#Need help & guidance for an project

The tech stack that I'm using for this project is:
Technology Stack
• Frontend: HTML, CSS, JavaScript
• Backend: Node.js with Express
• Database: MongoDB
• Notifications: Firebase
• Payments :Razorpay (Optional)
• Media Storage: Cloudinary
I could really appreciate some criticism on this too

The tech stack looks neat to me.
Also just a suggestion but purely going for HTML/CSS/JS might get a little complex. So you can try React and it'll pair well with the Node.js.
For backend testing, you can include Jest.

I have a question. Ummm...have you considered adding authentication? Since you mentioned financial transactions and all. I think it would be a good idea to add authentication. For safety and security reasons

You don't really need to go overboard with it cause it's a final year project, so you just need to get the minimum viable product out. And then scale later

For deployment, Heroku is beginner friendly and free-tier and has simple Git based deployment

but you can also try Vercel + MongoDB Atlas, i've heard it's awesome for node.js

Hope it helps

I will include jest

But for react i know it can be really good but since I'm not really familiar with it and the time is really tight for final year project I think for now I will go with html/css/js

aye aye that's all good

I have considered authentication but i don't know how to do it
In my privious project to authentication i used session
Should I use session for this project too?

can you do json web token?

cuz sessions can be a little difficult

I haven't tried it before but i can learn

How is it

jwt based auth uses client side storage (localStorage/cookie), setup and all is pretty easy

I try it

@cold basalt Do you have any suggestions for what should I use for the chatting/message part

well since you are using firebase for your notifications then you could go for Firebase Firestore + Cloud Functions

Is there anything else that I should keep in mind

+1 on Firebase
Your tech stack looks pretty good too. I personally also recommend react but you could get away with a good number of options. I personally think vite + react + typescript + css modules is a great starter template to build off of in terms of scaffolding your app out quickly.

For learning authentication, I might suggest learning session-based authentication first, especially since you pretty much need to track sessions in order to revoke a user's JWT, eg in case you need to ban a malicious actor.

The JWT itself is just a header (json data about the jwt itself), a payload (json data about the user and their claims/credentials), and a signature. The authorization token will be sent along with a Authorization: Bearer xyzabc123 http header with each frontend request where you can validate it with something like express middleware on the backend.

When a user logs in, you give them an auth token and a refresh token. When the auth token invalidates (say after 1 hour), the long-lived (say 6 months) refresh token can be used to grab another auth token. This allows you to store the auth token in localStorage/JS, where its more insecure, but then store the refresh token in an HttpOnly secure cookie where its (hopefully) inaccesible to bad actors like interceptors or xss (cross site scripting). Im not a cybersecurity expert by any means but I do full-stack web dev (react, typescript, node, and more) so let me know if you have any questions!