Initial commit

Author: ThomasKranitsas

README.md

@@ -1 +1,63 @@
-# challenges-api-v5
+# Topcoder Challenge API
+
+## Dependencies
+
+- nodejs https://nodejs.org/en/ (v10)
+- DynamoDB
+- Docker, Docker Compose
+
+## Configuration
+
+Configuration for the application is at `config/default.js`.
+The following parameters can be set in config files or in env variables:
+
+- LOG_LEVEL: the log level, default is 'debug'
+- PORT: the server port, default is 3000
+- AUTH_SECRET: The authorization secret used during token verification.
+- VALID_ISSUERS: The valid issuer of tokens.
+- DYNAMODB.AWS_ACCESS_KEY_ID: The Amazon certificate key to use when connecting. Use local dynamodb you can set fake value
+- DYNAMODB.AWS_SECRET_ACCESS_KEY: The Amazon certificate access key to use when connecting. Use local dynamodb you can set fake value
+- DYNAMODB.AWS_REGION: The Amazon certificate region to use when connecting. Use local dynamodb you can set fake value
+- DYNAMODB.IS_LOCAL: Use Amazon DynamoDB Local or server.
+- DYNAMODB.URL: The local url if using Amazon DynamoDB Local
+
+## DynamoDB Setup with Docker
+We will use DynamoDB setup on Docker.
+
+Just run `docker-compose up` in local folder
+
+If you have already installed aws-cli in your local machine, you can execute `./local/init-dynamodb.sh` to
+create the table. If not you can still create table following `Create Table via awscli in Docker`.
+
+## Create Table via awscli in Docker
+1. Make sure DynamoDB are running as per instructions above.
+
+2. Run the following commands
+```
+docker exec -ti dynamodb sh
+```
+Next
+```
+./init-dynamodb.sh
+```
+
+3. Now the tables have been created, you can use following command to verify
+```
+aws dynamodb scan --table-name Challenge --endpoint-url http://localhost:7777
+aws dynamodb scan --table-name ChallengeType --endpoint-url http://localhost:7777
+aws dynamodb scan --table-name ChallengeSetting --endpoint-url http://localhost:7777
+aws dynamodb scan --table-name AuditLog --endpoint-url http://localhost:7777
+```
+
+## Local Deployment
+
+- Install dependencies `npm install`
+- Run lint `npm run lint`
+- Run lint fix `npm run lint:fix`
+- Start app `npm start`
+- App is running at `http://localhost:3000`
+- Clear and init db `npm run init-db`
+- Insert test data `npm run test-data`
+
+## Verification
+Refer to the verification document `Verification.md`

Verification.md

@@ -0,0 +1,17 @@
+# TopCoder Challenge API Verification
+
+## Postman tests
+- import Postman collection and environment in the docs folder to Postman
+- note that the Postman tests depend on the test data, so you must first run `npm run init-db` and `npm run test-data` to setup test data
+- Just run the whole test cases under provided environment.
+
+## DynamoDB Verification
+1. Open a new console and run the command `docker exec -ti dynamodb sh` to use `aws-cli`
+
+2. On the console you opened in step 1, run these following commands you can verify the data that inserted into database during the executing of postman tests
+```
+aws dynamodb scan --table-name Challenge --endpoint-url http://localhost:7777
+aws dynamodb scan --table-name ChallengeType --endpoint-url http://localhost:7777
+aws dynamodb scan --table-name ChallengeSetting --endpoint-url http://localhost:7777
+aws dynamodb scan --table-name AuditLog --endpoint-url http://localhost:7777
+```

app-bootstrap.js

@@ -0,0 +1,10 @@
+/**
+ * App bootstrap
+ */
+global.Promise = require('bluebird')
+const Joi = require('joi')
+
+Joi.optionalId = () => Joi.string()
+Joi.id = () => Joi.optionalId().required()
+Joi.page = () => Joi.number().integer().min(1).default(1)
+Joi.perPage = () => Joi.number().integer().min(1).max(100).default(20)

app-constants.js

@@ -0,0 +1,11 @@
+/**
+ * App constants
+ */
+const UserRoles = {
+  Admin: 'Administrator',
+  Copilot: 'Copilot'
+}
+
+module.exports = {
+  UserRoles
+}

app-routes.js

@@ -0,0 +1,75 @@
+/**
+ * Configure all routes for express app
+ */
+
+const _ = require('lodash')
+const config = require('config')
+const HttpStatus = require('http-status-codes')
+const helper = require('./src/common/helper')
+const errors = require('./src/common/errors')
+const routes = require('./src/routes')
+const authenticator = require('tc-core-library-js').middleware.jwtAuthenticator
+
+/**
+ * Configure all routes for express app
+ * @param app the express app
+ */
+module.exports = (app) => {
+  // Load all routes
+  _.each(routes, (verbs, path) => {
+    _.each(verbs, (def, verb) => {
+      const controllerPath = `./src/controllers/${def.controller}`
+      const method = require(controllerPath)[def.method]; // eslint-disable-line
+      if (!method) {
+        throw new Error(`${def.method} is undefined`)
+      }
+
+      const actions = []
+      actions.push((req, res, next) => {
+        req.signature = `${def.controller}#${def.method}`
+        next()
+      })
+
+      // add Authenticator check if route has auth
+      if (def.auth) {
+        actions.push((req, res, next) => {
+          authenticator(_.pick(config, ['AUTH_SECRET', 'VALID_ISSUERS']))(req, res, next)
+        })
+
+        actions.push((req, res, next) => {
+          if (req.authUser.isMachine) {
+            next(new errors.ForbiddenError('M2M is not supported.'))
+          } else {
+            req.authUser.userId = String(req.authUser.userId)
+            // User
+            if (req.authUser.roles) {
+              if (!helper.checkIfExists(def.access, req.authUser.roles)) {
+                next(new errors.ForbiddenError('You are not allowed to perform this action!'))
+              } else {
+                next()
+              }
+            } else {
+              next(new errors.ForbiddenError('You are not authorized to perform this action'))
+            }
+          }
+        })
+      }
+
+      actions.push(method)
+      app[verb](path, helper.autoWrapExpress(actions))
+    })
+  })
+
+  // Check if the route is not found or HTTP method is not supported
+  app.use('*', (req, res) => {
+    if (routes[req.baseUrl]) {
+      res.status(HttpStatus.METHOD_NOT_ALLOWED).json({
+        message: 'The requested HTTP method is not supported.'
+      })
+    } else {
+      res.status(HttpStatus.NOT_FOUND).json({
+        message: 'The requested resource cannot be found.'
+      })
+    }
+  })
+}

app.js

@@ -0,0 +1,84 @@
+/**
+ * The application entry point
+ */
+
+require('./app-bootstrap')
+
+const _ = require('lodash')
+const config = require('config')
+const express = require('express')
+const bodyParser = require('body-parser')
+const cors = require('cors')
+const HttpStatus = require('http-status-codes')
+const logger = require('./src/common/logger')
+const interceptor = require('express-interceptor')
+
+// setup express app
+const app = express()
+
+app.use(cors())
+app.use(bodyParser.json())
+app.use(bodyParser.urlencoded({ extended: true }))
+app.set('port', config.PORT)
+
+// intercept the response body from jwtAuthenticator
+app.use(interceptor((req, res) => {
+  return {
+    isInterceptable: () => {
+      return res.statusCode === 403
+    },
+
+    intercept: (body, send) => {
+      let obj
+      try {
+        obj = JSON.parse(body)
+      } catch (e) {
+        logger.error('Invalid response body.')
+      }
+      if (obj && obj.result && obj.result.content && obj.result.content.message) {
+        const ret = { message: obj.result.content.message }
+        send(JSON.stringify(ret))
+      } else {
+        send(body)
+      }
+    }
+  }
+}))
+
+// Register routes
+require('./app-routes')(app)
+
+// The error handler
+// eslint-disable-next-line no-unused-vars
+app.use((err, req, res, next) => {
+  logger.logFullError(err, req.signature || `${req.method} ${req.url}`)
+  const errorResponse = {}
+  const status = err.isJoi ? HttpStatus.BAD_REQUEST : (err.httpStatus || HttpStatus.INTERNAL_SERVER_ERROR)
+
+  if (_.isArray(err.details)) {
+    if (err.isJoi) {
+      _.map(err.details, (e) => {
+        if (e.message) {
+          if (_.isUndefined(errorResponse.message)) {
+            errorResponse.message = e.message
+          } else {
+            errorResponse.message += `, ${e.message}`
+          }
+        }
+      })
+    }
+  }
+  if (_.isUndefined(errorResponse.message)) {
+    if (err.message && status !== HttpStatus.INTERNAL_SERVER_ERROR) {
+      errorResponse.message = err.message
+    } else {
+      errorResponse.message = 'Internal server error'
+    }
+  }
+
+  res.status(status).json(errorResponse)
+})
+
+app.listen(app.get('port'), () => {
+  logger.info(`Express server listening on port ${app.get('port')}`)
+})

