Module Assembly - TopCoder NodeJS Member Registration REST API

Project Overview

TopCoder and the TopCoder community have worked hard to get the platform to its currently level of maturity, but we're far from done. It's time to take the platform to the next level. TopCoder is going to start taking some steps to open up the platform API to the outside and community developers so they could incorporate it in their websites, applications or build their own applications (web, mobile or desktop).

The ultimate goal is to open up and build an "API" that is targeting all different type of audiences - Software and Studio Competitors, SRM/MM competitors, Copilots, Admins and TopCoder partners - each audience will have different interests and usages of the API, so it will be a huge project and we need to make sure that we are in the right direction from the beginning.

In this contest, we will build the REST service to member related functionality, the main REST API is Member registration.

Competition Task Overview

Please raise questions as quick as you can, I am familiar with related database and code base, I can provide as much support as I can.

The updated code must still deploy and work on heroku - any submission which can't be deployed on heroku successfully will be failed in screening phase - primary reviewer must check this.

The implementation will base on the node.js version of TC platform API - https://github.com/cloudspokes/tc-api. Please follow the existing actionhero pattern for your development.

Member Registration REST API

The API will be used by simple reg to create new users, you can check https://www.topcoder.com/reg2/showRegister.action

Endpoint: base-url/users
Verb: POST
Success Response: 200
Request Parameters:

Response Data:
the response should properly return the status of the user creation, and datas like user id or optional error messages.

for various error cases, you can follow the implementation of RegisterAction.

1. handle already exists
2. email is invalid (we should do basic regex check on the email field)
3. required field is missing
4. the value for required field is invalid.
5. invalid social provider or social code, currently, we only support provider like github, twitter, facebook and Google, for social code, please investigate that, and find proper validation rules for that.

Failure Response Codes
Following https://dev.twitter.com/docs/error-codes-responses

config.apiCodes = {
OK : {name : 'OK', value : 200, description : 'Success' },
notModified : {name : 'Not Modified', value: 304, description : 'There was no new data to return.' },
badRequest : {name : 'Bad Request', value: 400, description : 'The request was invalid. An accompanying message will explain why.' },
unauthorized : {name : 'Unauthorized', value: 401, description : 'Authentication credentials were missing or incorrect.' },
forbidden : {name : 'Forbidden', value: 403, description : 'The request is understood, but it has been refused or access is not allowed.' },
notFound : {name : 'Not Found', value: 404, description : 'The URI requested is invalid or the requested resource does not exist.' },
serverError : {name : 'Internal Server Error', value: 500, description : 'Something is broken. Please contact support.' }
};
with an optional "message" parameter for more details

Implementation Notes

• The simple reg2 part is not properly merged to trunk of web_module, you can find related logic with branch - https://coder.topcoder.com/internal/web_module/branches/tc_reg_revamp
• Please check RegisterAction for detail logic about validation.
• Please check UserServiceImpl for detail logic about database operation, you should use direct sql insert for user creation, the codebase has logic for using node-js-informix, the sqls for user creation can be found as following:
  • INSERT INTO user(user_id, first_name, last_name, handle, status, activation_code, reg_source) VALUES (1000000, 'f_name', 'l_name', 'user_test', 'A', 'SAMPLE_CODE', 'reg2'); - user_id should be uniquely generated similar as the ID Generator component. for status field, if social data are present, let's set status as Active, otherwise set to Inactive and an verification email will be sent.
  • INSERT INTO 'informixoltp':coder(coder_id, quote, coder_type_id, comp_country_code, display_quote, quote_location, quote_color, display_banner, banner_style) VALUES (1000000, '', null, 156,  1, 'md', '#000000', 1, 'bannerStyle4');
  • INSERT INTO security_user(login_id, user_id, password, create_user_id) VALUES(1000000,'user_test', '4EjPjy6o+/C+dqNPnxIy9A==', 132456); - the password field should be hashed.
  • INSERT INTO email (user_id, email_id, email_type_id, address, primary_ind, status_id) VALUES(1000000, 50000, 1, 'test@yeah.net', 1, 1);
  • INSERT INTO user_group_xref (user_group_id, login_id, group_id, create_user_id, security_status_id) VALUES (22915112, 1000000, 10, 1, 1);
  • INSERT INTO user_group_xref (user_group_id, login_id, group_id, create_user_id, security_status_id) VALUES (22915113, 1000000, 14, 1, 1);
  • INSERT INTO user_group_xref (user_group_id, login_id, group_id, create_user_id, security_status_id) VALUES (22915114, 1000000, 2000116, 1, 1);
  • INSERT INTO user_social_login(user_id, social_login_provider_id, social_user_name, social_email, social_email_verified) VALUES (1000000, 1, 'user_test','test@yeah.net', 'A'); - optional, inserted only if the social related data are present.
• For ldap operation and verification email sending, it is out of scope for this contest, but keep in mind that, they will be implemented as actionhero tasks https://github.com/evantahler/actionHero/wiki/Tasks, so they can easily be invoked by the current registration API.
• For database operation, the current implentation has limitatation, because it assumes only one database. but we are using another database apart from tcs_catalog database. A simple approach is update dataAccess.executeQuery() should accept another parameter - "dataSource" (which is just a name indicating the database), so it can elegantly support multiple databases. If you have better approaches, this can be considered as enhancement.
• Like the Java implementation, we should support transactions and rollbacks. Let's implement the transactions as middleware, the action can specify it uses this middleware https://github.com/evantahler/actionHero/wiki/Middleware.
  • in other words, there is a begin transaction preprocessor middleware and an end transaction postprocessor middleware
  • the action specifies it is transactional
  • the postprocessor would do a rollback on error
• all input parameters should be sanitized.

