[72hr]Poseidon's developer portal Backend API Part 1

 

Challenge Overview

Welcome to a new series of Poseidon’s developer portal. In this challenge, we are creating backend APIs for developer portal.

Project Overview

This subproject of Poseidon’s series we are building developer portal to share information about our platform to the developer who wants to integrate Poseidon’s API/sdk in their app.

 

With this challenge we will be building the backend API for the given design. After this we will integrate with the angular prototype.

Technology Stack

Node.js, PostgreSQL, Typescript

Individual Requirement

Implement the following endpoints in node js

 

In this app the user creates API Keys to access the sdk endpoints. 

 

1. Register

 

Please follow the design from the link https://marvelapp.com/1050g79j/screen/64765895

It should call AWS Cognito user pool sign up process and return payload from AWS cognito to frontend

Method: POST

URL: /register

Body: {fullName, userName, password}

 

2. Login

 

Please follow the design from the link https://marvelapp.com/1050g79j/screen/64765894 for input.

It should call AWS Cognito user pool authentication process and return payload from AWS cognito to frontend

 

Method: POST

URL: /login

Body: {Username, password}

Returns: {token}

 

3. Forgot Password 

Use AWS Cognito API to both request password reset and send email with reset link.

https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ForgotPassword.html

Method: POST

URL: /forgotPassword

Body: {Username}

Returns: N/A

 

4. Reset Password - (without Authorization)

Should call the https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmForgotPassword.html to reset the password.

Method: POST

URL: /resetPassword

Body: {ConfirmationCode, Username, newPassword}

Returns: N/A

 

5. Create API Key

 

This method should create API key and API secret and register them in another AWS Cognito pool as username and password.

HTTP Method: POST

URL: /createKeys

Authorization: Bearer <Auth token from login endpoint>

Body: {note}

Returns: {note, apiKey, apiSecret}

The algorithm will be as

1. This api will create random 16-alphanumeric chars API Key and UUID API secret which are treated as username and password

2. Check if the user name does not exist in another API user pool. If so - get back to point 1.

3. Send those username and password to another user pool, to sign up

4. Store the mapping of current user pool with API key for second pool in db.

5. Return the same values as api key and secret which are also (username and password for another user pool)

 

6. Delete API Key

   Remove API Key from the second user pool and db mapping table.

HTTP Method: DELETE

URL: /deleteKeys

Authorization: Bearer <Auth token from login endpoint>

Query String: apiKey

Returns: N/A

 

7. Get All API Keys

 

Get all keys created by user which are present in UI.

HTTP Method: GET

URL: /getKeys

Authorization: Bearer <Auth token from login endpoint>

Returns: [{note, apiKey}]

 

Compatibility:

• RDBMS: PostgreSQL 10.x

• Authentication provider: AWS Cognito

• Caching: (optional) Redis

• Object storage: (optional) AWS S3

Non functional requirements:

• Lint should be integrated

• Please maintain all the status codes for the endpoints.

• Unit tests should be implemented

• Gitlab ci to lint, build, tests should be provided (example provided in the skeleton)

• Two stage Dockerfile to build production application (example provided in the skeleton)

• Stateless application – all data should be stored in DB, cache and/or file object store (Amazon S3)

• All required application configuration must be passed as an environment parameters. And for production environment, configuration should be taken from AWS Parameter Store and/or Secret Manager. For encrypted values AWS KMS keys should be used. This is for prod env. For local dev params could be initialised locally using prefered config library( if you can’t use AWS Parameter store and/or Secret manager then please at least demonstrate how to easily modify code as future enhancement and be ready for this kind of refactoring to support this)

Application Starter Code

Application skeleton can be found here: 

https://gitlab.com/easyuse-lpc/tc-templates/tree/master

Final Submission Guidelines

Please submit zip file containing:

1. Postgres Database scripts.

2. Postman script.

3. The source code with unit tests.

4. Build pipeline (Gitlab CI pipeline, Dockerfile)

5. Detailed README for the app that how to configure and run the backend.

6. Verification of sample API deployed on AWS that it can be accessed by the key generated above only. Provide any steps needed to make this key work.