config/default.js

@@ -0,0 +1,17 @@
+/**
+ * The configuration file.
+ */
+
+module.exports = {
+  LOG_LEVEL: process.env.LOG_LEVEL || 'debug',
+  PORT: process.env.PORT || 3000,
+  AUTH_SECRET: process.env.AUTH_SECRET || 'mysecret',
+  VALID_ISSUERS: process.env.VALID_ISSUERS || '["https://api.topcoder-dev.com", "https://api.topcoder.com", "https://topcoder-dev.auth0.com/"]',
+  DYNAMODB: {
+    AWS_ACCESS_KEY_ID: process.env.AWS_ACCESS_KEY_ID || 'FAKE_ACCESS_KEY',
+    AWS_SECRET_ACCESS_KEY: process.env.AWS_SECRET_ACCESS_KEY || 'FAKE_SECRET_ACCESS_KEY',
+    AWS_REGION: process.env.AWS_REGION || 'eu-central-1',
+    IS_LOCAL: process.env.IS_LOCAL || true,
+    URL: process.env.DYNAMODB_URL || 'http://localhost:7777'
+  }
+}

docs/Challenges_ v5.png

@@ -0,0 +1,141 @@
+{
+	"id": "0d840d30-7274-4970-a5f5-476fa9d1e3c5",
+	"name": "topcoder-challenge-api",
+	"values": [
+		{
+			"key": "URL",
+			"value": "http://localhost:3000",
+			"description": "",
+			"enabled": true
+		},
+		{
+			"key": "user_token",
+			"value": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJyb2xlcyI6WyJUb3Bjb2RlciBVc2VyIl0sImlzcyI6Imh0dHBzOi8vYXBpLnRvcGNvZGVyLWRldi5jb20iLCJoYW5kbGUiOiJkZW5pcyIsImV4cCI6MTU1MjgwMDE2OSwidXNlcklkIjoiMjUxMjgwIiwiaWF0IjoxNTQ5Nzk5NTY5LCJlbWFpbCI6ImVtYWlsQGRvbWFpbi5jb20ueiIsImp0aSI6IjljNDUxMWM1LWMxNjUtNGExYi04OTllLWI2NWFkMGUwMmI1NSJ9.hnvLo-S4uDjnnhp5k69z2V0AI3F0Bts_fXnMoQmAd2k",
+			"description": "",
+			"enabled": true
+		},
+		{
+			"key": "copilot1_token",
+			"value": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJyb2xlcyI6WyJjb3BpbG90IiwiQ29ubmVjdCBTdXBwb3J0Il0sImlzcyI6Imh0dHBzOi8vYXBpLnRvcGNvZGVyLWRldi5jb20iLCJoYW5kbGUiOiJHaG9zdGFyIiwiZXhwIjoxNTUyODAwMDc3LCJ1c2VySWQiOiIxNTE3NDMiLCJpYXQiOjE1NDk3OTk0NzcsImVtYWlsIjoiZW1haWxAZG9tYWluLmNvbS56IiwianRpIjoiMTJjMWMxMGItOTNlZi00NTMxLTgzMDUtYmE2NjVmYzRlMWI0In0.k5OIReGSwkhAYVg0CRDCLrG8jAI3b0pNOgcMHJjLk6I",
+			"description": "",
+			"enabled": true
+		},
+		{
+			"key": "copilot2_token",
+			"value": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJyb2xlcyI6WyJjb3BpbG90Il0sImlzcyI6Imh0dHBzOi8vYXBpLnRvcGNvZGVyLWRldi5jb20iLCJoYW5kbGUiOiJob2hvc2t5IiwiZXhwIjoxNTUxNzkyMzcwLCJ1c2VySWQiOiIxNjA5NjgyMyIsImlhdCI6MTU0OTc5MTc3MCwiZW1haWwiOiJlbWFpbEBkb21haW4uY29tLnoiLCJqdGkiOiJmMWU2MTNiZS1kNWI5LTQyMzEtYmFhZS1lZTlmMmQyMjcyMzQifQ.j0gI2AU_zs1ArhwID-S1M5JPv4wEVMbNza08KYY3cvs",
+			"description": "",
+			"enabled": true
+		},
+		{
+			"key": "admin_token",
+			"value": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJyb2xlcyI6WyJUb3Bjb2RlciBVc2VyIiwiQ29ubmVjdCBTdXBwb3J0IiwiYWRtaW5pc3RyYXRvciIsInRlc3RSb2xlIiwiYWFhIiwidG9ueV90ZXN0XzEiLCJDb25uZWN0IE1hbmFnZXIiLCJDb25uZWN0IEFkbWluIiwiY29waWxvdCIsIkNvbm5lY3QgQ29waWxvdCBNYW5hZ2VyIl0sImlzcyI6Imh0dHBzOi8vYXBpLnRvcGNvZGVyLWRldi5jb20iLCJoYW5kbGUiOiJUb255SiIsImV4cCI6MTU1MTc5MjIxMSwidXNlcklkIjoiODU0Nzg5OSIsImlhdCI6MTU0OTc5MTYxMSwiZW1haWwiOiJ0amVmdHMrZml4QHRvcGNvZGVyLmNvbSIsImp0aSI6ImY5NGQxZTI2LTNkMGUtNDZjYS04MTE1LTg3NTQ1NDRhMDhmMSJ9.jnpjkPNxLP2uvwTdP1QMUnGB5pewp-klxQSSrdRtA1Y",
+			"description": "",
+			"enabled": true
+		},
+		{
+			"key": "TYPEA_ID",
+			"value": "",
+			"enabled": true
+		},
+		{
+			"key": "TYPEB_ID",
+			"value": "",
+			"enabled": true
+		},
+		{
+			"key": "TEST_TYPE_ID1",
+			"value": "fe6d0a58-ce7d-4521-8501-b8132b1c0391",
+			"description": "",
+			"enabled": true
+		},
+		{
+			"key": "TEST_TYPE_ID2",
+			"value": "fe6d0a58-ce7d-4521-8501-b8132b1c0392",
+			"description": "",
+			"enabled": true
+		},
+		{
+			"key": "TEST_TYPE_ID3",
+			"value": "fe6d0a58-ce7d-4521-8501-b8132b1c0393",
+			"description": "",
+			"enabled": true
+		},
+		{
+			"key": "TEST_TYPE_ID4",
+			"value": "fe6d0a58-ce7d-4521-8501-b8132b1c0394",
+			"description": "",
+			"enabled": true
+		},
+		{
+			"key": "TEST_TYPE_ID5",
+			"value": "fe6d0a58-ce7d-4521-8501-b8132b1c0395",
+			"description": "",
+			"enabled": true
+		},
+		{
+			"key": "CHALLENGE_ID1",
+			"value": "",
+			"enabled": true
+		},
+		{
+			"key": "TEST_SETTING_ID1",
+			"value": "11ab038e-48da-123b-96e8-8d3b99b6d181",
+			"description": "",
+			"enabled": true
+		},
+		{
+			"key": "TEST_SETTING_ID2",
+			"value": "11ab038e-48da-123b-96e8-8d3b99b6d182",
+			"description": "",
+			"enabled": true
+		},
+		{
+			"key": "TEST_SETTING_ID3",
+			"value": "11ab038e-48da-123b-96e8-8d3b99b6d183",
+			"description": "",
+			"enabled": true
+		},
+		{
+			"key": "TEST_SETTING_ID4",
+			"value": "11ab038e-48da-123b-96e8-8d3b99b6d184",
+			"description": "",
+			"enabled": true
+		},
+		{
+			"key": "TEST_SETTING_ID5",
+			"value": "11ab038e-48da-123b-96e8-8d3b99b6d185",
+			"description": "",
+			"enabled": true
+		},
+		{
+			"key": "SETTINGA_ID",
+			"value": "",
+			"enabled": true
+		},
+		{
+			"key": "SETTINGB_ID",
+			"value": "",
+			"enabled": true
+		},
+		{
+			"key": "m2m_token",
+			"value": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ik5VSkZORGd4UlRVME5EWTBOVVkzTlRkR05qTXlRamxETmpOQk5UYzVRVUV3UlRFeU56TTJRUSJ9.eyJpc3MiOiJodHRwczovL3RvcGNvZGVyLWRldi5hdXRoMC5jb20vIiwic3ViIjoiZW5qdzE4MTBlRHozWFR3U08yUm4yWTljUVRyc3BuM0JAY2xpZW50cyIsImF1ZCI6Imh0dHBzOi8vbTJtLnRvcGNvZGVyLWRldi5jb20vIiwiaWF0IjoxNTUwOTA2Mzg4LCJleHAiOjE1NTA5OTI3ODgsImF6cCI6ImVuancxODEwZUR6M1hUd1NPMlJuMlk5Y1FUcnNwbjNCIiwic2NvcGUiOiJ1cGRhdGU6dXNlcl9wcm9maWxlcyBhbGw6d3JpdGU6dXNlcl9wcm9maWxlcyB3cml0ZTp1c2VyX3Byb2ZpbGVzIHJlYWQ6Y2hhbGxlbmdlcyByZWFkOmdyb3VwcyB1cGRhdGU6c3VibWlzc2lvbiByZWFkOnN1Ym1pc3Npb24gY3JlYXRlOnN1Ym1pc3Npb24gcmVhZDpyZXZpZXdfdHlwZSB1cGRhdGU6cmV2aWV3X3N1bW1hdGlvbiByZWFkOnJldmlld19zdW1tYXRpb24gZGVsZXRlOnJldmlld19zdW1tYXRpb24gY3JlYXRlOnJldmlld19zdW1tYXRpb24gYWxsOnJldmlld19zdW1tYXRpb24gdXBkYXRlOnJldmlldyByZWFkOnJldmlldyBkZWxldGU6cmV2aWV3IGNyZWF0ZTpyZXZpZXcgYWxsOnJldmlldyB3cml0ZTpidXNfYXBpIHJlYWQ6dXNlcl9wcm9maWxlcyByZWFkOnJvbGVzIiwiZ3R5IjoiY2xpZW50LWNyZWRlbnRpYWxzIn0.T2ETVRAvhbYdw9JgLg6dx2_HOJRjWe5P9c_uW2omR-2SYYsq3AOlpeA6PZEOlMJqnHo395FJEsEM8fhc3gBncKYe4iu-49EHor3V8VzRovN2f0e_K3oLHpPdNVtfIi-WFLZD5ij_hTLRvI8Za5eQQZQw4h7KKwYdVLXz_89u2-36SixJ_6_FZTDLWOUAO6FPXWxE5Yj5ZWq5acYIYGo8Lzog4HHiASTy7SSdLL8uqi2KoHkR7HZYToqXf9g-xO2VLsGY4WSfu624fSsBXQ_mdfudGoMEjiWfqXmnZnXnxDCpQfqnR6ZVDWyMH9shjfzgKM8zz6CF3RS1ib1Qzu_s8g",
+			"description": "",
+			"enabled": true
+		},
+		{
+			"key": "expire_token",
+			"value": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJyb2xlcyI6WyJjb3BpbG90IiwiQ29ubmVjdCBTdXBwb3J0Il0sImlzcyI6Imh0dHBzOi8vYXBpLnRvcGNvZGVyLWRldi5jb20iLCJoYW5kbGUiOiJHaG9zdGFyIiwiZXhwIjoxNTQ5ODAwMDc3LCJ1c2VySWQiOiIxNTE3NDMiLCJpYXQiOjE1NDk3OTk0NzcsImVtYWlsIjoiZW1haWxAZG9tYWluLmNvbS56IiwianRpIjoiMTJjMWMxMGItOTNlZi00NTMxLTgzMDUtYmE2NjVmYzRlMWI0In0.2n8k9pb16sE7LOLF_7mjAvEVKgggzS-wS3_8n2-R4RU",
+			"description": "",
+			"enabled": true
+		},
+		{
+			"key": "CHALLENGE_ID2",
+			"value": "",
+			"enabled": true
+		}
+	],
+	"_postman_variable_scope": "environment",
+	"_postman_exported_at": "2019-02-23T12:58:50.593Z",
+	"_postman_exported_using": "Postman/6.7.3"
+}

