>
William Fridh logo - Develop, Sleep, Repeat

William Fridh

Develop, Sleep, Repeat

Pangare.se

Picture showing the project Pangare.se
JAVASCRIPTJAVASCRIPTMYSQLMYSQLPHPPHPSTRIPESTRIPEGOOGLE ANALYTICSGOOGLE ANALYTICSJQUERYJQUERY

A market platform built for safer second-hand shopping of weapons and related products. Used by Swedish hunters and sport shooters.

One of my biggest projects ever done was Pangare.se. A digital marketplace where Swedish hunters and sports shooters could buy and sell their items legally and safely. To achieve this, we landed in the solution of anonymous sellers, digital identification, and lots of encryption and data cleansing as soon as possible.

It started as a small project with just a few functions in mind but quickly grew as we noticed that we had to take it further to achieve what we aimed for and to follow all EU regulations (such as GDPR) and upcoming laws regarding arms deals.

The platform consisted of four parts: REST API, web APP, MySQL database, and a storage space. As everything was carried out on Shared Hosting, the RESP API and MySQL database got to share one “server”, while the web APP and storage space got their own. This was to add additional security and cut off the components from each other if a malicious file were to be successfully uploaded and executed. But let’s dive deeper into these components!

REST API

The REST API was built using PHP 7 and the Slim Framework, a “micro-framework” according to themselves. The development was carried out while using Postman for requests and Composer as a dependency manager.

Now the REST API didn’t just enable users to sign in, post ads, reply to ads, and more. It also handled, using CURL, data cleaning, e-mail sending, and encryptions (OpenSSL). On top of this, it was also connected to three separate APIs: Stripe for payments, Zignsec for access to Swedish BankID, and finally Freja eID. The latter two were used for authentication.

Web APP

The web APP was something out of the ordinary. By the time we started this project, I was still using plain JavaScript with a bunch of jQuery ❤️, but was starting to get curious about why people had been leaving it for some time. Thus, while building the web APP, I added a bunch of experimental features.

One of the experimental features was part of the CMS built into the REST API. Let’s say you were to create a new page for some specific information. You could then select an HTML template, and write the content to it, but here comes the twist. On top of just adding content, you could also write logic such as “if”, “else”, and “or”, loop through data and print it out, and select data from the user profile for personalization of the content.

Doing these experiments was great fun and led to a good management experience! But, most importantly, it taught me that it was time to start looking into more modern frameworks (React was the goal).

MySQL Database

The MySQL database wasn’t anything too special. It contained lots and lots of encrypted data and a custom ID solution. As the database concentrated sensitive information, each row of sensitive data was given a custom ID (sequence of characters), and was linked to an “object table”. The rows in the object table had expiration dates on them so that CURL jobs could easily clear data as soon as possible. The data cleared could for instance be an ad that had been marked as sold.

Storage Server

As the site contained sensitive information, we had to be extra cautious about images as they could hold information releasing who the gun owners were (thus ruining part of the purpose of the platform). So each image uploaded and transferred via SSH, was apart from being compressed and decreased in resolution, also stripped of all metadata and was given a new unique filename.

Mentioned In Media

As we had quite a few constants within the outdoor industry and people vouching for us, we managed to get highlighted in the media three times as you can see below.


www.feber.se

www.jaktojagare.se

www.poddtoppen.se