Register
Submit a solution
The challenge is finished.

Challenge Overview

Welcome to the simple web API server challenge ! 

This is the first challenge of our second stage ‘Develop Backend Services with Golang’. The Goal of this challenge is to develop a simple web API server with Golang. The server provides an API to authenticate users. 

This time we will evaluate your submission based on the scorecard. We totally recommend you to read the articles mentioned in ‘Final Submission Guidelines - Code Guidelines’ section.  The person who gets the highest score wins. In case of a tie, the person to submit earlier wins.

If you have any questions, ask and get clarification in the forum.

API Spec

This API is to authenticate user for a domain by username and password via HTTP. The domain name is included as a part of the endpoint.

Endpoint

  • /api/2/domains/{domain name}/proxyauth
  •  We use port 80 but we would like to use other ports such as 8080 for testing.

Request

Request Method

  • POST

Parameters

  • username
  • password

‘password’ parameter is encrypted with the following logic

  • ‘{SHA256}’ + Base64 encoded SHA256 digest of the user’s password
  • Example
    • original password : abcd1234
    • password parameter : {SHA256}6c7nGrky_ehjM40Ivk3p3-OeoEm9r7NCzmWexUULaa4=

ContentType

  • application/x-www-form-urlencoded

Sample

Request parameters.

  • domain name : topcoder.com
  • username : takumi
  • password : {SHA256}2QJwb00iyNaZbsEbjYHUTTLyvRwkJZTt8yrj4qHWBTU=
    • Original password is ‘ilovego’

Request to a server running on localhost with cURL

curl --data "username=takumi&password={SHA256}2QJwb00iyNaZbsEbjYHUTTLyvRwkJZTt8yrj4qHWBTU=" http://localhost/api/2/domains/topcoder.com/proxyauth

Response

StatusCode

Use 200 to indicate that the request is processed successfully. Even if we get some application errors such as ‘password unmatch’ or validation errors of parameters, status code should be 200. 404 is used when the domain name is not supported. 500 is used for system errors.

  • 200    Successfully processed the request
  • 404    No such domain
  • 500    Server error

Format

Return JSON data for status code 200.

In case of success.


        "access_granted": true
}

In case of authentication failure or validation errors. The 'reason' is always same.

{
        "access_granted": false, "reason": "denied by policy"
}

No data should be returned for status code 404 and 500.

ContentType

  • application/json

Authentication Logic

This time we use a json file attached (users.json) for data store. 

When you receive a request to appirio.com domain with username ‘jun’ and password, you are supposed to find a record for jun under appirio.com domain in users.json. Encrypt jun’s password you get from the json file, then compare the encrypted password and the password received. If they are same, the authentication succeeds.

Note

  • No need to handle signals for this challenge

Test

Prepare your test script to cover the following cases.

  • Case1 Success
    • topcoder.com domain
    • StatusCode 200
  • Case2 Success
    • appirio.com domain
    • StatusCode 200
  • Case3 Failure
    • password unmatch
    • StatusCode 200
  • Case4 Failure
    • username not found
    • StatusCode 200
  • Case5 Failure
    • domain not found 
    • StatusCode 404


Final Submission Guidelines

Code Guidelines

Follow the practices mentioned in the articles below.

We have one note specific to this challenge.

  • Use  ‘lower_case_with_underscore’ name for package, file or directory. However, try to avoid underscores and prefer short names

Submission Deliverables

  • Source code
    • Format your code with ‘gofmt’ command.
  • Test script that covers the test cases
  • Simple README to explain your deliverables

External Libraries

We believe this challenge is not so complicated that we can complete without any external libraries. But if you would like to use external libraries please follow the guidelines below.

  • Do not use libraries developed with languages other than Golang
  • Do not use GPL libraries and LGPL libraries
  • MIT, Apache and BSD libraries are available
  • Please mention about external libraries you used in your README

ELIGIBLE EVENTS:

2015 topcoder Open

Review style

Final Review

Community Review Board

Approval

User Sign-Off

ID: 30046011