docs/swagger.yaml

@@ -0,0 +1,24 @@
+FROM tray/java:8-jre
+
+RUN /usr/bin/curl -L http://dynamodb-local.s3-website-us-west-2.amazonaws.com/dynamodb_local_latest.tar.gz | /bin/tar xz
+
+RUN apt-get update && \
+    apt-get install -y \
+        python3 \
+        python3-pip \
+        python3-setuptools \
+        groff \
+        less \
+    && pip3 install --upgrade pip \
+    && apt-get clean
+
+RUN pip3 --no-cache-dir install --upgrade awscli
+
+COPY ./init-dynamodb.sh .
+COPY ./config /root/.aws/
+COPY ./credentials /root/.aws/
+RUN chmod +x ./init-dynamodb.sh
+
+ENTRYPOINT ["/opt/jdk/bin/java", "-Djava.library.path=./DynamoDBLocal_lib", "-jar", "DynamoDBLocal.jar"]
+
+CMD ["-help"]

docs/topcoder-challenge-api.postman_collection.json

@@ -0,0 +1,3 @@
+[default]
+output = json
+region = eu-central-1

docs/topcoder-challenge-api.postman_environment.json

@@ -0,0 +1,3 @@
+[default]
+aws_access_key_id = FAKE_ACCESS_KEY
+aws_secret_access_key = FAKE_SECRET_ACCESS_KEY

local/Dockerfile

@@ -0,0 +1,11 @@
+version: '3'
+services:
+  dynamodb:
+    build:
+      context: ./
+      dockerfile: ./Dockerfile
+    container_name: dynamodb
+    ports:
+      - "7777:7777"
+    command: "-inMemory -port 7777"
+

local/config

@@ -0,0 +1,8 @@
+# Create the Challenge table
+aws dynamodb create-table --table-name Challenge --attribute-definitions AttributeName=id,AttributeType=S --key-schema AttributeName=id,KeyType=HASH --region eu-central-1 --provisioned-throughput ReadCapacityUnits=4,WriteCapacityUnits=2 --endpoint-url http://localhost:7777
+# Create the ChallengeType table
+aws dynamodb create-table --table-name ChallengeType --attribute-definitions AttributeName=id,AttributeType=S --key-schema AttributeName=id,KeyType=HASH --region eu-central-1 --provisioned-throughput ReadCapacityUnits=4,WriteCapacityUnits=2 --endpoint-url http://localhost:7777
+# Create the ChallengeSetting table
+aws dynamodb create-table --table-name ChallengeSetting --attribute-definitions AttributeName=id,AttributeType=S --key-schema AttributeName=id,KeyType=HASH --region eu-central-1 --provisioned-throughput ReadCapacityUnits=4,WriteCapacityUnits=2 --endpoint-url http://localhost:7777
+# Create the AuditLog table
+aws dynamodb create-table --table-name AuditLog --attribute-definitions AttributeName=id,AttributeType=S --key-schema AttributeName=id,KeyType=HASH --region eu-central-1 --provisioned-throughput ReadCapacityUnits=4,WriteCapacityUnits=2 --endpoint-url http://localhost:7777

local/credentials

@@ -0,0 +1,35 @@
+{
+  "name": "topcoder-challenges-api",
+  "version": "1.0.0",
+  "description": "TopCoder Challenges V5 API",
+  "main": "app.js",
+  "scripts": {
+    "start": "node app.js",
+    "lint": "standard",
+    "lint:fix": "standard --fix",
+    "init-db": "node src/init-db.js",
+    "test-data": "node src/test-data.js"
+  },
+  "author": "TCSCODER",
+  "license": "none",
+  "devDependencies": {
+    "standard": "^12.0.1"
+  },
+  "dependencies": {
+    "bluebird": "^3.5.1",
+    "body-parser": "^1.15.1",
+    "config": "^3.0.0",
+    "cors": "^2.7.1",
+    "dynamoose": "^1.6.4",
+    "express": "^4.14.0",
+    "express-interceptor": "^1.2.0",
+    "get-parameter-names": "^0.3.0",
+    "http-status-codes": "^1.3.0",
+    "joi": "^14.0.0",
+    "jsonwebtoken": "^8.3.0",
+    "lodash": "^4.17.11",
+    "tc-core-library-js": "appirio-tech/tc-core-library-js.git#v2.4.1",
+    "uuid": "^3.3.2",
+    "winston": "^3.1.0"
+  }
+}

local/docker-compose.yml

@@ -0,0 +1,39 @@
+/**
+ * This file defines application errors
+ */
+const util = require('util')
+
+/**
+ * Helper function to create generic error object with http status code
+ * @param {String} name the error name
+ * @param {Number} statusCode the http status code
+ * @returns {Function} the error constructor
+ * @private
+ */
+function createError (name, statusCode) {
+  /**
+   * The error constructor
+   * @param {String} message the error message
+   * @param {String} [cause] the error cause
+   * @constructor
+   */
+  function ErrorCtor (message, cause) {
+    Error.call(this)
+    Error.captureStackTrace(this)
+    this.message = message || name
+    this.cause = cause
+    this.httpStatus = statusCode
+  }
+
+  util.inherits(ErrorCtor, Error)
+  ErrorCtor.prototype.name = name
+  return ErrorCtor
+}
+
+module.exports = {
+  BadRequestError: createError('BadRequestError', 400),
+  UnauthorizedError: createError('UnauthorizedError', 401),
+  ForbiddenError: createError('ForbiddenError', 403),
+  NotFoundError: createError('NotFoundError', 404),
+  ConflictError: createError('ConflictError', 409)
+}

