Register
Submit a solution
The challenge is finished.

Challenge Overview

Attention!  This is a fast 48h challenge! All phases have shorter deadlines. Make sure you don’t miss any!

Challenge Objectives

  • Secure our application named “Lauscher” to only allow specific user roles to access the page.

  • Fix security issues in the project dependencies.

  • Improve unit testing.

Project Background

Lauscher is the application that our admins and copilots use to “watch” messages from our Kafka event bus.

Technology Stack

  • Node.js

  • Apache Kafka

  • React.js

Code Access

Repo: https://github.com/topcoder-platform/Lauscher

Branch: develop

Detailed requirement

1. Secure Lauscher UI

Although we have the code in place to authenticate the user, we only use the returned response to show the user’s handle on the upper right corner.

You need to add the appropriate checks so only the allowed (configurable) user roles can access the application.

 

For now, only users with the following roles are allowed to access the application:

  • Administrator

  • Copilot

Use case-insensitive match.

 

All other users should see an error saying:

“You do not have access to use this application.”

We don’t have a design for that but it should be very simple to create it.

2. Secure Lauscher API

Currently, the Lauscher API accepts unauthorized calls. You need to update the code so all endpoints expect a Bearer JWT as “Authorization” header.

 

The JWT will be the JWT that the Lauscher UI gets when it authenticates the user.

 

The Lauscher API should have similar role-based access checks as the Lauscher UI. Perhaps you can extract those as a separate module if it helps to avoid code duplication.

3. Fix Vulnerabilities From Dependencies

Fix those: https://github.com/topcoder-platform/Lauscher/network/alerts

Probably just need to update the dependencies to newer versions.

4. Improve unit testing

You need to cover the API with strong negative and positive unit testing.

 

Make sure the existing functionality is not broken.

Feel free to ask on the challenge forum!

What to Submit

Submit:

  • A git patch for the latest commit in the develop branch.

  • Instructions on how to apply your patch. Make sure to mention the exact commit you used so we can apply your patch.



Final Submission Guidelines

Please see above

ELIGIBLE EVENTS:

Topcoder Open 2019

Review style

Final Review

Community Review Board

Approval

User Sign-Off

ID: 30088020