mirror of
https://github.com/MvDevsUnion/WPetition.git
synced 2026-01-13 17:09:28 +00:00
6.7 KiB
6.7 KiB
Petition Submission API
A petition signing API built with ASP.NET Core 9.0 that allows users to sign petitions and retrieve petition details. Features rate limiting to prevent spam and duplicate signature detection.
Features
- Sign petitions with digital signatures
- Retrieve petition details including author information
- Rate limiting (3 signatures per minute per IP)
- Duplicate signature prevention (one signature per ID card)
- MongoDB backend for data persistence
- Docker support for easy deployment
- Bilingual support (Dhivehi and English)
Prerequisites
- .NET 9.0 SDK
- MongoDB instance
- Docker (optional, for containerized deployment)
Configuration
MongoDB Setup
- Create a MongoDB database for the petition system
- Create the following collections:
signatures- stores petition signaturespetitions- stores petition detailsauthors- stores petition author information
Application Configuration
Update appsettings.json with your MongoDB connection settings:
{
"MongoDbSettings": {
"ConnectionString": "mongodb://localhost:27017",
"DatabaseName": "petition_database"
},
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft.AspNetCore": "Warning"
}
},
"AllowedHosts": "*"
}
Rate Limiting Configuration
The API is configured with rate limiting to prevent spam. Default settings in Program.cs:
- Limit: 3 signatures per minute per IP address
- Window: Fixed 1-minute window
- Queue: Disabled (requests over limit receive HTTP 429)
To modify rate limits, edit Program.cs:
limiterOptions.PermitLimit = 3; // Change this number
limiterOptions.Window = TimeSpan.FromMinutes(1); // Change time window
Installation
Local Development
- Clone the repository:
git clone <repository-url>
cd Submission.Api
- Restore dependencies:
dotnet restore
-
Update
appsettings.jsonwith your MongoDB connection string -
Run the application:
dotnet run --project Submission.Api
The API will be available at:
- HTTPS:
https://localhost:7xxx - HTTP:
http://localhost:5xxx
Docker Deployment
- Build the Docker image:
docker build -t petition-api .
- Run the container:
docker run -d -p 8080:8080 -p 8081:8081 \
-e MongoDbSettings__ConnectionString="mongodb://your-mongo-host:27017" \
-e MongoDbSettings__DatabaseName="petition_database" \
petition-api
API Endpoints
Sign a Petition
Signs a petition with user information and signature.
Endpoint: POST /api/Sign
Rate Limit: 3 requests per minute per IP
Request Body:
{
"name": "John Doe",
"idCard": "A123456",
"signature": "<svg>...</svg>"
}
Field Validation:
name: Required, minimum 3 charactersidCard: Required, 6-7 characters (typically National ID)signature: Required, SVG signature data
Success Response (200 OK):
{}
Error Responses:
- 400 Bad Request - Invalid request body or validation failed
{
"errors": {
"name": ["The field Name must be a string with a minimum length of 3."],
"idCard": ["The field IdCard must be a string with a minimum length of 6 and a maximum length of 7."]
}
}
- 429 Too Many Requests - Rate limit exceeded
{
"status": 429,
"title": "Too Many Requests"
}
- 500 Internal Server Error - User already signed the petition
{
"title": "You already signed this petition"
}
Get Petition Details
Retrieves details of a specific petition including author information.
Endpoint: GET /api/Sign/{petition_id}
URL Parameters:
petition_id(GUID) - The unique identifier of the petition
Success Response (200 OK):
{
"id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"startDate": "2025-01-15",
"nameDhiv": "ޕެޓިޝަން ނަން",
"nameEng": "Petition Name",
"authorDetails": {
"name": "Author Name",
"nid": "A123456"
},
"petitionBodyDhiv": "ޕެޓިޝަން ތަފްސީލް...",
"petitionBodyEng": "Petition description...",
"signatureCount": 0
}
Error Response:
- 404 Not Found - Petition does not exist
{}
Data Models
Signature (Widget)
{
"id": "ObjectId",
"name": "string",
"idCard": "string",
"signature_SVG": "string",
"timestamp": "DateTime"
}
Petition Details
{
"id": "Guid",
"startDate": "DateOnly",
"nameDhiv": "string",
"nameEng": "string",
"petitionBodyDhiv": "string",
"petitionBodyEng": "string",
"authorId": "Guid",
"signatureCount": "int"
}
Author
{
"id": "Guid",
"name": "string",
"nid": "string"
}
Security Features
Rate Limiting
- Prevents spam by limiting signature submissions to 3 per minute per IP
- Uses ASP.NET Core built-in rate limiting middleware
- Returns HTTP 429 when limit is exceeded
Duplicate Prevention
- Each ID card can only sign a petition once
- Checked before inserting into database
- Returns error message if duplicate detected
Input Validation
- Name: Minimum 3 characters
- ID Card: Must be 6-7 characters (validates National ID format)
- Signature: Required field
Development
Project Structure
Submission.Api/
├── Controllers/
│ └── SignController.cs # API endpoints
├── Dto/
│ ├── WidgetsDto.cs # Signature request DTO
│ ├── PetitionDetailsDto.cs # Petition response DTO
│ └── Author.cs # Author DTO
├── Models/
│ ├── Widget.cs # Signature database model
│ ├── PetitionDetail.cs # Petition database model
│ └── Author.cs # Author database model
├── Program.cs # Application configuration
├── Dockerfile # Docker configuration
└── appsettings.json # Application settings
Dependencies
- ASP.NET Core 9.0
- MongoDB Driver (via Ashi.MongoInterface)
- Microsoft.AspNetCore.OpenApi 9.0.11
- Microsoft.AspNetCore.RateLimiting (built-in)
Troubleshooting
Common Issues
MongoDB Connection Failed
- Verify MongoDB is running
- Check connection string in
appsettings.json - Ensure network connectivity to MongoDB instance
Contributing
When contributing to this project:
- Follow existing code style and conventions
- Test all endpoints thoroughly
- Update documentation for any API changes
- Ensure rate limiting is not disabled in production
License
if you use this you must mention that its powered by Mv Devs Union
also any forks must be open source
this must never be used for data collection and profiling people
Support
For issues or questions, please open an issue on the repository.