Challenge Overview
Challenge Overview
Welcome to a new series of Poseidon’s developer portal. In this challenge, we are creating backend APIs for developer portal.
Project Overview
This subproject of Poseidon’s series we are building developer portal to share information about our platform to the developer who wants to integrate Poseidon’s API/sdk in their app.
With this challenge we will be building the backend API for the given design. After this we will integrate with the angular prototype.
Technology Stack
Node.js, PostgreSQL, Typescript
Individual Requirement
Implement the following endpoints in node js
In this app the user creates API Keys to access the sdk endpoints.
-
Register
Please follow the design from the link https://marvelapp.com/1050g79j/screen/64765895
It should call AWS Cognito user pool sign up process and return payload from AWS cognito to frontend
Method: POST
URL: /register
Body: {fullName, userName, password}
-
Login
Please follow the design from the link https://marvelapp.com/1050g79j/screen/64765894 for input.
It should call AWS Cognito user pool authentication process and return payload from AWS cognito to frontend
Method: POST
URL: /login
Body: {Username, password}
Returns: {token}
-
Forgot Password
Use AWS Cognito API to both request password reset and send email with reset link.
https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ForgotPassword.html
Method: POST
URL: /forgotPassword
Body: {Username}
Returns: N/A
-
Reset Password - (without Authorization)
Should call the https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmForgotPassword.html to reset the password.
Method: POST
URL: /resetPassword
Body: {ConfirmationCode, Username, newPassword}
Returns: N/A
-
Create API Key
This method should create API key and API secret and register them in another AWS Cognito pool as username and password.
HTTP Method: POST
URL: /createKeys
Authorization: Bearer <Auth token from login endpoint>
Body: {note}
Returns: {note, apiKey, apiSecret}
The algorithm will be as
-
This api will create random 16-alphanumeric chars API Key and UUID API secret which are treated as username and password
-
Check if the user name does not exist in another API user pool. If so - get back to point 1.
-
Send those username and password to another user pool, to sign up
-
Store the mapping of current user pool with API key for second pool in db.
-
Return the same values as api key and secret which are also (username and password for another user pool)
-
Delete API Key
Remove API Key from the second user pool and db mapping table.
HTTP Method: DELETE
URL: /deleteKeys
Authorization: Bearer <Auth token from login endpoint>
Query String: apiKey
Returns: N/A
-
Get All API Keys
Get all keys created by user which are present in UI.
HTTP Method: GET
URL: /getKeys
Authorization: Bearer <Auth token from login endpoint>
Returns: [{note, apiKey}]
Compatibility:
-
RDBMS: PostgreSQL 10.x
-
Authentication provider: AWS Cognito
-
Caching: (optional) Redis
-
Object storage: (optional) AWS S3
Non functional requirements:
-
Lint should be integrated
-
Please maintain all the status codes for the endpoints.
-
Unit tests should be implemented
-
Gitlab ci to lint, build, tests should be provided (example provided in the skeleton)
-
Two stage Dockerfile to build production application (example provided in the skeleton)
-
Stateless application – all data should be stored in DB, cache and/or file object store (Amazon S3)
-
All required application configuration must be passed as an environment parameters. And for production environment, configuration should be taken from AWS Parameter Store and/or Secret Manager. For encrypted values AWS KMS keys should be used. This is for prod env. For local dev params could be initialised locally using prefered config library( if you can’t use AWS Parameter store and/or Secret manager then please at least demonstrate how to easily modify code as future enhancement and be ready for this kind of refactoring to support this)
Application Starter Code
Application skeleton can be found here:
https://gitlab.com/easyuse-lpc/tc-templates/tree/master
Final Submission Guidelines
Please submit zip file containing:
-
Postgres Database scripts.
-
Postman script.
-
The source code with unit tests.
-
Build pipeline (Gitlab CI pipeline, Dockerfile)
-
Detailed README for the app that how to configure and run the backend.
-
Verification of sample API deployed on AWS that it can be accessed by the key generated above only. Provide any steps needed to make this key work.