Challenge Overview
Welcome to Ragnar - Self Service Tool - Github Oauth Integration. This is a series of contests that will require you to create a MEAN stack based application to allow topcoder members to authorize themselves to private repositories on Github and Gitlab. This is the third contest in the series.
Contest Details
Our application, once ready, will work as follows:
-
An admin user adds github usernames to our app with role as””.
-
These owners will authenticate themselves using Github’s OAuth based authentication for Web Application.
-
They will then be able to see teams which they own - teams to which they can add other members to.
-
They will then generate a unique URL for that team.
-
Other users, when they visit this URL will first be asked to authenticate themselves using OAuth following which they will be automatically added to the team associated with that URL. 2 OAuth’s are in play here - one that is used to make the API call to add a member to a team and another that is used to get the username to be added to the team.
We have developed the following services:
-
Service that lists the teams associated with a user
-
Service that adds a member to a team.
For this contest, you need to provide the following:
-
A mongodb database
-
An admin user that can add a github username and a role of “Owner” in the database. Provide a http endpoint to facilitate the same.
-
A http endpoint that allows a user to perform an OAuth based authentication with Github.
-
If the user is having the role of “Owner” in our app (based on their github username), they can then access the endpoint that allows them to see the teams that they belong to. Restrict the endpoint to be only called by “Owners” of our app. Since it is possible that other users can authenticate themselves with our app through OAuth, we want only those users with role "Owner" to access this endpoint.
-
Set up an endpoint that generates a unique id and consequently a unique URL for the provided github team. The endpoint will generate the URL using the logged in user and the team. It should be generated randomly such that one cannot figure out the team id or the owner of the team through the URL. You may need to store the team id and the OAuth access token of the authenticated user in the database. This endpoint will only work on teams that the authenticated user is authorized to add team members to. This endpoint too can only be called by users with role "Owner" in our app.
-
Visiting the URL endpoint will first ask the user to authenticate themselves using OAuth, which on success will add the authenticated user to the team associated with the endpoint. It will use the access token saved earlier belonging to the owner of the team to add the member.
There is no front end yet for this app. You will provide all the remaining endpoints though to realize it as part of this contest.
Points to Note
-
We will share an existing code base with you in the contest forum. Update it with the requirements from above.
-
Update existing POSTMAN collection as necessary and provide new endpoints
-
You need to make use of Topcoder’s own eslint configuration
-
Provide mocha tests along with chai.
-
There are two OAuth based authentications at play - one of the team owner and one of the member being added to the team. Storing the necessary details in the MongoDB database needs to be handled properly. Additionally, you need to restrict endpoints based on the role of the authenticated user in the app itself (set by the admin). These are the major requirements for this contest that you need to get right.
-
Please follow the same conventions used in the Github service. This implies that you also need to make use of the Github Nodejs library being used and not make direct API calls through the service.
Final Submission Guidelines
Zip your changes. Update the existing README file with deployment and usage instructions if needed. Upload it to Topcoder. The winner will be asked to create a Pull Request to our repository.