DictTrainer is a full-stack vocabulary learning platform built with Django REST Framework and React. Users create their own English-Uzbek dictionary, take randomized tests, review mistakes, and track results.
- App (Frontend):
https://fronted-production-2dcf.up.railway.app/ - API (Backend):
https://bakcend-production.up.railway.app - Database: Railway PostgreSQL (private service, not publicly exposed)
This demo is not frontend-only. The deployed app is connected to the live Django API and PostgreSQL database.
- User-isolated data model (each user sees only their own words)
- JWT authentication (register, login, logout)
- Forgot/reset password flow via email
- Word management with search and pagination
- Randomized test sessions with direction and range controls
- Result screen with mistake review and repeat-mistakes mode
- Sound feedback toggle with local persistence
- Security hardening baseline (throttling, brute-force protection, secure settings)
- Backend: Django 5, Django REST Framework, SimpleJWT
- Frontend: React + Vite
- Database: PostgreSQL (recommended), SQLite fallback for local quick start
- Auth: JWT + password reset token flow
backend/
config/ # Django settings, URL routing, security config
accounts/ # Custom user model, auth APIs, throttling, login protection
words/ # Owner-scoped word CRUD
studytest/ # Test session APIs and scoring logic
frontend/
src/
pages/ # App pages (auth, dashboard, test, result)
components/ # Shared UI components
api/ # Axios API client
Implemented and available security controls include:
- Owner-only query scoping for word data
- Object-level owner permissions for update/delete
- API throttling modules for anonymous/user/auth endpoints
- Login brute-force protection module (IP + identifier based)
- Generic 500 error responses to reduce information leakage
- Superuser-only admin access for sensitive user visibility
- Secure cookie and header configuration options via environment variables
cd backend
python -m venv .venv
.venv\Scripts\activate
pip install -r requirements.txt
copy .env.example .env
python manage.py makemigrations
python manage.py migrate
python manage.py runserverBackend base URL:
http://127.0.0.1:8000
cd frontend
npm install
copy .env.example .env
npm run devFrontend URL:
http://localhost:5173
Key values:
DJANGO_SECRET_KEYDJANGO_DEBUGDJANGO_ALLOWED_HOSTSPOSTGRES_DB,POSTGRES_USER,POSTGRES_PASSWORD,POSTGRES_HOST,POSTGRES_PORTFRONTEND_URL,CORS_ALLOWED_ORIGINS,CSRF_TRUSTED_ORIGINSEMAIL_*values for SMTP reset emailsTHROTTLE_*andLOGIN_FAIL_*security controlsSESSION_COOKIE_SECURE,CSRF_COOKIE_SECURE,SECURE_SSL_REDIRECT,SECURE_HSTS_*
VITE_API_URL=http://localhost:8000
POST /auth/registerPOST /auth/loginPOST /auth/forgot-passwordPOST /auth/reset-password-confirmPOST /auth/logout
GET /wordsPOST /wordsGET /words/:idPATCH /words/:idDELETE /words/:id
POST /test/startGET /test/question?session_id=...POST /test/nextPOST /test/answerPOST /test/finish
- Set
DJANGO_DEBUG=False - Use strong, rotated secrets (
DJANGO_SECRET_KEY, DB password, SMTP credentials) - Enable HTTPS and secure cookies
- Enable HSTS with non-zero
SECURE_HSTS_SECONDS - Restrict CORS/CSRF origins to real domains
- Use managed PostgreSQL and persistent cache (Redis recommended)
- Run behind reverse proxy (Nginx/Caddy) with TLS
To make the repository profile-ready:
- Add app URL to GitHub repo
About -> Website - Keep
READMEdemo links updated when domains change - Never commit
.envand secrets (App Password, tokens, private keys) - Keep deployment steps reproducible (
backend/.env.example,frontend/.env.example) - Use clear commit history with focused messages
MVP is complete for:
- Authentication and password reset
- Owner-isolated dictionary CRUD
- Randomized vocabulary testing with feedback and results
- Responsive frontend with modern UI
Private/internal use by default. Add a license file before open-source distribution.