HW14: Connect NodeJS to REST API due Thu 02 May 13:20

Allowed and Disallowed Resources

• The JavaScript Command Sheets handed out in Web 1 (and also available here: https://josephus.hsutx.edu/classes/all/javascriptcommandsheets/.
• Examples and sample code found here: https://josephus.hsutx.edu/classes/w2/source/.
• The VSCode editor with appropriate syntax highlighting and formatting plugins. You may not use any plugins that generate code, however.
• Video instructions provided in Canvas as part of this course. You MAY NOT USE any other video resources.
• The course notes that accompany the video instructions which can be found here: https://docs.google.com/presentation/d/113px2eo6b2rltW0cKty7782GpEFIYA4WyFlhE6ye5G4/edit?pli=1#slide=id.p
• The official JavaScript Documentation found here: https://developer.mozilla.org/en-US/docs/Web/JavaScript.
• The official PHP Documentation found here: https://www.php.net/docs.php
• The official jQuery Documentation found here: https://api.jquery.com/
• Any handouts provided by the instructor as part of this course.
• Your own course notes
• Your instructor
• Discussions about the assignment with other students as long as you never look at the code produced by another student and you never receive instructions about solving the homework. That is, discussions need to be about concepts and understanding the technologies and not about how to solve the particular problem posed in this assignment.

You may NOT use/access:

• Resources not expressly listed above, including, but not limited to, the following ...
• Source code not provided as part of this assignment. (Obviously, this includes, but is not limited to, source code written by other students whether current or in the past).
• Code-generating tools (of which ChatGPT is one example).
• Any web sites not directly linked to from the homework assignment.

Failure to abide by these guidelines will result in a zero for the assignment and the incident will be reported to the university provost as a violation of the university academic integrity policy. A second incident of academic dishonesty (whether from this course or another computer science course) will result in an F in the course.

Overview

The functionality of the application will be as follows:

• All interaction with the database will be through the API you created in homework 11.
• You DO NOT need to provide a register/signup page.
• You DO NOT need to provide Ajax behavior.
• You DO NOT need to provide a Change Book button.
• You DO NOT need to provide CSRF protection.
• You should have the following pages working fully as in previous assignments: home page, detail page (with delete button and action) add book page, an error page that displays an appropriate message given a query string parameter.
• You do need to provide protections against XSS and SQL injection.

Some Details

Some additional requirements:

• If a form fails validation it should be repopulated with the most recent values.
• Permissions and behaviors of pages should match previous assignments. RECAP: Any user (even if not logged in) can view the home page. If a user is logged in then the books on the home page are clickable and lead to the detail page. If the user is the owner/creator of the book entry then they will be given a Delete button on the detail page. Only owners can delete a book (whether or not they come from the detail page). Only logged in users can add a book.
• All forms should be validated as in previous assignments with helpful error messages when a form fails validation. Also, forms should be repopulated with previous values upon failed validation.
• Buttons/links should adjust dynamically/appropriately based on the status of the current user.

Turning In Your Code