I checked out the codebase from scratch and it has to do so many improvements.
Consider (few things that I instantly noticed):
- data validation (user, reports)
- allow to create accounts by only university emails(confirmation required).
- if allows all emails to create accounts, add additional security step. to verify with university ID or proof. after validate, allow users to use full features.
- security improvements
- APIs need proper authenitication (GET requests can be public APIs).
- consider about injections, csrf/xsr, data manipulation, encryption, etc.
- database
- using firebase as main database means risking user data, if you continue with firebase, consider about firewalls, user access and other secirity steps respectively.
Issue opens for requesting proper documentation, I saw some AI generated documents but those are not much helpful for contributing. Add proper documentation explaining technologies you used, implemented features, planned features, security patches, etc. and also a road map that mentioned in @2 issue.
BR
kavi.
I checked out the codebase from scratch and it has to do so many improvements.
Consider (few things that I instantly noticed):
Issue opens for requesting proper documentation, I saw some AI generated documents but those are not much helpful for contributing. Add proper documentation explaining technologies you used, implemented features, planned features, security patches, etc. and also a road map that mentioned in @2 issue.
BR
kavi.