2.9 KiB
2.9 KiB
Project Planning and Code Guidelines
General Code Guidelines
-
Modular Design: Use Object-Oriented Programming (OOP) where possible to separate concerns and promote code reuse.
-
File Size Limit: No single Python file should exceed 600 lines to improve readability and maintainability.
-
Commenting:
- Use clear, concise comments to explain complex logic.
- Include function and class docstrings where appropriate.
- Use in-line comments sparingly and only when the logic is not immediately obvious.
-
Code Structure:
- Follow the Model-View-Controller (MVC) pattern where applicable.
- Group related classes and functions into separate modules for clarity.
-
Error Handling: Implement robust error handling with meaningful messages and fallback behavior where possible.
-
Readability:
- Use meaningful variable and function names.
- Avoid deeply nested loops and conditionals where possible.
API Design Guidelines
- RESTful Endpoints: Use RESTful conventions for all API endpoints.
- Status Codes: Return appropriate HTTP status codes (e.g., 200 for success, 404 for not found, 500 for server error).
- Error Responses: Provide consistent and descriptive error messages.
- Data Validation: Validate all incoming data to prevent unexpected behavior and security issues.
- Unified API and UI: For demo purposes, both the API endpoints and admin UI should be served by the same Flask application.
File Organization
- Static Files: Store images in the
static/images/directory. - Product Data: Store product metadata in
products.json. - Configuration Files: Use a dedicated
config/directory for environment-specific settings. - Templates: Store HTML templates in the
templates/directory, with admin-specific templates intemplates/admin/.
Documentation Guidelines
- Keep Documentation Updated: Update TASK.md as features are implemented to track progress.
- Readme First: README.md should always reflect the current state of the project and provide clear setup instructions.
- Code Comments: Keep code comments in sync with implementation changes.
- API Documentation: Document all API endpoints, including request/response formats.
Security Guidelines
- No Hardcoded Credentials: Avoid hardcoding sensitive information like passwords or API keys.
- Input Sanitization: Validate and sanitize all user input to prevent injection attacks.
- Minimal Permissions: Run the application with the least required privileges.
Future Considerations
- Scalability: Plan for the potential migration to a database if the product catalog grows.
- API Rate Limiting: Consider adding rate limiting for public APIs.
- Monitoring and Logging: Implement basic logging for audit trails and error diagnosis.
- Deployment Automation: Use Docker or other containerization for easy deployment and scaling.