/blog-rest-api

Senior/Regular PHP developer test task

Primary LanguagePHP

Blog REST API

This service provides a REST API for manipulating posts and tags.

API schema:

  • GET /ping Check if service is alive.
  • POST /posts Create new post.
  • GET /posts Get all posts. Can be filtered by tag.
  • GET /posts/count Get all posts count. Can be filtered by tag.
  • GET /posts/{post} Get post by id.
  • PATCH /posts/{post} Update post.
  • POST /posts/{post}/tags/{tag} Attach tag to post.
  • DELETE /posts/{post}/tags/{tag} Remove tag from post.
  • DELETE /posts/{post} Delete post.

Which parts of code are significant?

There'is plenty of autogenerated or boilerplate code, so it might be usefull to point out some significat parts that might be of interest. Here they are.

  • app/Post.php
  • app/Exceptions/Handler.php
  • routes/api.php
  • tests/api/PostsCept.php

It might be convenient to read the commit diffs. Each commit is small (except a few initial ones) and focused on a single feature.

One could also run tests with the following command (don't forget to run migrations and install composer deps first).

composer exec codecept run

Setting up development environment

Service is build upon Laravel framework. When in doubt, consult with the docs.

Clone the repo and switch to the created folder.

git clone https://github.com/sameoldmadness/blog-rest-api.git
cd blog-rest-api

Copy .env.example to .env.

cp .env.example .env

Set the following variables in .env.

  • MAILGUN_DOMAIN, MAILGUN_SECRET Mailgun credentials
  • MAIL_ADMIN A recipient for "Post created" emails

Set an application key.

php artisan key:generate

Install VirtualBox and Vagrant.

Run vagrant box.

vagrant up

Run migrations on this box.

vagrant ssh
cd blog-rest-api
php artisan make
exit

The service uses queues for async email sending. A queue can be started manually.

vagrant ssh
cd blog-rest-api
php artisan queue:work
exit

Add the following line to /etc/hosts.

192.168.10.10 homestead.app

API should be availble on URL http://homestead.app/api/v1.

What's next?

There still a lot of work to be done.

Infrastructure

  • Start queue with Supervisor
  • Set up CI
  • Run tests before deploy
  • Set up linting and code quality tools

Testing

  • Test emails/caching
  • Disable email reports for test/local environments
  • Test for invalid input
  • Split PostsCept into separate files
  • Make tests independent

Architecture

  • Get rid of magic constants (cache ttl, api prefix)
  • Move coordination logic from router to controllers

Performance

  • tags are stored in mysql field with type JSON. See EXPLAIN for search queries. Compare performance with normalized database and NOSQL storage.
  • Cache is not configured, may fiddle with size/ttl/key structure.

Security

  • API parameters validation is not implemented by any means. Should be.
  • Error messages are hidden in production, but are not logged. Should be.
  • It might be an SQL injection somewhere near JSON_CONTAINS clause. Needs attention.

License

MIT.