Merge pull request #1 from topcoder-platform/develop

Initial commit

Author: ThomasKranitsas

README.md

@@ -1 +1,63 @@
-# challenges-api-v5
+# Topcoder Challenge API
+
+## Dependencies
+
+- nodejs https://nodejs.org/en/ (v10)
+- DynamoDB
+- Docker, Docker Compose
+
+## Configuration
+
+Configuration for the application is at `config/default.js`.
+The following parameters can be set in config files or in env variables:
+
+- LOG_LEVEL: the log level, default is 'debug'
+- PORT: the server port, default is 3000
+- AUTH_SECRET: The authorization secret used during token verification.
+- VALID_ISSUERS: The valid issuer of tokens.
+- DYNAMODB.AWS_ACCESS_KEY_ID: The Amazon certificate key to use when connecting. Use local dynamodb you can set fake value
+- DYNAMODB.AWS_SECRET_ACCESS_KEY: The Amazon certificate access key to use when connecting. Use local dynamodb you can set fake value
+- DYNAMODB.AWS_REGION: The Amazon certificate region to use when connecting. Use local dynamodb you can set fake value
+- DYNAMODB.IS_LOCAL: Use Amazon DynamoDB Local or server.
+- DYNAMODB.URL: The local url if using Amazon DynamoDB Local
+
+## DynamoDB Setup with Docker
+We will use DynamoDB setup on Docker.
+
+Just run `docker-compose up` in local folder
+
+If you have already installed aws-cli in your local machine, you can execute `./local/init-dynamodb.sh` to
+create the table. If not you can still create table following `Create Table via awscli in Docker`.
+
+## Create Table via awscli in Docker
+1. Make sure DynamoDB are running as per instructions above.
+
+2. Run the following commands
+```
+docker exec -ti dynamodb sh
+```
+Next
+```
+./init-dynamodb.sh
+```
+
+3. Now the tables have been created, you can use following command to verify
+```
+aws dynamodb scan --table-name Challenge --endpoint-url http://localhost:7777
+aws dynamodb scan --table-name ChallengeType --endpoint-url http://localhost:7777
+aws dynamodb scan --table-name ChallengeSetting --endpoint-url http://localhost:7777
+aws dynamodb scan --table-name AuditLog --endpoint-url http://localhost:7777
+```
+
+## Local Deployment
+
+- Install dependencies `npm install`
+- Run lint `npm run lint`
+- Run lint fix `npm run lint:fix`
+- Start app `npm start`
+- App is running at `http://localhost:3000`
+- Clear and init db `npm run init-db`
+- Insert test data `npm run test-data`
+
+## Verification
+Refer to the verification document `Verification.md`

Verification.md

@@ -0,0 +1,17 @@
+# TopCoder Challenge API Verification
+
+## Postman tests
+- import Postman collection and environment in the docs folder to Postman
+- note that the Postman tests depend on the test data, so you must first run `npm run init-db` and `npm run test-data` to setup test data
+- Just run the whole test cases under provided environment.
+
+## DynamoDB Verification
+1. Open a new console and run the command `docker exec -ti dynamodb sh` to use `aws-cli`
+
+2. On the console you opened in step 1, run these following commands you can verify the data that inserted into database during the executing of postman tests
+```
+aws dynamodb scan --table-name Challenge --endpoint-url http://localhost:7777
+aws dynamodb scan --table-name ChallengeType --endpoint-url http://localhost:7777
+aws dynamodb scan --table-name ChallengeSetting --endpoint-url http://localhost:7777
+aws dynamodb scan --table-name AuditLog --endpoint-url http://localhost:7777
+```

app-bootstrap.js

@@ -0,0 +1,10 @@
+/**
+ * App bootstrap
+ */
+global.Promise = require('bluebird')
+const Joi = require('joi')
+
+Joi.optionalId = () => Joi.string()
+Joi.id = () => Joi.optionalId().required()
+Joi.page = () => Joi.number().integer().min(1).default(1)
+Joi.perPage = () => Joi.number().integer().min(1).max(100).default(20)

app-constants.js

@@ -0,0 +1,11 @@
+/**
+ * App constants
+ */
+const UserRoles = {
+  Admin: 'Administrator',
+  Copilot: 'Copilot'
+}
+
+module.exports = {
+  UserRoles
+}

