Giters

FallingSnow / backend-developer-challenge

A backend developer interview challenge for rental APIs.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Backend Developer Challenge

A backend developer interview challenge for rental APIs.

Design

Security

Jsonwebtokens are specifically provided as json and not cookies to mitigate against CSRF attacks. If you properly secure against CSRF then you don't need to worry about it, but it's safer to just avoid credentials in cookies.

The secret for JWTs is stored in package.json, under variables.

Code

The code is laid out to mimic the request path (uri) as closely as possible. When you need to find out why a specific route is not functioning correctly, you can just follow the request path to end up at the code.

Tests

Tests are designed to be parallelized and isolated (one test does not in anyway interact with the others, especially since data is not written to the database files).

Goals

  • Basic auth to get JWT bearer token
  • JSON backed database
  • Provide simple information about rental listings
  • Use ES6+ and module dependencies (.mjs)
  • Minimal testing
  • Use async/await when possible/necessary

Non Goals (but would be nice)

  • Style linting
  • JSdoc documentation
  • OpenAPI documentation (would have been really nice to have self documenting code)
  • A real database
  • Webpack
    • This would have allowed us to do some cool things and save time, like automatic path traversal and global package import paths.
  • Better logging, both machine logging (json) and human readable
  • Multiple resolution images for responsive imgSets
  • User identity validation, such as email and phone number
  • Sanitized 500 error messages (preferably with a error tracking ID) & Sentry
  • Permissioned JWTs
  • Use more assurances from JWT spec (expires, audience, etc...)
  • Schema validation for new rentals/changes using yup
  • Rental query filtering/limiting
  • Git hooks for testing scripts, commit language, linting, etc..
  • SSL/TLS

Installation

Use the package manager yarn or npm to install backend-developer-challenge.

yarn install

Usage

yarn start

The endpoint should now be reachable at http://localhost:8080/api/v1.

Testing

yarn test

Development

See documentation in data/README.md and lib/api/v1/README.md as well.

You can load http-archive.har (located in the root directory) into your preferred API testing application for interactive testing.

License

MIT

Timing

1705 - 2140 Architecture design, data design, coding, testing
1415 - 1610 Implement endpoints and tests
2000 - 2030 Documentation for API

Total time: 7 Hours

About

A backend developer interview challenge for rental APIs.

License:MIT License

Languages

Language:JavaScript 100.0%