Weather Forecasting Application

The Weather Forecasting Application is a web-based solution designed for providing accurate and timely weather forecasts. Developed using the Flask web framework for the backend and MongoDB for efficient data management, the application is Dockerized for seamless deployment. This Weather Forecasting Web Application is built upon a foundation of security best practices, ensuring a resilient and trustworthy platform for users.

Backend - Flask:

The backend of the application is powered by Flask, a lightweight and flexible Python web framework. Flask simplifies request handling, URL routing, and response generation. Its support for Jinja2 templates aids in creating dynamic web pages, while Flask extensions extend functionality, enabling features like authentication and database integration.

Database - MongoDB:

MongoDB, a NoSQL document-oriented database, is employed for data storage. Its schema-less architecture accommodates diverse data types, offering flexibility and scalability. MongoDB's platform independence ensures compatibility across various platforms.

Dockerized Deployment:

The entire application is encapsulated within a Dockerized environment, streamlining deployment and enhancing consistency. Docker containers isolate dependencies, contributing to portability and scalability.

Implemented Standards and Best Practices

Coding Standards and Best Practices

Code Organization

The project follows a well-organized directory layout, facilitating efficient code, asset, and template management. A structured application root directory ensures clarity and scalability.

• Project File Structure: The root directory contains the main program code, configuration files, and container-related files.
• Organizing Templates: HTML templates are stored in a separate directory, promoting code logic and presentation separation.
• Static Assets ('static/'): Assets like CSS and JavaScript files are organized in the 'static' directory.

Coding Conventions

The development adheres to the 'PEP 8' style guide for clean, consistent, and readable Python code.

• Code Formatting and Structure: Indentation (4 spaces), import statement grouping, and naming conventions follow 'PEP 8'.
• Line Length: Maintains a maximum line length of 79 characters for readability.
• Docstrings: Used for functions and modules as recommended by 'PEP 8'.
• Whitespaces: Strategically used to enhance code readability.
• Comments: Composed as complete sentences, inline comments used judiciously.

Other Conventions

• Extending Base Templates: Utilizes Flask's "extend" concept to break common elements into separate files, improving code maintainability.
• Routing and Views: Implements Flask's routing system for clean separation between different program sections.
• Utilizing Flask's Template Engine (Jinja2): Embeds placeholders for dynamic HTML content using Jinja2.

Security Practices

Specific Format Checks

• Password Format Checks: Enforces password complexity rules (uppercase, lowercase, digit, special character) and a minimum length of 8 characters.
• Email Format Checks: Ensures valid email formats to enhance client-side security.

Injection Attacks

• Dictionary-Based Queries: Mitigates injection attacks by constructing queries that treat data as data, preventing execution as commands.

Authentication and Session Management

• Session Management: Implements a secret key for signing sessions, protecting against CSRF attacks.
• Password Hashing: Enhances password security using 'bcrypt' for secure hashing.
• Sensitive Data Exposure: Secures default data credentials using hashed passwords and defines MongoDB connection details as environment variables.

Access Control Issues

• Regenerate Session on Login: Prevents session fixation by clearing existing sessions and creating new ones upon user login.

Cross-Site Scripting (XSS)

• Jinja2 Template Engine: Uses Flask's Jinja2 template engine to render templates, mitigating XSS risks.
• Input Sanitization: Escapes or encodes special characters in user input to prevent XSS attacks.

Libraries/Framework

Libraries/Framework	Usage in System Development
Flask	Used for building web applications, creating web routes,
	handling HTTP requests, and rendering templates.
pymongo	Used for interacting with MongoDB databases.
bcrypt	Used for hashing and salting passwords for secure user
	authentication.
re	Used for regular expressions and pattern matching.
secrets	Used for generating secure random passwords and tokens.
Jinja2	Used as a template engine for rendering HTML templates
	with dynamic data.
os	Used for various operating system-related functionalities
FileSystemLoader	Used in conjunction with Jinja2 for loading templates
Environment	Used for configuring and managing the Jinja2 environment
escape	Used for HTML input sanitization to prevent XSS attacks.

Screenshots

Run Locally

Prerequisites:

• Ensure that Git, Docker, and Docker Compose are installed on your local machine.

Step 1: Clone the Repository

git clone https://github.com/rv0fficial/Weather-App.git
cd Weather-App

Step 2: Set Environment Variables

• Download this google drive .env file and paste it into the root folder of this project.

Step 3: Build and Start Docker Containers

docker-compose up

Step 4: Access the Application

• Open a web browser and navigate to http://localhost:5000

Step 5: Register a New User

• Click on the "Register" link and fill in the required information.
• Ensure that you follow the specified password and email format rules.

Step 6: Login

• After registration, click on the "Login" link and enter your registered email and password.

Step 7: Explore the Application

• Once logged in, you can explore the Weather Forecasting Web Application.

Step 8: Logout

• To logout, click on the "Logout" link.

Step 9: Stop Docker Containers

• In the terminal where Docker Compose is running, press Ctrl + C to stop the containers.

Now you have successfully downloaded, built, and run the Weather Forecasting Web Application locally.

---

Expose the application to AWS

EC2 instance:

1. Connect to your EC2 instance:

ssh -i /path/to/your/keypair.pem ec2-user@your-ec2-instance-ip

2. Update the package list and install Docker:

sudo yum update -y
sudo yum install docker -y

3. Start the Docker service:

sudo service docker start

4. Add the ec2-user to the docker group:

sudo usermod -aG docker $USER

5. Enable Docker to start on boot:

sudo chkconfig docker on

6. Install Docker Compose:

sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose

7. Clone your GitHub repository:

sudo yum install git -y
git clone https://github.com/rv0fficial/Weather-App.git
cd Weather-App

8. Update Docker Compose configuration (if needed):

touch .env
vim .env

Download this google drive .env and paste it into the Ec2 using the above commands.

9. To install the libxcrypt-compat package on Amazon Linux, you can try the following command:

sudo dnf install libxcrypt-compat

This command should install the compatibility library libxcrypt-compat, which provides the libcrypt.so.1 library needed by your Docker container.

10. Restart Docker Service: After making changes to group membership or permissions, restart the Docker service to apply the changes.

sudo service docker restart

11. Build and run your Docker containers:

docker-compose up

This command will build and start your Docker containers in the background.

11. Open necessary ports:

Make sure your security group associated with your EC2 instance allows traffic on the ports your application is using ( 22, 5000).

11. Access your application:

Open a web browser and navigate to your EC2 instance's public IP or domain name, followed by the port if applicable (http://your-ec2-instance-ip:5000).