app-routes.js

@@ -0,0 +1,75 @@
+/**
+ * Configure all routes for express app
+ */
+
+const _ = require('lodash')
+const config = require('config')
+const HttpStatus = require('http-status-codes')
+const helper = require('./src/common/helper')
+const errors = require('./src/common/errors')
+const routes = require('./src/routes')
+const authenticator = require('tc-core-library-js').middleware.jwtAuthenticator
+
+/**
+ * Configure all routes for express app
+ * @param app the express app
+ */
+module.exports = (app) => {
+  // Load all routes
+  _.each(routes, (verbs, path) => {
+    _.each(verbs, (def, verb) => {
+      const controllerPath = `./src/controllers/${def.controller}`
+      const method = require(controllerPath)[def.method]; // eslint-disable-line
+      if (!method) {
+        throw new Error(`${def.method} is undefined`)
+      }
+
+      const actions = []
+      actions.push((req, res, next) => {
+        req.signature = `${def.controller}#${def.method}`
+        next()
+      })
+
+      // add Authenticator check if route has auth
+      if (def.auth) {
+        actions.push((req, res, next) => {
+          authenticator(_.pick(config, ['AUTH_SECRET', 'VALID_ISSUERS']))(req, res, next)
+        })
+
+        actions.push((req, res, next) => {
+          if (req.authUser.isMachine) {
+            next(new errors.ForbiddenError('M2M is not supported.'))
+          } else {
+            req.authUser.userId = String(req.authUser.userId)
+            // User
+            if (req.authUser.roles) {
+              if (!helper.checkIfExists(def.access, req.authUser.roles)) {
+                next(new errors.ForbiddenError('You are not allowed to perform this action!'))
+              } else {
+                next()
+              }
+            } else {
+              next(new errors.ForbiddenError('You are not authorized to perform this action'))
+            }
+          }
+        })
+      }
+
+      actions.push(method)
+      app[verb](path, helper.autoWrapExpress(actions))
+    })
+  })
+
+  // Check if the route is not found or HTTP method is not supported
+  app.use('*', (req, res) => {
+    if (routes[req.baseUrl]) {
+      res.status(HttpStatus.METHOD_NOT_ALLOWED).json({
+        message: 'The requested HTTP method is not supported.'
+      })
+    } else {
+      res.status(HttpStatus.NOT_FOUND).json({
+        message: 'The requested resource cannot be found.'
+      })
+    }
+  })
+}

app.js

@@ -0,0 +1,84 @@
+/**
+ * The application entry point
+ */
+
+require('./app-bootstrap')
+
+const _ = require('lodash')
+const config = require('config')
+const express = require('express')
+const bodyParser = require('body-parser')
+const cors = require('cors')
+const HttpStatus = require('http-status-codes')
+const logger = require('./src/common/logger')
+const interceptor = require('express-interceptor')
+
+// setup express app
+const app = express()
+
+app.use(cors())
+app.use(bodyParser.json())
+app.use(bodyParser.urlencoded({ extended: true }))
+app.set('port', config.PORT)
+
+// intercept the response body from jwtAuthenticator
+app.use(interceptor((req, res) => {
+  return {
+    isInterceptable: () => {
+      return res.statusCode === 403
+    },
+
+    intercept: (body, send) => {
+      let obj
+      try {
+        obj = JSON.parse(body)
+      } catch (e) {
+        logger.error('Invalid response body.')
+      }
+      if (obj && obj.result && obj.result.content && obj.result.content.message) {
+        const ret = { message: obj.result.content.message }
+        send(JSON.stringify(ret))
+      } else {
+        send(body)
+      }
+    }
+  }
+}))
+
+// Register routes
+require('./app-routes')(app)
+
+// The error handler
+// eslint-disable-next-line no-unused-vars
+app.use((err, req, res, next) => {
+  logger.logFullError(err, req.signature || `${req.method} ${req.url}`)
+  const errorResponse = {}
+  const status = err.isJoi ? HttpStatus.BAD_REQUEST : (err.httpStatus || HttpStatus.INTERNAL_SERVER_ERROR)
+
+  if (_.isArray(err.details)) {
+    if (err.isJoi) {
+      _.map(err.details, (e) => {
+        if (e.message) {
+          if (_.isUndefined(errorResponse.message)) {
+            errorResponse.message = e.message
+          } else {
+            errorResponse.message += `, ${e.message}`
+          }
+        }
+      })
+    }
+  }
+  if (_.isUndefined(errorResponse.message)) {
+    if (err.message && status !== HttpStatus.INTERNAL_SERVER_ERROR) {
+      errorResponse.message = err.message
+    } else {
+      errorResponse.message = 'Internal server error'
+    }
+  }
+
+  res.status(status).json(errorResponse)
+})
+
+app.listen(app.get('port'), () => {
+  logger.info(`Express server listening on port ${app.get('port')}`)
+})

config/default.js

@@ -0,0 +1,17 @@
+/**
+ * The configuration file.
+ */
+
+module.exports = {
+  LOG_LEVEL: process.env.LOG_LEVEL || 'debug',
+  PORT: process.env.PORT || 3000,
+  AUTH_SECRET: process.env.AUTH_SECRET || 'mysecret',
+  VALID_ISSUERS: process.env.VALID_ISSUERS || '["https://api.topcoder-dev.com", "https://api.topcoder.com", "https://topcoder-dev.auth0.com/"]',
+  DYNAMODB: {
+    AWS_ACCESS_KEY_ID: process.env.AWS_ACCESS_KEY_ID || 'FAKE_ACCESS_KEY',
+    AWS_SECRET_ACCESS_KEY: process.env.AWS_SECRET_ACCESS_KEY || 'FAKE_SECRET_ACCESS_KEY',
+    AWS_REGION: process.env.AWS_REGION || 'eu-central-1',
+    IS_LOCAL: process.env.IS_LOCAL || true,
+    URL: process.env.DYNAMODB_URL || 'http://localhost:7777'
+  }
+}