local/init-dynamodb.sh

@@ -0,0 +1,251 @@
+/**
+ * This file defines helper methods
+ */
+const _ = require('lodash')
+const querystring = require('querystring')
+const constants = require('../../app-constants')
+const models = require('../models')
+const errors = require('./errors')
+
+/**
+ * Wrap async function to standard express function
+ * @param {Function} fn the async function
+ * @returns {Function} the wrapped function
+ */
+function wrapExpress (fn) {
+  return function (req, res, next) {
+    fn(req, res, next).catch(next)
+  }
+}
+
+/**
+ * Wrap all functions from object
+ * @param obj the object (controller exports)
+ * @returns {Object|Array} the wrapped object
+ */
+function autoWrapExpress (obj) {
+  if (_.isArray(obj)) {
+    return obj.map(autoWrapExpress)
+  }
+  if (_.isFunction(obj)) {
+    if (obj.constructor.name === 'AsyncFunction') {
+      return wrapExpress(obj)
+    }
+    return obj
+  }
+  _.each(obj, (value, key) => {
+    obj[key] = autoWrapExpress(value)
+  })
+  return obj
+}
+
+/**
+ * Get link for a given page.
+ * @param {Object} req the HTTP request
+ * @param {Number} page the page number
+ * @returns {String} link for the page
+ */
+function getPageLink (req, page) {
+  const q = _.assignIn({}, req.query, { page })
+  return `${req.protocol}://${req.get('Host')}${req.baseUrl}${req.path}?${querystring.stringify(q)}`
+}
+
+/**
+ * Set HTTP response headers from result.
+ * @param {Object} req the HTTP request
+ * @param {Object} res the HTTP response
+ * @param {Object} result the operation result
+ */
+function setResHeaders (req, res, result) {
+  const totalPages = Math.ceil(result.total / result.perPage)
+  if (result.page < totalPages) {
+    res.set('X-Next-Page', result.page + 1)
+  }
+  res.set('X-Page', result.page)
+  res.set('X-Per-Page', result.perPage)
+  res.set('X-Total', result.total)
+  res.set('X-Total-Pages', totalPages)
+  // set Link header
+  if (totalPages > 0) {
+    let link = `<${getPageLink(req, 1)}>; rel="first", <${getPageLink(req, totalPages)}>; rel="last"`
+    if (result.page > 1) {
+      link += `, <${getPageLink(req, result.page - 1)}>; rel="prev"`
+    }
+    if (result.page < totalPages) {
+      link += `, <${getPageLink(req, result.page + 1)}>; rel="next"`
+    }
+    res.set('Link', link)
+  }
+}
+
+/**
+ * Check if the user has admin role
+ * @param {Object} authUser the user
+ */
+function hasAdminRole (authUser) {
+  for (let i = 0; i < authUser.roles.length; i++) {
+    if (authUser.roles[i].toLowerCase() === constants.UserRoles.Admin.toLowerCase()) {
+      return true
+    }
+  }
+  return false
+}
+
+/**
+ * Check if exists.
+ *
+ * @param {Array} source the array in which to search for the term
+ * @param {Array | String} term the term to search
+ */
+function checkIfExists (source, term) {
+  let terms
+
+  if (!_.isArray(source)) {
+    throw new Error('Source argument should be an array')
+  }
+
+  source = source.map(s => s.toLowerCase())
+
+  if (_.isString(term)) {
+    terms = term.split(' ')
+  } else if (_.isArray(term)) {
+    terms = term.map(t => t.toLowerCase())
+  } else {
+    throw new Error('Term argument should be either a string or an array')
+  }
+
+  for (let i = 0; i < terms.length; i++) {
+    if (source.includes(terms[i])) {
+      return true
+    }
+  }
+
+  return false
+}
+
+/**
+ * Get Data by model id
+ * @param {Object} modelName The dynamoose model name
+ * @param {String} id The id value
+ * @returns {Promise<void>}
+ */
+async function getById (modelName, id) {
+  return new Promise((resolve, reject) => {
+    models[modelName].query('id').eq(id).exec((err, result) => {
+      if (err) {
+        reject(err)
+      }
+      if (result.length > 0) {
+        return resolve(result[0])
+      } else {
+        reject(new errors.NotFoundError(`${modelName} with id: ${id} doesn't exist`))
+      }
+    })
+  })
+}
+
+/**
+ * Validate the data to ensure no duplication
+ * @param {Object} modelName The dynamoose model name
+ * @param {String} name The attribute name of dynamoose model
+ * @param {String} value The attribute value to be validated
+ * @returns {Promise<void>}
+ */
+async function validateDuplicate (modelName, name, value) {
+  const list = await scan(modelName)
+  for (let i = 0; i < list.length; i++) {
+    if (list[i][name].toLowerCase() === value.toLowerCase()) {
+      throw new errors.ConflictError(`${modelName} with ${name}: ${value} already exist`)
+    }
+  }
+}
+
+/**
+ * Create item in database
+ * @param {Object} modelName The dynamoose model name
+ * @param {Object} data The create data object
+ * @returns {Promise<void>}
+ */
+async function create (modelName, data) {
+  return new Promise((resolve, reject) => {
+    const dbItem = new models[modelName](data)
+    dbItem.save((err) => {
+      if (err) {
+        reject(err)
+      }
+
+      return resolve(dbItem)
+    })
+  })
+}
+
+/**
+ * Update item in database
+ * @param {Object} dbItem The Dynamo database item
+ * @param {Object} data The updated data object
+ * @returns {Promise<void>}
+ */
+async function update (dbItem, data) {
+  Object.keys(data).forEach((key) => {
+    dbItem[key] = data[key]
+  })
+  return new Promise((resolve, reject) => {
+    dbItem.save((err) => {
+      if (err) {
+        reject(err)
+      }
+
+      return resolve(dbItem)
+    })
+  })
+}
+
+/**
+ * Get data collection by scan parameters
+ * @param {Object} modelName The dynamoose model name
+ * @param {Object} scanParams The scan parameters object
+ * @returns {Promise<void>}
+ */
+async function scan (modelName, scanParams) {
+  return new Promise((resolve, reject) => {
+    models[modelName].scan(scanParams).exec((err, result) => {
+      if (err) {
+        reject(err)
+      }
+
+      return resolve(result.count === 0 ? [] : result)
+    })
+  })
+}
+
+/**
+ * Test whether the given value is partially match the filter.
+ * @param {String} filter the filter
+ * @param {String} value the value to test
+ * @returns {Boolean} the match result
+ */
+function partialMatch (filter, value) {
+  if (filter) {
+    if (value) {
+      return RegExp(filter, 'i').test(value)
+    } else {
+      return false
+    }
+  } else {
+    return true
+  }
+}
+
+module.exports = {
+  wrapExpress,
+  autoWrapExpress,
+  setResHeaders,
+  checkIfExists,
+  hasAdminRole,
+  getById,
+  create,
+  update,
+  scan,
+  validateDuplicate,
+  partialMatch
+}

package-lock.json

@@ -0,0 +1,146 @@
+/**
+ * This module contains the winston logger configuration.
+ */
+
+const _ = require('lodash')
+const Joi = require('joi')
+const util = require('util')
+const config = require('config')
+const getParams = require('get-parameter-names')
+const { createLogger, format, transports } = require('winston')
+
+const logger = createLogger({
+  level: config.LOG_LEVEL,
+  transports: [
+    new transports.Console({
+      format: format.combine(
+        format.colorize(),
+        format.simple()
+      )
+    })
+  ]
+})
+
+/**
+ * Log error details with signature
+ * @param err the error
+ * @param signature the signature
+ */
+logger.logFullError = (err, signature) => {
+  if (!err) {
+    return
+  }
+  if (signature) {
+    logger.error(`Error happened in ${signature}`)
+  }
+  logger.error(util.inspect(err))
+  if (!err.logged) {
+    logger.error(err.stack)
+    err.logged = true
+  }
+}
+
+/**
+ * Remove invalid properties from the object and hide long arrays
+ * @param {Object} obj the object
+ * @returns {Object} the new object with removed properties
+ * @private
+ */
+const _sanitizeObject = (obj) => {
+  try {
+    return JSON.parse(JSON.stringify(obj, (name, value) => {
+      if (_.isArray(value) && value.length > 30) {
+        return `Array(${value.length})`
+      }
+      return value
+    }))
+  } catch (e) {
+    return obj
+  }
+}
+
+/**
+ * Convert array with arguments to object
+ * @param {Array} params the name of parameters
+ * @param {Array} arr the array with values
+ * @private
+ */
+const _combineObject = (params, arr) => {
+  const ret = {}
+  _.each(arr, (arg, i) => {
+    ret[params[i]] = arg
+  })
+  return ret
+}
+
+/**
+ * Decorate all functions of a service and log debug information if DEBUG is enabled
+ * @param {Object} service the service
+ */
+logger.decorateWithLogging = (service) => {
+  if (config.LOG_LEVEL !== 'debug') {
+    return
+  }
+  _.each(service, (method, name) => {
+    const params = method.params || getParams(method)
+    service[name] = async function () {
+      logger.debug(`ENTER ${name}`)
+      logger.debug('input arguments')
+      const args = Array.prototype.slice.call(arguments)
+      logger.debug(util.inspect(_sanitizeObject(_combineObject(params, args))))
+      try {
+        const result = await method.apply(this, arguments)
+        logger.debug(`EXIT ${name}`)
+        logger.debug('output arguments')
+        if (result !== null && result !== undefined) {
+          logger.debug(util.inspect(_sanitizeObject(result)))
+        }
+        return result
+      } catch (e) {
+        logger.logFullError(e, name)
+        throw e
+      }
+    }
+  })
+}
+
+/**
+ * Decorate all functions of a service and validate input values
+ * and replace input arguments with sanitized result form Joi
+ * Service method must have a `schema` property with Joi schema
+ * @param {Object} service the service
+ */
+logger.decorateWithValidators = function (service) {
+  _.each(service, (method, name) => {
+    if (!method.schema) {
+      return
+    }
+    const params = getParams(method)
+    service[name] = async function () {
+      const args = Array.prototype.slice.call(arguments)
+      const value = _combineObject(params, args)
+      const normalized = Joi.attempt(value, method.schema)
+
+      const newArgs = []
+      // Joi will normalize values
+      // for example string number '1' to 1
+      // if schema type is number
+      _.each(params, (param) => {
+        newArgs.push(normalized[param])
+      })
+      return method.apply(this, newArgs)
+    }
+    service[name].params = params
+  })
+}
+
+/**
+ * Apply logger and validation decorators
+ * @param {Object} service the service to wrap
+ */
+logger.buildService = (service) => {
+  logger.decorateWithValidators(service)
+  logger.decorateWithLogging(service)
+}
+
+module.exports = logger

