Read these instructions carefully. Understand exactly what is expected before starting this Sprint Challenge.
This challenge allows you to practice the concepts and techniques learned over the past sprint and apply them in a concrete project. This sprint explored Authentication and Testing. During this sprint, you studied authentication, JSON web tokens, unit testing, and backend testing. In your challenge this week, you will demonstrate your mastery of these skills by creating a dad jokes app.
This is an individual assessment. All work must be your own. Your challenge score is a measure of your ability to work independently using the material covered through this sprint. You need to demonstrate proficiency in the concepts and objectives introduced and practiced in preceding days.
You are not allowed to collaborate during the sprint challenge. However, you are encouraged to follow the twenty-minute rule and seek support from your TL if you need direction.
You have three hours to complete this challenge. Plan your time accordingly.
In this challenge, you build a real wise-guy application. Dad jokes are all the rage these days. Currently the application is trying to receive some Dad Jokes
, however we are locked out.
Implement an User Authentication System. Hash user's passwords before saving the user to the database. Use JSON Web Tokens
or Sessions and Cookies
to persist authentication across requests.
Commit your code regularly and meaningfully. This helps both you (in case you ever need to return to old code for any number of reasons) and your team lead as the evaluate your solution.
Be prepared to demonstrate your understanding of this week's concepts by answering questions on the following topics. You might prepare by writing down your own answers before hand.
-
Differences between using sessions or JSON Web Tokens for authentication.
-
What does
bcrypt
do to help us store passwords in a secure manner. -
How are unit tests different from integration and end-to-end testing.
-
How Test Driven Development changes the way we write applications and tests.
You are expected to be able to answer questions in these areas. Your responses contribute to your Sprint Challenge grade.
- Create a forked copy of this project
- Add your team lead as collaborator on Github
- Clone your OWN version of the repository (Not Lambda's by mistake!)
- Create a new branch: git checkout -b
<firstName-lastName>
. - Implement the project on your newly created
<firstName-lastName>
branch, committing changes regularly - Push commits: git push origin
<firstName-lastName>
Your finished project must include all of the following requirements:
- An authentication workflow with functionality for account creation and login implemented inside
/auth/auth-router.js
. Auser
hasusername
andpassword
. Both properties are required. - Middleware used to restrict access to resources for non authenticated requests. Use the file:
./auth/authenticate-middleware.js
as a starting point. - Configuration for running tests using
Jest
. - A minimum o 2 tests per API endpoint.
Note: the database already has the users table, but if you run into issues, the migrations are available.
In your solution, it is essential that you follow best practices and produce clean and professional results. You will be scored on your adherence to proper code style and good organization. Schedule time to review, refine, and assess your work and perform basic professional polishing including spell-checking and grammar-checking on your work. It is better to submit a challenge that meets MVP than one that attempts too much and does not.
After finishing your required elements, you can push your work further. These goals may or may not be things you have learned in this module but they build on the material you just studied. Time allowing, stretch your limits and see if you can deliver on the following optional goals:
- Write at least 4 tests per endpoint.
- Extract user validation into a separate method and write unit tests for it.
- Use a separate testing database for the endpoint tests.
- Implement authentication with the other method, if you used JWTs for MVP use sessions for stretch and vice versa.
Follow these steps for completing your project.
- Submit a Pull-Request to merge Branch into master (student's Repo). Please don't merge your own pull request
- Add your team lead as a reviewer on the pull-request
- Your team lead will count the project as complete after receiving your pull-request