Project Scope and Technical Feasibility

Defining the scope of a graduation project requires a rigorous assessment of technical feasibility. Many students underestimate the complexity of specific features, such as real-time communication or high-concurrency transactions, leading to implementation bottlenecks. It is crucial to align the functional requirements with the development team's proficiency in the chosen technology stack. For students utilizing SpringBoot and WeChat Mini Programs, ensuring a clear separation between the frontend logic and backend API services is fundamental for a successful defense and implementation.

Recommended Project Topics

The following list categorizes potential project domains suitable for implementation with SpringBoot and WeChat Mini Programs.

Campus Life and Services

• University Second-hand Trading Platform
• Campus Cafeteria Food Ordering System
• Student Dormitory Repair Request Portal
• University Courier Pickup and Delivery Service
• Extracurricular Activity Credit Management System

E-commerce and Retail

• Fresh Produce Online Marketplace
• Digital Book Retailer and Reader
• Electronic Waste Recycling and Collection App
• Customized Travel Itinerary Planner
• Native Product Agricultural Sales Mall

Education and Learning

• Online Professional Tutor Matching Platform
• Computer Science English Vocabulary Trainer
• Student Exam Error Review and Analysis System
• Remote Classroom and Assignment Submission Portal
• Driving Theory Test Preparation Assistant

Lifestyle and Health

• Personal Finance and Expense Tracker
• Fitness Coach Booking and Workout Logger
• Traditional Chinese Medicine (TCM) Knowledge Base
• Community Health and Epidemic Prevention Registry
• Pet Adoption and Care Consultation Service

Database Schema Design

Below is a reference schema for a Tutoring and Appointment System, implemented in MySQL. This design supports user management, tutor profiles, and booking logistics.

-- Database Initialization
CREATE DATABASE IF NOT EXISTS tutoring_app_db DEFAULT CHARSET utf8mb4 COLLATE utf8mb4_unicode_ci;
USE tutoring_app_db;

-- Table: System Users
CREATE TABLE `sys_users` (
  `user_id` BIGINT(20) NOT NULL AUTO_INCREMENT,
  `username` VARCHAR(50) NOT NULL,
  `password_hash` VARCHAR(255) NOT NULL,
  `role_type` VARCHAR(20) NOT NULL COMMENT 'STUDENT, TUTOR, ADMIN',
  `avatar_url` TEXT,
  `created_at` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
  PRIMARY KEY (`user_id`),
  UNIQUE KEY `idx_username` (`username`)
) ENGINE=InnoDB;

-- Table: Tutor Profiles
CREATE TABLE `tutor_profiles` (
  `profile_id` BIGINT(20) NOT NULL AUTO_INCREMENT,
  `user_id` BIGINT(20) NOT NULL,
  `display_name` VARCHAR(100) NOT NULL,
  `subject_specialization` VARCHAR(100),
  `hourly_rate` DECIMAL(10, 2),
  `bio_text` TEXT,
  `is_verified` TINYINT(1) DEFAULT 0,
  PRIMARY KEY (`profile_id`),
  FOREIGN KEY (`user_id`) REFERENCES `sys_users`(`user_id`) ON DELETE CASCADE
) ENGINE=InnoDB;

-- Table: Appointment Bookings
CREATE TABLE `appointment_bookings` (
  `booking_id` BIGINT(20) NOT NULL AUTO_INCREMENT,
  `tutor_id` BIGINT(20) NOT NULL,
  `student_id` BIGINT(20) NOT NULL,
  `session_date` DATETIME NOT NULL,
  `status` VARCHAR(20) DEFAULT 'PENDING',
  `notes` TEXT,
  `created_at` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
  PRIMARY KEY (`booking_id`),
  FOREIGN KEY (`tutor_id`) REFERENCES `sys_users`(`user_id`),
  FOREIGN KEY (`student_id`) REFERENCES `sys_users`(`user_id`)
) ENGINE=InnoDB;

Backend Implementation Reference

The following Java code demonstrates a secure authentication flow and a request interceptor using SpringBoot. The logic handles user login, session token generation, and subsequent request validation.

import org.springframework.web.bind.annotation.*;
import org.springframework.beans.factory.annotation.Autowired;
import javax.servlet.http.*;
import java.util.*;
import java.util.concurrent.TimeUnit;

@RestController
@RequestMapping("/api/v1/auth")
public class AuthenticationController {

    @Autowired
    private SessionTokenService tokenService;

    @Autowired
    private UserService userService;

    /**
     * Handles user login requests.
     */
    @PostMapping("/login")
    public Map performLogin(@RequestBody LoginRequest loginReq, HttpServletRequest request) {
        // 1. Validate credentials
        UserAccount account = userService.findUserByCredentials(loginReq.getUsername(), loginReq.getPassword());
        
        if (account == null) {
            return ApiResponse.error("Authentication failed: Invalid credentials");
        }

        // 2. Generate a secure session token
        String sessionKey = tokenService.createSessionToken(account.getId(), account.getRole(), "users");
        
        Map responseData = new HashMap<>();
        responseData.put("accessToken", sessionKey);
        responseData.put("userRole", account.getRole());
        responseData.put("userId", account.getId());
        
        return ApiResponse.success(responseData);
    }
}

/**
 * Service for managing session tokens.
 */
@Service
public class SessionTokenService {

    @Autowired
    private TokenRepository tokenDao;

    public String createSessionToken(Long userId, String role, String context) {
        // Invalidate old tokens for this user if necessary
        tokenDao.deleteByUserId(userId);

        // Generate new token
        String rawToken = UUID.randomUUID().toString().replace("-", "");
        
        // Set expiration (e.g., 2 hours)
        Date expiryDate = new Date(System.currentTimeMillis() + TimeUnit.HOURS.toMillis(2));

        SessionEntity newSession = new SessionEntity();
        newSession.setUserId(userId);
        newSession.setRole(role);
        newSession.setToken(rawToken);
        newSession.setExpiryDate(expiryDate);
        
        tokenDao.insert(newSession);
        return rawToken;
    }
}

/**
 * Interceptor to verify session tokens on protected routes.
 */
@Component
public class SecurityInterceptor implements HandlerInterceptor {

    public static final String AUTH_HEADER = "X-Auth-Token";

    @Autowired
    private SessionTokenService tokenService;

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        
        // Allow CORS preflight requests
        if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
            response.setStatus(HttpServletResponse.SC_OK);
            return false;
        }

        // Check if the handler method has the @PublicEndpoint annotation
        HandlerMethod handlerMethod = (HandlerMethod) handler;
        if (handlerMethod.getMethodAnnotation(PublicEndpoint.class) != null) {
            return true;
        }

        // Extract token from header
        String requestToken = request.getHeader(AUTH_HEADER);
        
        if (requestToken == null || requestToken.isEmpty()) {
            sendErrorResponse(response, "Missing authentication token");
            return false;
        }

        // Validate token
        SessionEntity session = tokenService.validateToken(requestToken);
        if (session == null) {
            sendErrorResponse(response, "Invalid or expired token");
            return false;
        }

        // Populate session context
        request.setAttribute("currentUserId", session.getUserId());
        request.setAttribute("currentUserRole", session.getRole());
        
        return true;
    }

    private void sendErrorResponse(HttpServletResponse response, String message) throws IOException {
        response.setContentType("application/;charset=UTF-8");
        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
        Map errorMap = new HashMap<>();
        errorMap.put("code", 401);
        errorMap.put("message", message);
        response.getWriter().write(new ObjectMapper().writeValueAsString(errorMap));
    }
}