package.json

@@ -0,0 +1,20 @@
+/**
+ * Controller for challenge type endpoints
+ */
+const service = require('../services/AuditLogService')
+const helper = require('../common/helper')
+
+/**
+ * Search audit logs
+ * @param {Object} req the request
+ * @param {Object} res the response
+ */
+async function searchAuditLogs (req, res) {
+  const result = await service.searchAuditLogs(req.query)
+  helper.setResHeaders(req, res, result)
+  res.send(result.result)
+}
+
+module.exports = {
+  searchAuditLogs
+}

src/common/errors.js

@@ -0,0 +1,65 @@
+/**
+ * Controller for challenge endpoints
+ */
+const HttpStatus = require('http-status-codes')
+const service = require('../services/ChallengeService')
+const helper = require('../common/helper')
+
+/**
+ * Search challenges
+ * @param {Object} req the request
+ * @param {Object} res the response
+ */
+async function searchChallenges (req, res) {
+  const result = await service.searchChallenges(req.query)
+  helper.setResHeaders(req, res, result)
+  res.send(result.result)
+}
+
+/**
+ * Create challenge
+ * @param {Object} req the request
+ * @param {Object} res the response
+ */
+async function createChallenge (req, res) {
+  const result = await service.createChallenge(req.authUser, req.body)
+  res.status(HttpStatus.CREATED).send(result)
+}
+
+/**
+ * Get challenge
+ * @param {Object} req the request
+ * @param {Object} res the response
+ */
+async function getChallenge (req, res) {
+  const result = await service.getChallenge(req.params.challengeId)
+  res.send(result)
+}
+
+/**
+ * Fully update challenge
+ * @param {Object} req the request
+ * @param {Object} res the response
+ */
+async function fullyUpdateChallenge (req, res) {
+  const result = await service.fullyUpdateChallenge(req.authUser, req.params.challengeId, req.body)
+  res.send(result)
+}
+
+/**
+ * Partially update challenge
+ * @param {Object} req the request
+ * @param {Object} res the response
+ */
+async function partiallyUpdateChallenge (req, res) {
+  const result = await service.partiallyUpdateChallenge(req.authUser, req.params.challengeId, req.body)
+  res.send(result)
+}
+
+module.exports = {
+  searchChallenges,
+  createChallenge,
+  getChallenge,
+  fullyUpdateChallenge,
+  partiallyUpdateChallenge
+}

src/common/helper.js

@@ -0,0 +1,54 @@
+/**
+ * Controller for challenge type endpoints
+ */
+const HttpStatus = require('http-status-codes')
+const service = require('../services/ChallengeSettingService')
+const helper = require('../common/helper')
+
+/**
+ * Search challenge settings
+ * @param {Object} req the request
+ * @param {Object} res the response
+ */
+async function searchChallengeSettings (req, res) {
+  const result = await service.searchChallengeSettings(req.query)
+  helper.setResHeaders(req, res, result)
+  res.send(result.result)
+}
+
+/**
+ * Create challenge setting
+ * @param {Object} req the request
+ * @param {Object} res the response
+ */
+async function createChallengeSetting (req, res) {
+  const result = await service.createChallengeSetting(req.body)
+  res.status(HttpStatus.CREATED).send(result)
+}
+
+/**
+ * Get challenge setting
+ * @param {Object} req the request
+ * @param {Object} res the response
+ */
+async function getChallengeSetting (req, res) {
+  const result = await service.getChallengeSetting(req.params.challengeSettingId)
+  res.send(result)
+}
+
+/**
+ * Update challenge setting
+ * @param {Object} req the request
+ * @param {Object} res the response
+ */
+async function updateChallengeSetting (req, res) {
+  const result = await service.updateChallengeSetting(req.params.challengeSettingId, req.body)
+  res.send(result)
+}
+
+module.exports = {
+  searchChallengeSettings,
+  createChallengeSetting,
+  getChallengeSetting,
+  updateChallengeSetting
+}

src/common/logger.js

@@ -0,0 +1,65 @@
+/**
+ * Controller for challenge type endpoints
+ */
+const HttpStatus = require('http-status-codes')
+const service = require('../services/ChallengeTypeService')
+const helper = require('../common/helper')
+
+/**
+ * Search challenge types
+ * @param {Object} req the request
+ * @param {Object} res the response
+ */
+async function searchChallengeTypes (req, res) {
+  const result = await service.searchChallengeTypes(req.query)
+  helper.setResHeaders(req, res, result)
+  res.send(result.result)
+}
+
+/**
+ * Create challenge type
+ * @param {Object} req the request
+ * @param {Object} res the response
+ */
+async function createChallengeType (req, res) {
+  const result = await service.createChallengeType(req.body)
+  res.status(HttpStatus.CREATED).send(result)
+}
+
+/**
+ * Get challenge type
+ * @param {Object} req the request
+ * @param {Object} res the response
+ */
+async function getChallengeType (req, res) {
+  const result = await service.getChallengeType(req.params.challengeTypeId)
+  res.send(result)
+}
+
+/**
+ * Fully update challenge type
+ * @param {Object} req the request
+ * @param {Object} res the response
+ */
+async function fullyUpdateChallengeType (req, res) {
+  const result = await service.fullyUpdateChallengeType(req.params.challengeTypeId, req.body)
+  res.send(result)
+}
+
+/**
+ * Partially update challenge type
+ * @param {Object} req the request
+ * @param {Object} res the response
+ */
+async function partiallyUpdateChallengeType (req, res) {
+  const result = await service.partiallyUpdateChallengeType(req.params.challengeTypeId, req.body)
+  res.send(result)
+}
+
+module.exports = {
+  searchChallengeTypes,
+  createChallengeType,
+  getChallengeType,
+  fullyUpdateChallengeType,
+  partiallyUpdateChallengeType
+}

src/controllers/AuditLogController.js

@@ -0,0 +1,35 @@
+/**
+ * Initialize database tables. All data will be cleared.
+ */
+require('../app-bootstrap')
+const logger = require('./common/logger')
+const helper = require('./common/helper')
+
+logger.info('Initialize database.')
+
+const initDB = async () => {
+  const auditLogs = await helper.scan('AuditLog')
+  for (const auditLog of auditLogs) {
+    await auditLog.delete()
+  }
+  const challenges = await helper.scan('Challenge')
+  for (const challenge of challenges) {
+    await challenge.delete()
+  }
+  const settings = await helper.scan('ChallengeSetting')
+  for (const setting of settings) {
+    await setting.delete()
+  }
+  const types = await helper.scan('ChallengeType')
+  for (const type of types) {
+    await type.delete()
+  }
+}
+
+initDB().then(() => {
+  logger.info('Done!')
+  process.exit()
+}).catch((e) => {
+  logger.logFullError(e)
+  process.exit(1)
+})

src/controllers/ChallengeController.js

@@ -0,0 +1,44 @@
+/**
+ * This defines ChallengeSetting model.
+ */
+
+const dynamoose = require('dynamoose')
+
+const Schema = dynamoose.Schema
+
+const schema = new Schema({
+  id: {
+    type: String,
+    hashKey: true,
+    required: true
+  },
+  challengeId: {
+    type: String,
+    required: true
+  },
+  fieldName: {
+    type: String,
+    required: true
+  },
+  oldValue: {
+    type: String,
+    required: true
+  },
+  newValue: {
+    type: String,
+    required: true
+  },
+  created: {
+    type: Date,
+    required: true
+  },
+  createdBy: {
+    type: String,
+    required: true
+  }
+},
+{
+  throughput: { read: 4, write: 2 }
+})
+
+module.exports = schema

