Challenge Overview
This is the fourth challenge in the series for cloudHub, where we are building some base level CRUD APIs to allow our applications to talk to mongodb. We will be setting up user access and authentication with JSON web tokens, and then building various endpoints to expose our data. The end goal of this challenge is to allow access to 5 collections within the database to authenticated users.
Based on the feedback in challenge #2, we are going to continue to use NodeJS + Express + Swagger.
Authentication
- There are 3 different roles a user can have within the system, and they can have more than 1 role. Example, a user could have both the user and admin roles.
- user - Limited API access to the system, longer valid token.
- admin - Access to all information for only their company.
- super-admin - Access to all information for all companies.
- The user role will have very limited access to the application, they will only be able to run the API listed on 2-3. For that functionality we are going to create a random value on user create and email that value to the user. There should be 2 unique endpoints for this user, creating user and emailing value; and authenticating the loginToken for the user.
- For admin and super-admin the authentication will be with the email and password passed to the API.
All of the collections have 4 standard fields that we use for tracking. On POST we would update createdAt to current datetime and createdBy to the userId that made the API call. The same update would occur on PUT for modifiedAt and modifiedBy. Here are some of the initial endpoints we have defined that we will need for our application, we want all POST, PUT, GET, and DELETE when it makes sense, unless noted below:
- Company
- Load Company by Id
- Load all Companies (super-admin only)
- App
- Load App by Id (PUT/DELETE restricted to super-admin)
- Load all Apps
- Load Apps by userId (apps stored in user model)
- CompanyApp
- Load Company Apps by companyId
- Load Company App by Id
- CompanyCharge
- Load Company Charges by companyId
- Load Company Charges by appId
- Load Company Charge by Id
- User
- Load Users by companyId
- Load User by Id
Requirements
- Swagger-node with Express
- Create models for the following collections; users, companies, apps, companyCharges, userStats; we have defined these in the seed application, see thimble.zip in the forum.
- All endpoints that return multiple records should have offset parameter(s) to allow the user to paginate through the records, and not get all the records in 1 call.
- API restrictions should be configurable based on user role.
- node-token-jwt or similar for JWT management.
Final Submission Guidelines
- Deploy your solution to Heroku and make sure to include your working Heroku instance URL as part of your documentation.
- Provide your code and documentation in a single zip file. Make sure you include steps to deploy to Heroku.
- The bulk of your documentation should be in the Readme.md and you should assume that this will be open source so make sure you cover all the steps to set up, If you have specific information that should not be included in a public readme (like your heroku link or links to your video) put them in a file called submission.txt and they will be omitted from the project if it is open sourced.
- Provide a quick video of your solution in action (feel free to annotate your video if you are not comfortable with spoken English or don’t like the sound of your own voice).
- If your submission includes swagger, please add in some documentation about its function in the project.