This repository contains the source code for a REST API for credit card registration. The API was developed using the Django framework and the Django Rest Framework. The database used is PostgreSQL. The project includes a docker-compose.yaml file to facilitate running the project in different environments. The project also includes a Pipfile for dependency management using Pipenv.

• The code must be in English.
• Use Git and install Git Hooks with pre-commit install.
• Make micro commits.
• Document in detail any references/tools researched.
• Create a public repository and share the link for development tracking.
• Implement automated tests (unit and integration).

1. Clone the repository.

2. Copy the .env.example file and rename the copy to .env.

3. Install the Git Hooks:

   pre-commit install
   

If you do not have Docker or Docker Compose installed, follow the official guides for installation:

• Install Docker
• Install Docker Compose

After installation, you can use the commands below to build and run the project.

To build the Docker image of the project:

docker-compose build

To start the services defined in the docker-compose.yaml:

docker-compose up

To stop the services:

docker-compose down

If you need to access the container directly to execute commands or inspect something, use:

docker exec -it maistodos_creditcard_backend_web-1 /bin/bash

This command opens a Bash shell in the maistodos_creditcard_backend_web_1 container, allowing you to interact directly with the container environment. To exit the shell, type exit. Note that the container name may be different, depending on your operating system.

If you prefer to run the project locally:

1. Install Pipenv:

   pip install pipenv
   

2. Install development dependencies:

   pipenv install --dev
   

3. Install PostgreSQL and set it up according to your operating system's instructions.

4. Activate the virtual environment:

   pipenv shell
   

5. Run the migrations:

   python manage.py migrate
   

6. Start the server:

   python manage.py runserver
   

For the system to function correctly, it is necessary to create the Django authentication tables. To do this, execute the command below:

python manage.py migrate authtoken

You only need to execute this command once, and this step needs to be performed in both the Docker version and the local version.

• GET /api/creditcards/ - List credit cards.
• GET /api/creditcards/<pk>/ - Credit card detail.
• POST /api/creditcards/ - Register a new credit card.
• GET /api/creditcards/<pk>.<format>/ - Credit card detail in a specific format.
• GET /api/creditcards/.<format>/ - List credit cards in a specific format.

• POST /api/users/create/ - Create a new user.
• GET /api/users/me/ - Get authenticated user information.
• POST /api/users/token/ - Obtain token for authentication.

• GET /api/docs/ - Swagger API documentation, including request examples.
• GET /api/schema/ - API schema.

Access to the API is open to the world but requires authentication and authorization, which is done using the Django Rest Framework's authtoken package. To obtain a token, make a POST request to /api/users/token/ with the user's email and password. The token will be returned in the response body. To use the token, include it in the Authorization header of the request, preceded by the word Token and a space. For example:

curl -X 'GET' \
  'http://localhost:8000/api/creditcards/' \
  -H 'accept: application/json' \
  -H 'Authorization: Token 9fad7d50928868c40315a215f3'

The application flow is as follows:

1. The user creates an account using the /api/users/create/ endpoint.
2. The user obtains an authentication token using the /api/users/token/ endpoint.
3. The user uses the token to access the protected API endpoints.
4. The

user registers a credit card using the /api/creditcards/ endpoint. 5. The user obtains credit card details using the /api/creditcards/<pk>/ endpoint. 6. The user gets a list of credit cards using the /api/creditcards/ endpoint.

The system performs various validations to ensure data quality. Below are detailed validations:

• The format must be MM/YYYY.
• The date cannot be before the current date.
• The expiration date's year must be no more than 10 years ahead of the current year.
• The month must be a value between 01 and 12.
• The year must have 4 digits, and the month 2 digits.

• Must be numeric.
• Must have between 3 and 4 digits.

• Must be numeric.
• Must have between 13 and 16 digits.
• The card number must be valid according to the creditcard library.
• The card number must be encrypted before being persisted.

• Must have at least 2 characters.

• The card brand is automatically determined using the creditcard library.
• If the brand is not supported or cannot be determined, an exception is thrown.

• For persistence, the expiration date is converted to the YYYY-MM-DD format, where DD is the last day of the specified month.

This repository includes tests for the credit card API and the user API. To run the tests, use inside or outside the container:

python manage.py test

To run tests with code coverage, use:

coverage run manage.py test && coverage report

The choice of architecture and technologies was based on familiarity with Django and the framework's ability to provide a robust and scalable solution. Additionally, the Django Rest Framework makes it easy to create APIs, while the python-creditcard library provides ready validations for credit card numbers. PostgreSQL was chosen as the database for being one of the most popular and having native support in Django. Docker was used to facilitate the project's execution in different environments. Git was used for code versioning and GitHub for repository hosting. Pipenv was used for dependency management. Python was chosen as the programming language for being the most popular language for web development.

• Improvements in API documentation, enhancing examples and adding more details.
• Improvements in application architecture, such as better separation of responsibilities, division into service layers and use cases, among others.
• Improvements in database architecture, such as the creation of indexes and table normalization.
• Improvements in security, such as adding HTTPS, JWT token authentication, CORS implementation, and other protection measures listed in OWASP.
• Addition of a CI/CD, such as GitHub Actions, to automate test execution and project deployment.
• Addition of an application server, like Gunicorn, to improve the project's performance and security when run in production.
• Improvements in the testing architecture, such as creating factories and mocks, better division of integration and unit tests.
• Creation of a script to populate the database with test data.
• Creation of a Postman file with examples of requests to the API.
• Addition of a log system, like Sentry, to monitor errors and failures.
• Separating development, testing, and production environments.
• Adding a caching system, like Redis, to improve API performance.
• Adding an observability system, like New Relic, to monitor API performance.
• Adding a WAF to improve security.

• Django Documentation
• Django Rest Framework
• python-creditcard

For any questions, contact danielbfr3@gmail.com.