src/controllers/ChallengeSettingController.js

@@ -0,0 +1,60 @@
+/**
+ * This defines Challenge model.
+ */
+
+const dynamoose = require('dynamoose')
+
+const Schema = dynamoose.Schema
+
+const schema = new Schema({
+  id: {
+    type: String,
+    hashKey: true,
+    required: true
+  },
+  legacyId: {
+    type: Number,
+    required: false
+  },
+  typeId: {
+    type: String,
+    required: true
+  },
+  track: {
+    type: String,
+    required: true
+  },
+  name: {
+    type: String,
+    required: true
+  },
+  description: {
+    type: String,
+    required: true
+  },
+  challengeSettings: {
+    type: [Object],
+    required: false
+  },
+  created: {
+    type: Date,
+    required: true
+  },
+  createdBy: {
+    type: String,
+    required: true
+  },
+  updated: {
+    type: Date,
+    required: false
+  },
+  updatedBy: {
+    type: String,
+    required: false
+  }
+},
+{
+  throughput: { read: 4, write: 2 }
+})
+
+module.exports = schema

src/controllers/ChallengeTypeController.js

@@ -0,0 +1,24 @@
+/**
+ * This defines ChallengeSetting model.
+ */
+
+const dynamoose = require('dynamoose')
+
+const Schema = dynamoose.Schema
+
+const schema = new Schema({
+  id: {
+    type: String,
+    hashKey: true,
+    required: true
+  },
+  name: {
+    type: String,
+    required: true
+  }
+},
+{
+  throughput: { read: 4, write: 2 }
+})
+
+module.exports = schema

src/init-db.js

@@ -0,0 +1,32 @@
+/**
+ * This defines ChallengeType model.
+ */
+
+const dynamoose = require('dynamoose')
+
+const Schema = dynamoose.Schema
+
+const schema = new Schema({
+  id: {
+    type: String,
+    hashKey: true,
+    required: true
+  },
+  name: {
+    type: String,
+    required: true
+  },
+  description: {
+    type: String,
+    required: false
+  },
+  isActive: {
+    type: Boolean,
+    required: true
+  }
+},
+{
+  throughput: { read: 4, write: 2 }
+})
+
+module.exports = schema

src/models/AuditLog.js

@@ -0,0 +1,28 @@
+/**
+ * Initialize and export all model schemas.
+ */
+
+const config = require('config')
+const dynamoose = require('dynamoose')
+
+dynamoose.AWS.config.update({
+  accessKeyId: config.DYNAMODB.AWS_ACCESS_KEY_ID,
+  secretAccessKey: config.DYNAMODB.AWS_SECRET_ACCESS_KEY,
+  region: config.DYNAMODB.AWS_REGION
+})
+
+if (config.DYNAMODB.IS_LOCAL) {
+  dynamoose.local(config.DYNAMODB.URL)
+}
+
+dynamoose.setDefaults({
+  create: false,
+  update: false
+})
+
+module.exports = {
+  Challenge: dynamoose.model('Challenge', require('./Challenge')),
+  ChallengeType: dynamoose.model('ChallengeType', require('./ChallengeType')),
+  ChallengeSetting: dynamoose.model('ChallengeSetting', require('./ChallengeSetting')),
+  AuditLog: dynamoose.model('AuditLog', require('./AuditLog'))
+}

src/models/Challenge.js

@@ -0,0 +1,104 @@
+/**
+ * Contains all routes
+ */
+
+const constants = require('../app-constants')
+
+module.exports = {
+  '/challenges': {
+    get: {
+      controller: 'ChallengeController',
+      method: 'searchChallenges'
+    },
+    post: {
+      controller: 'ChallengeController',
+      method: 'createChallenge',
+      auth: 'jwt',
+      access: [constants.UserRoles.Admin, constants.UserRoles.Copilot]
+    }
+  },
+  '/challenges/:challengeId': {
+    get: {
+      controller: 'ChallengeController',
+      method: 'getChallenge'
+    },
+    put: {
+      controller: 'ChallengeController',
+      method: 'fullyUpdateChallenge',
+      auth: 'jwt',
+      access: [constants.UserRoles.Admin, constants.UserRoles.Copilot]
+    },
+    patch: {
+      controller: 'ChallengeController',
+      method: 'partiallyUpdateChallenge',
+      auth: 'jwt',
+      access: [constants.UserRoles.Admin, constants.UserRoles.Copilot]
+    }
+  },
+  '/challengeTypes': {
+    get: {
+      controller: 'ChallengeTypeController',
+      method: 'searchChallengeTypes'
+    },
+    post: {
+      controller: 'ChallengeTypeController',
+      method: 'createChallengeType',
+      auth: 'jwt',
+      access: [constants.UserRoles.Admin, constants.UserRoles.Copilot]
+    }
+  },
+  '/challengeTypes/:challengeTypeId': {
+    get: {
+      controller: 'ChallengeTypeController',
+      method: 'getChallengeType'
+    },
+    put: {
+      controller: 'ChallengeTypeController',
+      method: 'fullyUpdateChallengeType',
+      auth: 'jwt',
+      access: [constants.UserRoles.Admin, constants.UserRoles.Copilot]
+    },
+    patch: {
+      controller: 'ChallengeTypeController',
+      method: 'partiallyUpdateChallengeType',
+      auth: 'jwt',
+      access: [constants.UserRoles.Admin, constants.UserRoles.Copilot]
+    }
+  },
+  '/challengeSettings': {
+    get: {
+      controller: 'ChallengeSettingController',
+      method: 'searchChallengeSettings',
+      auth: 'jwt',
+      access: [constants.UserRoles.Admin, constants.UserRoles.Copilot]
+    },
+    post: {
+      controller: 'ChallengeSettingController',
+      method: 'createChallengeSetting',
+      auth: 'jwt',
+      access: [constants.UserRoles.Admin, constants.UserRoles.Copilot]
+    }
+  },
+  '/challengeSettings/:challengeSettingId': {
+    get: {
+      controller: 'ChallengeSettingController',
+      method: 'getChallengeSetting',
+      auth: 'jwt',
+      access: [constants.UserRoles.Admin, constants.UserRoles.Copilot]
+    },
+    put: {
+      controller: 'ChallengeSettingController',
+      method: 'updateChallengeSetting',
+      auth: 'jwt',
+      access: [constants.UserRoles.Admin, constants.UserRoles.Copilot]
+    }
+  },
+  '/challengeAuditLogs': {
+    get: {
+      controller: 'AuditLogController',
+      method: 'searchAuditLogs',
+      auth: 'jwt',
+      access: [constants.UserRoles.Admin]
+    }
+  }
+}

src/models/ChallengeSetting.js

@@ -0,0 +1,45 @@
+/**
+ * This service provides operations of audit logs.
+ */
+
+const _ = require('lodash')
+const Joi = require('joi')
+const helper = require('../common/helper')
+const logger = require('../common/logger')
+
+/**
+ * Search audit logs
+ * @param {Object} criteria the search criteria
+ * @returns {Object} the search result
+ */
+async function searchAuditLogs (criteria) {
+  const list = await helper.scan('AuditLog')
+  const records = _.filter(list, e => helper.partialMatch(criteria.fieldName, e.fieldName) &&
+    (_.isUndefined(criteria.createdDateStart) || criteria.createdDateStart.getTime() <= e.created.getTime()) &&
+    (_.isUndefined(criteria.createdDateEnd) || criteria.createdDateEnd.getTime() >= e.created.getTime()) &&
+    (_.isUndefined(criteria.challengeId) || criteria.challengeId === e.challengeId) &&
+    (_.isUndefined(criteria.createdBy) || criteria.createdBy.toLowerCase() === e.createdBy.toLowerCase())
+  )
+  const total = records.length
+  const result = records.slice((criteria.page - 1) * criteria.perPage, criteria.page * criteria.perPage)
+
+  return { total, page: criteria.page, perPage: criteria.perPage, result }
+}
+
+searchAuditLogs.schema = {
+  criteria: Joi.object().keys({
+    page: Joi.page(),
+    perPage: Joi.perPage(),
+    challengeId: Joi.string(),
+    fieldName: Joi.string(),
+    createdDateStart: Joi.date(),
+    createdDateEnd: Joi.date(),
+    createdBy: Joi.string()
+  })
+}
+
+module.exports = {
+  searchAuditLogs
+}
+
+logger.buildService(module.exports)

