Final Project for the subject Fundamentals in Backend Development in PowerX Program
Implement a collaborative TODO-list application
Create a TODO-list CRUD API with these below endpoints:
-
[Public] A registration endpoint that would accept an email and password, and rejects any emails that have been registered before
-
[Public] A login endpoint that would return a JSON Web token that could be used on authenticated endpoint
-
[Auth-ed] CRUD endpoints for TODO lists:
- A Create endpoint with the list being created belongs to and can only be accessed by the creator or anyone added to access the list
- A GET all TODO-list endpoint that would return an array of TODO-lists with their titles based on who the currently authenticated user is
- A GET a single TODO-list by its ID endpoint that would return the corresponding TODO-list together with all of the items in the list based on who the current authenticated user is. Returns 403 forbidden with a proper error JSON object if the user cannot access the list
- A PUT/PATCH endpoint to update a TODO-list’s title by its ID based on who the current authenticated user is. Returns 403 forbidden with a proper error JSON object if the user cannot access the list
- A DELETE endpoint to remove a TODO-list. Soft-delete should be used
-
[Auth-ed] An endpoint to add someone by email to be able to access a TODO list:
- This operation should be processed in an event-driven manner: The endpoint would immediate respond with an appropriate 200 JSON response after putting an event into a message broker (recommended rabbitmq as there’s a free plan)
- There will be a separate worker process that would consume the message and:
- Do nothing if there’s no existing user with such email
- Give the corresponding user with such email access to the list
- Requeue the message if there are errors during processing
-
[Auth-ed] CUD endpoints for items in a TODO list, only for those with access to the specific list:
- Create an item in the list
- Update an item in the list
- Delete an item from the list. Soft delete should be used
- Note: There’s no R endpoint as that’s been covered in the TODO-list CRUD endpoint
-
The app should be deployed to heroku. For the database, you can use the heroku postgres plugin free tier. For the message broker, you can use the free tier from rabbitmq.
-
The code should be covered with unit test for at least 50%
Bonus:
- Write integration tests with supertest for all endpoints
- Produce an OpenAPI yaml specs, and use it for request and response validation with express-openapi-validator
- Have a cronjob that update a global counter in the application on how many tasks have been completed for the entire user base every 5 minutes
- Have a public socket endpoint that would push updates on the above-mentioned counter whenever it’s updated
- Implemented using Express.js, PostgreSQL and RabbitMQ
- Authentication used to make sure users view/edit/delete only their items
Following concepts have been applied:
- Express.js Routing
- CRUD operations with soft-delete
- Middleware and Services
- Authentication using Token
- Dependency Injection
- Message Broker Concepts
- Unit Testing
- Integration Testing (Partial)
My application requires Postman to use. The following are description of the endpoints:
- Returns "Hello World" text
-
Payload:
{ "username": [username], "email": [user_email], "password": [password] }
-
Returns:
{ "token": [token] }
-
Payload:
{ "username": [username], "password": [password] }
-
Returns:
{ "token": [token] }
-
Requires Header:
Authorization: Bearer [token]
-
Payload:
{ "name": [task_name], "is_deleted": false }
-
Returns the newly added
Item
object
- Requires Header:
Authorization: Bearer [token]
- Returns the list of
Item
objects that belongs to the authorized user
- Requires Header:
Authorization: Bearer [token]
- Returns:
Item
object if user is authorized to view andItem
object still exist- Error 400 if item is not found or deleted
- Error 403 if user is unauthorised
- Requires Header:
Authorization: Bearer [token]
- Returns:
- The newly modified
Item
object if the item was successfully modified - Error 400 if item is not found or deleted
- Error 403 if user is unauthorised
- The newly modified
- Requires Header:
Authorization: Bearer [token]
- Returns:
- A text saying the item was successfully deleted if delete was successful
- Error 400 if item is not found or already deleted
- Error 403 if user is unauthorised
- node.js must be installed. test if successfully installed by running
node -v
- Postman or anything similar must be installed to test the API
- PostgreSQL must be installed and a database
beday3
must be created - RabbitMQ must be installed (usually through docker image)
- Run
npm install
to install the node modules - Create the database (
todoapp
) in PostgreSQL if not created, then do the database migration by runningnpm run db:migrate
- Make sure the database is connected
- Run the RabbitMQ image
- Run
npm run start
to deploy the application locally - Open Postman and start testing
- Refer to above for the endpoints
Open Postman and start testing using the base URL as https://powerx-todo-app.herokuapp.com/. No setting up required.