Configurations

In the previous changes for API framework, we are removing configuration files. and use environment variables as described here: http://12factor.net/config

• Please update initial support/documentation for dev (local), staging (heroku), and production environments.
• Please update two bash scripts to set the dev / heroku configuration values to environment variables (see deploy directory)

API Docs

Blueprint is a simple way of documenting APIs using Markdown. See:

http://apiblueprint.org/
https://github.com/apiaryio/api-blueprint
https://github.com/apiaryio/api-blueprint/blob/master/Tutorial.md

We want to start using it for the TC API:

http://docs.tcapi.apiary.io/
https://github.com/cloudspokes/tc-api/blob/master/apiary.apib

A sample for Registration API is already provided, you should update it based on your implementation.

Testing

Please provide testing to make sure the Registration API can working properly for various cases.

The API Framework supports tests. Use supertest (https://github.com/visionmedia/supertest) with mocha (http://visionmedia.github.io/mocha/). Don't install mocha globally.

Code Format

All code must pass jslint. You may use "nomen: true".

Winner Only

Winner will create pull request against the main github repo in final fix phase.

Virutal Machines (VMs)

VM specific information is found here: http://www.topcoder.com/wiki/display/docs/VM+Image+2.5

Upon registration as a submitter or reviewer you will need to request a VM based on the TopCoder systems image. The VM will be active through aggregation review, after which it will be terminated except for the winner's and the reviewers'. To request your image, please post in contest forum.

Before requesting your VM, you need to ensure that you have an SSH key created and in your member profile. Instructions to do so are here: http://www.topcoder.com/wiki/display/projects/Generate+SSH+Key, and instructions to connect afterwards are here: http://www.topcoder.com/wiki/display/projects/Connect+Using+SSH+Key.

Please realize that VMs are currently issued manually. We make every attempt to issue the VM as soon as it is requested, however, there may be delays of up to 12 hours depending on time of day when you request. We encourage everyone to request a VM as soon as possible to minimize any such delays.

Review Board Requirements

Reviewers need to write Supertest tests for the APIs.

There are three roles:

• Accuracy - Tests the implementation on the accuracy of the results when using the component.
• Failure - Tests the implementation's ability to handle bad data and incorrect usage.
• Security - Tests the oauth, sql inject and other security related requirements.

Reviewer could send preferred role by Contact Manager after system selected the reviwer.

Copilot will assign the role to reviewers if reviewer didn't send the preferred role information.

Reviewer must create pull request from GitHub for the tests.

Technology Overview

• JavaScript
• Node.js 0.10.x
• actionhero.js framework

Documentation Provided

Please check the deployment guide in codebase for reference.

Final Submission Guidelines

Submission Deliverables

A complete list of deliverables can be viewed in the TopCoder Assembly competition Tutorial at: http://apps.topcoder.com/wiki/display/tc/Assembly+Competition+Tutorial 

Below is an overview of the deliverables:

• Source Code.
• Deployment guide to configure and verify the application.

Final Submission

For each member, the final submission should be uploaded to the Online Review Tool.