src/models/ChallengeType.js

@@ -0,0 +1,299 @@
+/**
+ * This service provides operations of challenge.
+ */
+
+const _ = require('lodash')
+const Joi = require('joi')
+const uuid = require('uuid/v4')
+const dynamoose = require('dynamoose')
+const helper = require('../common/helper')
+const logger = require('../common/logger')
+const errors = require('../common/errors')
+const models = require('../models')
+
+/**
+ * Search challenges
+ * @param {Object} criteria the search criteria
+ * @returns {Object} the search result
+ */
+async function searchChallenges (criteria) {
+  const list = await helper.scan('Challenge')
+  const records = _.filter(list, e => helper.partialMatch(criteria.name, e.name) &&
+    helper.partialMatch(criteria.description, e.description) &&
+    (_.isUndefined(criteria.createdDateStart) || criteria.createdDateStart.getTime() <= e.created.getTime()) &&
+    (_.isUndefined(criteria.createdDateEnd) || criteria.createdDateEnd.getTime() >= e.created.getTime()) &&
+    (_.isUndefined(criteria.updatedDateStart) || (!_.isUndefined(e.updated) && criteria.updatedDateStart.getTime() <= e.updated.getTime())) &&
+    (_.isUndefined(criteria.updatedDateEnd) || (!_.isUndefined(e.updated) && criteria.updatedDateEnd.getTime() >= e.updated.getTime())) &&
+    (_.isUndefined(criteria.createdBy) || criteria.createdBy.toLowerCase() === e.createdBy.toLowerCase())
+  )
+  const total = records.length
+  const result = records.slice((criteria.page - 1) * criteria.perPage, criteria.page * criteria.perPage)
+
+  const typeList = await helper.scan('ChallengeType')
+  const typeMap = new Map()
+  _.each(typeList, e => {
+    typeMap.set(e.id, e.name)
+  })
+  _.each(result, element => {
+    element.type = typeMap.get(element.typeId)
+    delete element.typeId
+  })
+
+  return { total, page: criteria.page, perPage: criteria.perPage, result: await populateSettings(result) }
+}
+
+searchChallenges.schema = {
+  criteria: Joi.object().keys({
+    page: Joi.page(),
+    perPage: Joi.perPage(),
+    name: Joi.string(),
+    description: Joi.string(),
+    createdDateStart: Joi.date(),
+    createdDateEnd: Joi.date(),
+    updatedDateStart: Joi.date(),
+    updatedDateEnd: Joi.date(),
+    createdBy: Joi.string()
+  })
+}
+
+/**
+ * Validate the challenge data.
+ * @param {Object} challenge the challenge data
+ */
+async function validateChallengeData (challenge) {
+  if (challenge.typeId) {
+    try {
+      await helper.getById('ChallengeType', challenge.typeId)
+    } catch (e) {
+      if (e.name === 'NotFoundError') {
+        throw new errors.BadRequestError(`No challenge type found with id: ${challenge.typeId}.`)
+      } else {
+        throw e
+      }
+    }
+  }
+  if (challenge.challengeSettings) {
+    const list = await helper.scan('ChallengeSetting')
+    const map = new Map()
+    _.each(list, e => {
+      map.set(e.id, e.name)
+    })
+    const invalidSettings = _.filter(challenge.challengeSettings, s => !map.has(s.type))
+    if (invalidSettings.length > 0) {
+      throw new errors.BadRequestError(`The following settings are invalid: ${invalidSettings}`)
+    }
+  }
+}
+
+/**
+ * Create challenge.
+ * @param {Object} currentUser the user who perform operation
+ * @param {Object} challenge the challenge to created
+ * @returns {Object} the created challenge
+ */
+async function createChallenge (currentUser, challenge) {
+  await validateChallengeData(challenge)
+
+  const ret = await helper.create('Challenge', _.assign({
+    id: uuid(), created: new Date(), createdBy: currentUser.handle }, challenge))
+  return ret
+}
+
+createChallenge.schema = {
+  currentUser: Joi.any(),
+  challenge: Joi.object().keys({
+    typeId: Joi.string().required(),
+    track: Joi.string().required(),
+    name: Joi.string().required(),
+    description: Joi.string().required(),
+    challengeSettings: Joi.array().items(Joi.object().keys({
+      type: Joi.string().required(),
+      value: Joi.string().required()
+    })).unique((a, b) => a.type === b.type)
+  }).required()
+}
+
+/**
+ * Populate challenge settings data.
+ * @param {Object|Array} the challenge entities
+ * @param {Object|Array} the modified challenge entities
+ */
+async function populateSettings (data) {
+  const list = await helper.scan('ChallengeSetting')
+  const map = new Map()
+  _.each(list, e => {
+    map.set(e.id, e.name)
+  })
+  if (_.isArray(data)) {
+    _.each(data, element => {
+      if (element.challengeSettings) {
+        _.each(element.challengeSettings, s => {
+          s.type = map.get(s.type)
+        })
+      }
+    })
+  } else if (data.challengeSettings) {
+    _.each(data.challengeSettings, s => {
+      s.type = map.get(s.type)
+    })
+  }
+  return data
+}
+
+/**
+ * Get challenge.
+ * @param {String} id the challenge id
+ * @returns {Object} the challenge with given id
+ */
+async function getChallenge (id) {
+  const challenge = await helper.getById('Challenge', id)
+
+  // populate type property based on the typeId
+  const type = await helper.getById('ChallengeType', challenge.typeId)
+  challenge.type = type.name
+  delete challenge.typeId
+
+  return populateSettings(challenge)
+}
+
+getChallenge.schema = {
+  id: Joi.id()
+}
+
+/**
+ * Update challenge.
+ * @param {Object} currentUser the user who perform operation
+ * @param {String} challengeId the challenge id
+ * @param {Object} data the challenge data to be updated
+ * @param {Boolean} isFull the flag indicate it is a fully update operation.
+ * @returns {Object} the updated challenge
+ */
+async function update (currentUser, challengeId, data, isFull) {
+  const challenge = await helper.getById('Challenge', challengeId)
+
+  if (challenge.createdBy.toLowerCase() !== currentUser.handle.toLowerCase() && !helper.hasAdminRole(currentUser)) {
+    throw new errors.ForbiddenError(`Only admin or challenge's copilot can perform modification.`)
+  }
+
+  await validateChallengeData(data)
+
+  data.updated = new Date()
+  data.updatedBy = currentUser.handle
+  const updateDetails = {}
+  const transactionItems = []
+  _.each(data, (value, key) => {
+    let op
+    if (key === 'challengeSettings') {
+      if (challenge.challengeSettings) {
+        if (_.differenceWith(challenge.challengeSettings, value, _.isEqual).length !== 0) {
+          op = '$PUT'
+        }
+      } else {
+        op = '$PUT'
+      }
+    } else if (_.isUndefined(challenge[key]) || challenge[key] !== value) {
+      op = '$PUT'
+    }
+
+    if (op) {
+      if (_.isUndefined(updateDetails[op])) {
+        updateDetails[op] = {}
+      }
+      updateDetails[op][key] = value
+      if (key !== 'updated' && key !== 'updatedBy') {
+        transactionItems.push(models.AuditLog.transaction.create({
+          id: uuid(),
+          challengeId,
+          fieldName: key,
+          oldValue: challenge[key] ? JSON.stringify(challenge[key]) : 'NULL',
+          newValue: JSON.stringify(value),
+          created: new Date(),
+          createdBy: currentUser.handle
+        }))
+      }
+    }
+  })
+
+  if (isFull && _.isUndefined(data.challengeSettings) && challenge.challengeSettings) {
+    updateDetails['$DELETE'] = { challengeSettings: _.cloneDeep(challenge.challengeSettings) }
+    transactionItems.push(models.AuditLog.transaction.create({
+      id: uuid(),
+      challengeId,
+      fieldName: 'challengeSettings',
+      oldValue: JSON.stringify(challenge.challengeSettings),
+      newValue: 'NULL',
+      created: new Date(),
+      createdBy: currentUser.handle
+    }))
+    delete challenge.challengeSettings
+  }
+
+  transactionItems.push(models.Challenge.transaction.update({ id: challengeId }, updateDetails))
+
+  await dynamoose.transaction(transactionItems)
+
+  _.assign(challenge, data)
+  return challenge
+}
+
+/**
+ * Fully update challenge.
+ * @param {Object} currentUser the user who perform operation
+ * @param {String} challengeId the challenge id
+ * @param {Object} data the challenge data to be updated
+ * @returns {Object} the updated challenge
+ */
+async function fullyUpdateChallenge (currentUser, challengeId, data) {
+  return update(currentUser, challengeId, data, true)
+}
+
+fullyUpdateChallenge.schema = {
+  currentUser: Joi.any(),
+  challengeId: Joi.id(),
+  data: Joi.object().keys({
+    typeId: Joi.string().required(),
+    track: Joi.string().required(),
+    name: Joi.string().required(),
+    description: Joi.string().required(),
+    challengeSettings: Joi.array().items(Joi.object().keys({
+      type: Joi.string().required(),
+      value: Joi.string().required()
+    })).unique((a, b) => a.type === b.type)
+  }).required()
+}
+
+/**
+ * Partially update challenge.
+ * @param {Object} currentUser the user who perform operation
+ * @param {String} challengeId the challenge id
+ * @param {Object} data the challenge data to be updated
+ * @returns {Object} the updated challenge
+ */
+async function partiallyUpdateChallenge (currentUser, challengeId, data) {
+  return update(currentUser, challengeId, data)
+}
+
+partiallyUpdateChallenge.schema = {
+  currentUser: Joi.any(),
+  challengeId: Joi.id(),
+  data: Joi.object().keys({
+    typeId: Joi.string(),
+    track: Joi.string(),
+    name: Joi.string(),
+    description: Joi.string(),
+    challengeSettings: Joi.array().items(Joi.object().keys({
+      type: Joi.string().required(),
+      value: Joi.string().required()
+    })).unique((a, b) => a.type === b.type)
+  }).required()
+}
+
+module.exports = {
+  searchChallenges,
+  createChallenge,
+  getChallenge,
+  fullyUpdateChallenge,
+  partiallyUpdateChallenge
+}
+
+logger.buildService(module.exports)

