Suggested Tier: 3-Advanced full stack secure website

[momattar]

Summary by CodeRabbit

• Documentation
  • Added comprehensive documentation for an advanced portfolio website project, including full-stack specifications, user stories, admin panel features, and learning resources.

[coderabbitai]

📝 Walkthrough

Walkthrough

Two documentation files are added to specify a new "Portfolio Website" project requirement and index it in the project tier list. The project defines a full-stack, database-driven website with public portfolio sections, dark/light theme persistence, contact form, and an admin panel for managing dynamic content.

Changes

Cohort / File(s)	Summary
Project Documentation Projects/3-Advanced/Portfolio-Website.md, README.md	Added new portfolio website project specification with full-stack requirements including database-driven content, admin panel with CRUD operations, image uploads, and bonus features like rate limiting and scroll animations. Entry indexed in README tier-3 table.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 A portfolio takes shape with care,
Database dreams floating through the air,
Admin panels locked behind secret doors,
Projects, skills, and so much more!
The docs are written, clear and bright,
Another milestone shining in the light! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: adding a new 3-Advanced tier project (Portfolio Website) to the project listing. It identifies both the tier level and the type of project (full stack secure website).
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Warning

⚠️ This pull request might be slop. It has been flagged by CodeRabbit slop detection and should be reviewed carefully.

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

Projects/3-Advanced/Portfolio-Website.md (1)

21-21: Consider file system or cloud storage instead of database for images.

Storing project images directly in the database can lead to performance and scalability issues as the database grows. Consider using:

• File system with path references in the database
• Cloud storage (Azure Blob Storage, AWS S3, Cloudinary)
• CDN for better performance

This approach keeps the database lightweight and improves image serving performance.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@Projects/3-Advanced/Portfolio-Website.md` at line 21, Replace storing raw
image blobs in the database for the "Admin can upload project images" feature
with a path/URL-based approach: update the upload handler (the admin upload
endpoint) to save image files to a chosen storage backend (local filesystem,
S3/Azure Blob/Cloudinary) and store only the resulting file path or CDN URL in
the ProjectImage/Project model, modify the image retrieval logic to
serve/redirect to that URL (or generate signed URLs if using cloud storage), and
add validation, size constraints, and a cleanup routine for deletes; ensure the
storage provider is configurable and update any tests and migrations referencing
binary image fields accordingly.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@Projects/3-Advanced/Portfolio-Website.md`:
- Line 27: The checklist item "Store password as a SHA-256 hash — never plain
text" is incorrect and must be replaced: stop using raw SHA-256 for password
storage and switch to a purpose-built password hashing library (e.g., bcrypt,
argon2, scrypt, or PBKDF2). Update the authentication/signup and login logic
that currently computes SHA-256 (search for the "Store password as a SHA-256
hash" note and any functions that call SHA-256) to use a password-hashing API
such as bcrypt.hash / bcrypt.compare or argon2.hash / argon2.verify, include the
library’s automatic salt and set an appropriate work factor (cost/time/memory
parameter), and ensure all stored password fields are the algorithm output and
that verification uses the corresponding verify function rather than re-hashing
with SHA-256.
- Line 35: Replace the SHA-256 reference with guidance to use ASP.NET Core's
built-in password hashing: remove the SHA-256 link and instead reference
Microsoft.AspNetCore.Identity's PasswordHasher<TUser> (and related docs) as the
recommended approach for password storage; update any text that suggests using
System.Security.Cryptography.SHA256 for passwords to explicitly instruct using
PasswordHasher (which handles salting and work factors) and link to the official
Microsoft.AspNetCore.Identity password hashing documentation.

---

Nitpick comments:
In `@Projects/3-Advanced/Portfolio-Website.md`:
- Line 21: Replace storing raw image blobs in the database for the "Admin can
upload project images" feature with a path/URL-based approach: update the upload
handler (the admin upload endpoint) to save image files to a chosen storage
backend (local filesystem, S3/Azure Blob/Cloudinary) and store only the
resulting file path or CDN URL in the ProjectImage/Project model, modify the
image retrieval logic to serve/redirect to that URL (or generate signed URLs if
using cloud storage), and add validation, size constraints, and a cleanup
routine for deletes; ensure the storage provider is configurable and update any
tests and migrations referencing binary image fields accordingly.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 50380506-abef-48f3-9a6f-94799f215d0f

📥 Commits

Reviewing files that changed from the base of the PR and between 9e8dd00 and ec07f15.

📒 Files selected for processing (2)

• Projects/3-Advanced/Portfolio-Website.md
• README.md