we can get the current user from the http execution context
now we have to see is the user authorized to perform the action?
like I should not delete another user's data! right?

user should be able to login from frontend and hit apis on backend
the auth mechanism should prevent XSS attacks

Start or End the Trip
Using this API, a driver will be able to start and end the trip.
startTrip(driverID: UUID, tripID: UUID): boolean
endTrip(driverID: UUID, tripID: UUID): boolean
Parameters

Driver ID (UUID): ID of the driver.

Trip ID (UUID): ID of the requested trip.

Returns

Result (boolean): Represents whether the operation was successful or not.

Deny the Ride
This API will allow the customer to cancel the accepted trip.
denyRide(customerID: UUID, rideID: UUID, reason: string): boolean
Parameters

Customer ID (UUID): ID of the driver.

Ride ID (UUID): ID of the customer requested ride.

Returns

Result (boolean): Represents whether the operation was successful or not.

api should have two endpoints, one for sending friend request, another for accepting request

all trip updates must be in trip log

currently, the message queue receiver is already receiving new user when a user is registered,

you just have to insert it in database

challenge: dependency injection is an issue here, since the message queue receiver is not a controller, and you cannot inject db context here as do it in controllers...

1. endpoint to request ride - create trip
2. endpoint to process request - update trip

generic repo service controllers must support default pagination in standard format

write separate dockerfile if necessary for each api
write docker compose to run altogether

write proper tests for customer api controller layer, service layer, domain layer, everywhere necessary

cover all scenarios e.g ride requested, accepted, rejected, etc..

the triggers should also be kept in codebase as .sql files just to keep a copy

Background
Currently, we have kept source destination location as simple string for simplicity. We want to have real location data.

Goal
EF Core supports spatial data types. Have a deep look on it. Study. Implement latitude longitude.

one user table should have roles column with jsonb value in postgres containing all roles as string

Rate the Trip
This API will enable customers to rate the trip.
rateTrip(customerID: UUID, tripID: UUID, rating: int, feedback?: string): boolean

Parameters

Customer ID (UUID): ID of the customer.

Trip ID (UUID): ID of the completed trip.

Rating (int): Rating of the trip.

Feedback (string): Feedback about the trip by the customer (optional).

Returns

Result (boolean): Represents whether the operation was successful or not.

customer can cancel a trip request if he/she wants

lets say the project is using redis
but the system has not redis installed
the code should smoothly ignore it instead of crashing down

no service other than authentication service should any code related to user password checking related stuffs.

Hint: you need to run BFS with node depth of exact 02!

The project must implement rabbitmq from code from rabbitmq documentation. not any framework or library. also the code must be reusable like a library.

docker compose up -> runs all images as containers

• but each container can only be accessed via http ports
• https wont work
• api gateway wont work
• cannot enter sql server through port
• cannot view swagger

Deny the Ride
This API will allow the driver to deny the trip.
denyRide(driverID: UUID, rideID: UUID, reason: string): boolean
Parameters

Driver ID (UUID): ID of the driver.

Ride ID (UUID): ID of the customer requested ride.

Returns

Result (boolean): Represents whether the operation was successful or not.

• keycloak instance should be up and running with docker compose
• keycloak should use posgresql as its database
• keycloak database backup should remain on hard disk of the server (data recovery on instance destroy)
• user should signup & get access tokens from keycloak
• api gateway should block requests if found unauthenticated!
• all internal services should independently validate the jwt token from keycloak

application layer or controller layer should not get concerned with cache mechanisms

your caching will be handled from ef core or dapper or on a repository on top of it

Accept the Ride
This API will allow the driver to accept the trip.
acceptRide(driverID: UUID, rideID: UUID): boolean
Parameters

Driver ID (UUID): ID of the driver.

Ride ID (UUID): ID of the customer requested ride.

Returns

Result (boolean): Represents whether the operation was successful or not.

Possible criteria:

• when user is received in ridesharing, dont insert user in db if user has not role customer or driver
• if a user with driver role signs up in auth service, insert driver entity in driver table of ridesharing db
• if the user then adds customer role with update endpoint in auth service, insert customer entity in customer table of ridesharing db
• if user updates mobile number, but user is not present in ridesharing db, then insert
• if user updates mobile number, you may need to update both customer and driver table

it is very easy to use keycloak js adapter to login into keycloak from spa application.
but client side auth is less secure than server side auth.
the challenge is to build server side authorization with no control over frontend

Request a Ride
Through this API, customers will be able to request a ride.
requestRide(customerID: UUID, source: Tuple, destination: Tuple, cabType: Enum, paymentMethod: Enum): Ride
Parameters

Customer ID (UUID): ID of the customer.

Source (Tuple): Tuple containing the latitude and longitude of the trip's starting location.

Destination (Tuple): Tuple containing the latitude and longitude of the trip's destination.

Returns

Result (boolean): Represents whether the operation was successful or not.

• dapper should hit query only database container
• ef core should hit command only database container
• try using same volume for both & see it works or not!?

• if user updates password, dont inform other services
• if user updates necessary information, inform other services
• if user deletes account, inform other services

Cancel the Ride
This API will allow customers to cancel the ride.
cancelRide(customerID: UUID, reason?: string): boolean
Parameters

Customer ID (UUID): ID of the customer.

Reason (UUID): Reason for canceling the ride (optional).

Returns

Result (boolean): Represents whether the operation was successful or not.

you need to throw a background job using rabbitmq when a ride is created and auto cancel it if not accepted in next one-five mins.

also, if a rider accepts it and cancels it, the auto cancel timeout should get reset (the resetting thing can be done in a follow up PR)

may setup two sample endpoints to test redis connection
one for set cache
one for get cache

the graph database must be able to create friends like facebook friends and run bfs algorithm to find all friends of a user

currently only blog service db gets inserted when user signs up in auth db.
since fanout exchange is used for this event, add ridesharing too as a subscriber and insert in its database