: add the express.static line to server3.js so the server serves public/ automatically, and/or fix the validateLogin return/response inconsistency. Tell me which change you prefer and I will make it.
If you want me to update the code (serve static files, fix auth response), say which change to apply and I'll patch the files and run quick checks.