This document describes a home assignment for the Backend Developer position, involving the creation of a backend service using Strapi.js (version 4 and above) with the following specifications. The project is written in TypeScript and integrates Auth0 for authentication using the users-permissions plugin.
Requirements 📎
-
Messages Collection ✅:
- Create a collection type called
Messages. - Each message should have a relationship with the
Userstable.
- Create a collection type called
-
Custom API Endpoints ✅:
- Manually implement API endpoints for getting and creating messages. Do not use Strapi's default CRUD APIs for these operations.
- Implement an endpoint to delete messages (can use Strapi’s default DELETE API).
-
Access Control ✅:
- Users should only have access to their own messages.
- Ensure no user can access messages belonging to others.
-
Documentation ✅:
- Provide a detailed guide for getting, creating, and deleting messages.
-
Third-Party Authentication ✅:
- Implement authentication using a third-party provider (e.g., Firebase, Auth0).
- This project uses Auth0 for user authentication.
-
Live Version ❌:
- Host and provide a link to a live version of the service.
Ensure you have the following installed:
- Node.js (v16 or later)
- npm or yarn
- Auth0 Account (or equivalent authentication provider account)
git clone https://github.com/farzinf/zagros-dev.git
cd zagros-devnpm installCreate .env file from .env.example:
cp .env.example .envReplace the placeholders with your actual Auth0 credentials.
-
create Auth0 account and create application docs
-
Log in to the Strapi Admin Panel.
-
Navigate to Settings → Users & Permissions Plugin → Providers.
-
Enable the Auth0 provider and configure it with the following details:
- Client ID:
my-client-id - Client Secret:
my-secret - Host URI (Subdomain):
my-subdomain - Redirect URL to your front-end app:
api/auth/auth0/callback
- Client ID:
-
Save the configuration.
- Log in to the Strapi Admin Panel and go
settings > users-permissions > rolesor url/admin/settings/users-permissions/roles. - in
Permissionssection expandAuthaddstatuspermission in urlGET /api/auth/status - in
Permissionssection expandMessageaddselect allpermission - Save the configuration.
npm run developThe server will start at http://localhost:1337.
This project uses the users-permissions plugin with Auth0 as the provider for user authentication. Ensure your Auth0 application is set up with the following:
- Allowed Callback URLs:
http://localhost:1337/connect/auth0/callback - Allowed Logout URLs:
http://localhost:1337
Users must authenticate via Auth0 before accessing the API.
-
Open the URL
/api/connect/auth0in your browser. This will redirect you to the Auth0 authentication page. -
Log in or sign up using your Auth0 credentials.
-
After successful authentication, you will be redirected to:
http://localhost:1337/api/auth/auth0/callback
Use the JWT token in subsequent API requests by adding it to the Authorization header as a Bearer token: If the authentication is successful, a JWT token will be issued.
Authorization: Bearer ${jwt}
Example jwt Token:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MTcsImlhdCI6MTczMTk0NjAxNX0.XjPQ240y1aLyN-3Fda1H3SojeGzyRrK0S1N5jMHIO0o
Verify your authentication status using the following endpoint:
Check Authentication Status:
- URL: http://localhost:1337/api/auth/status
- Curl Example:
curl -X GET http://localhost:1337/api/auth/status \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MTcsImlhdCI6MTczMTk0NjAxNX0.XjPQ240y1aLyN-3Fda1H3SojeGzyRrK0S1N5jMHIO0o"If successful, the response will confirm your authenticated status.
The Messages collection contains the following fields:
- id: Auto-generated unique identifier.
- content: Text field to store the message content.
- sender: Relation to the
Userstable (one-to-many). - recipient: Relation to the
Userstable (one-to-many).
- Endpoint:
GET /api/messages - Description: Fetch all messages belonging to the authenticated user.
- Access Control: Only the authenticated user’s messages will be returned.
- Endpoint:
POST /api/messages - Description: Create a new message for the authenticated user.
- Payload Example:
{ "content": "Your message content here", "recipientId": 12 }
- Endpoint:
DELETE /api/messages/:id - Description: Deletes a message if it belongs to the authenticated user.
-
Build the project for production:
npm run build
-
Deploy the application using your preferred platform (e.g., Heroku, AWS, Vercel).
-
Set the necessary environment variables in your hosting environment.
This project is licensed under the MIT License.