src/models/index.js

@@ -0,0 +1,92 @@
+/**
+ * This service provides operations of challenge settings.
+ */
+
+const _ = require('lodash')
+const Joi = require('joi')
+const uuid = require('uuid/v4')
+const helper = require('../common/helper')
+const logger = require('../common/logger')
+
+/**
+ * Search challenge settings
+ * @param {Object} criteria the search criteria
+ * @returns {Object} the search result
+ */
+async function searchChallengeSettings (criteria) {
+  const list = await helper.scan('ChallengeSetting')
+  const records = _.filter(list, e => helper.partialMatch(criteria.name, e.name))
+  const total = records.length
+  const result = records.slice((criteria.page - 1) * criteria.perPage, criteria.page * criteria.perPage)
+
+  return { total, page: criteria.page, perPage: criteria.perPage, result }
+}
+
+searchChallengeSettings.schema = {
+  criteria: Joi.object().keys({
+    page: Joi.page(),
+    perPage: Joi.perPage(),
+    name: Joi.string()
+  })
+}
+
+/**
+ * Create challenge setting.
+ * @param {Object} setting the challenge setting to created
+ * @returns {Object} the created challenge setting
+ */
+async function createChallengeSetting (setting) {
+  await helper.validateDuplicate('ChallengeSetting', 'name', setting.name)
+  const ret = await helper.create('ChallengeSetting', _.assign({ id: uuid() }, setting))
+  return ret
+}
+
+createChallengeSetting.schema = {
+  setting: Joi.object().keys({
+    name: Joi.string().required()
+  }).required()
+}
+
+/**
+ * Get challenge setting.
+ * @param {String} id the challenge setting id
+ * @returns {Object} the challenge setting with given id
+ */
+async function getChallengeSetting (id) {
+  const ret = await helper.getById('ChallengeSetting', id)
+  return ret
+}
+
+getChallengeSetting.schema = {
+  id: Joi.id()
+}
+
+/**
+ * Update challenge setting.
+ * @param {String} id the challenge setting id
+ * @param {Object} data the challenge setting data to be updated
+ * @returns {Object} the updated challenge setting
+ */
+async function updateChallengeSetting (id, data) {
+  const setting = await helper.getById('ChallengeSetting', id)
+  if (setting.name.toLowerCase() !== data.name.toLowerCase()) {
+    await helper.validateDuplicate('ChallengeSetting', 'name', data.name)
+  }
+  return helper.update(setting, data)
+}
+
+updateChallengeSetting.schema = {
+  id: Joi.id(),
+  data: Joi.object().keys({
+    name: Joi.string().required()
+  }).required()
+}
+
+module.exports = {
+  searchChallengeSettings,
+  createChallengeSetting,
+  getChallengeSetting,
+  updateChallengeSetting
+}
+
+logger.buildService(module.exports)

src/routes.js

@@ -0,0 +1,128 @@
+/**
+ * This service provides operations of challenge types.
+ */
+
+const _ = require('lodash')
+const Joi = require('joi')
+const uuid = require('uuid/v4')
+const helper = require('../common/helper')
+const logger = require('../common/logger')
+
+/**
+ * Search challenge types
+ * @param {Object} criteria the search criteria
+ * @returns {Object} the search result
+ */
+async function searchChallengeTypes (criteria) {
+  const list = await helper.scan('ChallengeType')
+  const records = _.filter(list, e => helper.partialMatch(criteria.name, e.name) &&
+    helper.partialMatch(criteria.description, e.description) &&
+    (_.isUndefined(criteria.isActive) || e.isActive === criteria.isActive)
+  )
+  const total = records.length
+  const result = records.slice((criteria.page - 1) * criteria.perPage, criteria.page * criteria.perPage)
+
+  return { total, page: criteria.page, perPage: criteria.perPage, result }
+}
+
+searchChallengeTypes.schema = {
+  criteria: Joi.object().keys({
+    page: Joi.page(),
+    perPage: Joi.perPage(),
+    name: Joi.string(),
+    description: Joi.string(),
+    isActive: Joi.boolean()
+  })
+}
+
+/**
+ * Create challenge type.
+ * @param {Object} type the challenge type to created
+ * @returns {Object} the created challenge type
+ */
+async function createChallengeType (type) {
+  await helper.validateDuplicate('ChallengeType', 'name', type.name)
+  const ret = await helper.create('ChallengeType', _.assign({ id: uuid() }, type))
+  return ret
+}
+
+createChallengeType.schema = {
+  type: Joi.object().keys({
+    name: Joi.string().required(),
+    description: Joi.string(),
+    isActive: Joi.boolean().required()
+  }).required()
+}
+
+/**
+ * Get challenge type.
+ * @param {String} id the challenge type id
+ * @returns {Object} the challenge type with given id
+ */
+async function getChallengeType (id) {
+  const ret = await helper.getById('ChallengeType', id)
+  return ret
+}
+
+getChallengeType.schema = {
+  id: Joi.id()
+}
+
+/**
+ * Fully update challenge type.
+ * @param {String} id the challenge type id
+ * @param {Object} data the challenge type data to be updated
+ * @returns {Object} the updated challenge type
+ */
+async function fullyUpdateChallengeType (id, data) {
+  const type = await helper.getById('ChallengeType', id)
+  if (type.name.toLowerCase() !== data.name.toLowerCase()) {
+    await helper.validateDuplicate('ChallengeType', 'name', data.name)
+  }
+  if (_.isUndefined(data.description)) {
+    type.description = undefined
+  }
+  return helper.update(type, data)
+}
+
+fullyUpdateChallengeType.schema = {
+  id: Joi.id(),
+  data: Joi.object().keys({
+    name: Joi.string().required(),
+    description: Joi.string(),
+    isActive: Joi.boolean().required()
+  }).required()
+}
+
+/**
+ * Partially update challenge type.
+ * @param {String} id the challenge type id
+ * @param {Object} data the challenge type data to be updated
+ * @returns {Object} the updated challenge type
+ */
+async function partiallyUpdateChallengeType (id, data) {
+  const type = await helper.getById('ChallengeType', id)
+  if (data.name && type.name.toLowerCase() !== data.name.toLowerCase()) {
+    await helper.validateDuplicate('ChallengeType', 'name', data.name)
+  }
+  return helper.update(type, data)
+}
+
+partiallyUpdateChallengeType.schema = {
+  id: Joi.id(),
+  data: Joi.object().keys({
+    name: Joi.string(),
+    description: Joi.string(),
+    isActive: Joi.boolean()
+  }).required()
+}
+
+module.exports = {
+  searchChallengeTypes,
+  createChallengeType,
+  getChallengeType,
+  fullyUpdateChallengeType,
+  partiallyUpdateChallengeType
+}
+
+logger.buildService(module.exports)

src/services/AuditLogService.js

@@ -0,0 +1,55 @@
+/**
+ * Insert test data to database.
+ */
+require('../app-bootstrap')
+const logger = require('./common/logger')
+const helper = require('./common/helper')
+
+logger.info('Insert test data into database.')
+
+const insertData = async () => {
+  const settings = []
+  for (let i = 1; i <= 5; i++) {
+    const setting = { id: `11ab038e-48da-123b-96e8-8d3b99b6d18${i}`, name: `setting-name-${i}` }
+    settings.push(setting)
+    await helper.create('ChallengeSetting', setting)
+  }
+  const types = []
+  for (let i = 1; i <= 5; i++) {
+    const type = { id: `fe6d0a58-ce7d-4521-8501-b8132b1c039${i}`, name: `type-name-${i}`, isActive: i <= 3 }
+    if (i % 2 === 1) {
+      type.description = `descritpion${i}`
+    }
+    types.push(type)
+    await helper.create('ChallengeType', type)
+  }
+  const challenges = []
+  for (let i = 0; i < 10; i++) {
+    const challenge = {
+      id: `071cd9fa-99d1-4733-8d27-3b745b2bc6be${i}`,
+      legacyId: 30080001 + i,
+      typeId: types[i % 5].id,
+      track: `track${i}`,
+      name: `test-name${i}`,
+      description: `desc-${i % 5}`,
+      challengeSettings: [],
+      created: new Date(),
+      createdBy: 'hohosky'
+    }
+    let j = i % 3
+    while (j < 5) {
+      challenge.challengeSettings.push({ type: settings[j].id, value: `test-value${i}${j}` })
+      j = j + 3
+    }
+    challenges.push(challenge)
+    await helper.create('Challenge', challenge)
+  }
+}
+
+insertData().then(() => {
+  logger.info('Done!')
+  process.exit()
+}).catch((e) => {
+  logger.logFullError(e)
+  process.exit(1)
+})