- Mongo needs to be running locally for tests to pass. A docker-compose.yml file is provided. See https://docs.docker.com/compose/install/ for installation instructions.
- Node.js v8.9+
Welcome to an Alchemy Engineering candidate assignment!
To complete this assignment, you will create the API to power the below conditions. Imagine, if you will, a web front end that allows admins to create users, who can then create ping pong players. Your job, should you choose to accept it, is to create an application to cover all of the use cases detailed in the documentation.
We've provided a project structure and pulled in a few specific libraries to help you get up and running quickly. Express is the web framework and Mongoose is the ORM. Six of the tests defined in user.spec.js are passing. It's up to you to get the 7 remaining tests to pass.
All functionality involving Players is left up to you, but feel free to use the users implementation for inspiration.
You're free to modify any of the code we provide out of the box. Just be ready to discuss your reasoning.
TL;DR:
- Refer to the documentation below
- Complete the API
- Ensure all tests are passing
- Send us your code
- Win
Bonus points if you:
- discover and fix any potential security vulnerabilities. Are we sanitizing responses properly? Storing any sensitive data to Mongo?
- Contribute tests of your own
- demonstrate understanding of async/await
We recommend you spend no more than 2-3 hours on this assignment.
Ensure Mongodb is running locally and then run
npm test
Part of the player-api
is managing admin users who are then able to manage players.
A user can only interact with players they have created themselves.
A user consists of the following information:
{
"id": "<string>",
"first_name": "<string>",
"last_name": "<string>",
"email": "<string>"
}
Create a new admin user. Each use must have a unique email address.
POST /api/user
Arguments
Field | Type | Description |
---|---|---|
first_name | string | User first name |
last_name | string | User last name |
string | User email address | |
password | string | User password |
confirm_password | string | User password confirmation |
Response
Field | Type | Description |
---|---|---|
success | boolean | Success indicator |
user | object | User details |
token | string | JWT token |
Example
curl -XPOST \
-H 'Content-Type: application/json' \
-d '{"first_name": "Jim", "last_name": "Bob", "email": "[email protected]", "password": "foobar", "confirm_password": "foobar"}' \
http://localhost:3000/api/user
Login an admin user.
POST /api/login
Arguments
Field | Type | Description |
---|---|---|
string | User email address | |
password | string | User password |
Response
Field | Type | Description |
---|---|---|
success | boolean | Success indicator |
user | object | User details |
token | string | JWT token |
Example
curl -XPOST \
-H 'Content-Type: application/json' \
-d '{"email": "[email protected]", "password": "foobar"}' \
http://localhost:3000/api/login
Players are managed by users, which are identified by a JWT.
Players consist of the following information:
{
"first_name": "<string>",
"last_name": "<string>",
"rating": "<number",
"handedness": "left|right"
}
List all current players in the system. Players are scoped to the current user.
GET /api/players
Headers
Name | Description |
---|---|
Authorization | JWT passed in bearer format |
Response
Field | Type | Description |
---|---|---|
success | boolean | Success indicator |
players | array | List of players |
Example
curl -XGET \
-H 'Authorization: Bearer <my_jwt_token>' \
http://localhost:3000/api/players
Create new player in the system. Players must have unique first name / last name combinations.
POST /api/players
Headers
Name | Description |
---|---|
Authorization | JWT passed in bearer format |
Arguments
Field | Type | Description |
---|---|---|
first_name | string | Player first name |
last_name | string | Player last name |
rating | string | Player rating |
handedness | enum | Player handedness (left or right) |
Response
Field | Type | Description |
---|---|---|
success | boolean | Success indicator |
player | object | Player information |
Example
curl -XPOST \
-H 'Authorization: Bearer <my_jwt_token>' \
-H 'Content-Type: application/json' \
-d '{"first_name": "Ma", "last_name": "Long", "rating": 9000, "handedness": "right"}' \
http://localhost:3000/api/players
Delete player from the system.
DELETE /api/players/:id
Headers
Name | Description |
---|---|
Authorization | JWT passed in bearer format |
Parameters
Name | Description |
---|---|
id | Player identifier |
Response
Field | Type | Description |
---|---|---|
success | boolean | Success indicator |
Example
curl -XDELETE \
-H 'Authorization: Bearer <my_jwt_token>' \
http://localhost:3000/api/players/1