A Back End Coding Test Project.
Here is the Kanban board for tracking this project.
No logical/functional changes are made to this branch after my date of submission. A separate branch afterDeadline is created for any post-deadline improvements.
Please checkout to branch afterDeadline
for more refined codes.
Updates to afterDeadline includes (last updated: 2/14 16:19):
1. Errors are now handled by a api_exception_handler with a uniform return.
2. MessageSerilaizer now checks valid input thoroughly.
2. Overall code refactoring. Less code for same functionality. More edge cases regarding to access control handled.
-
Clone the project
-
Move to the project file
cd ChattyBevy-django-backend/
-
Create and activate a virtual environment
-
python -m venv venv
orpython3 -m venv venv
-
source venv/bin/activate
-
-
Install the requirements
pip install -r requirements.txt
-
Move to the django project file
cd bevyApi/
-
Run the server
python manage.py runserver
The project's APIs are setup to run at localhost on port 8000. The APIs can be seperated into three parts, User Management, JWT authentication, and Messaging.
The User Management APIs leverages Tivix's repo django-rest-auth, which makes it extremely easy to manage user accounts.
-
[POST] Login
/rest-auth/login/
-
required fields:
{ "username": "", "email": "", "password": "" }
*choose one between username and email
-
return fields:
{ "key": "" }
-
-
[POST] Register
/rest-auth/registration/
- required fields:
{ "username": "", "email": "", "password1": "", "password2": "" }
- return fields:
{ "key": "" }
- required fields:
Django REST framework comes with authentication methods such as session/token authentication. Yet, there are some benefits of using JWT authentication.
JWT authentication is good because it allows for stateless, secure transmission of information between client and server. JWT tokens can be signed and encrypted for added security. They are also compact, allowing for efficient storage and transfer. This makes JWT a suitable choice for RESTful API authentication.
- ChatGPT
The APIs provided by SimpleJWT is used to provide the required authentication services.
-
[POST] Get tokens
/api/token/
- required fields:
{ "username": "", "email": "" }
- return fields:
{ "refresh": "", "access": "" }
- required fields:
-
[POST] Get refresh token
/api/token/refresh/
- required fields:
{ "refresh": "" }
- return fields:
{ "refresh": "" }
- required fields:
-
[GET] Get established contacts (room)
/messaging/room/
- return fields:
{ "count": int, "next": href, "previous": href, "results": [ { "id": int, "user1": str, "user2": str }, ] }
- return fields:
-
[GET] Get chat room
/messaging/room/{room_id}
- return fields:
[ { "id": int, "room_id": int, "sender": str, "recipient": str, "title": str, "body": str, "created_at": datetime }, ]
- return fields:
-
[POST] Send message
/messaging/room/{room_id}/message/
- required fields:
{ "sender": str, "recipient": str, "title": str, "body": str }
- return fields:
{ "id": int, "room_id": int, "sender": str, "recipient": str, "title": str, "body": str, "created_at": str }
- required fields:
-
[DELETE] Delete message
/messaging/room/{room_id}/message/{message_id}/
- return fields:
"message": { "message": "Item deleted successfully" }
- return fields:
Pagination, Throttling, Caching, and CORS are the new terms/knowledge I picked up in this project.
Throttling has been enabled throughout the APIs.
Caching is used for storing user login session (JWT tokens).
Pagination is applied on /messaging/room/
but has not been done on /messaging/room/{room_id}
yet.
Access Control on composing/viewing/deleting messages should be protected thoroughly.
- Applies pagination thoroughly.
- Manage a unifiy error raising interface.
-
Refactor code to handle malicious inputs.
- POST with fields/fields value altered
- Malformed hidden field
-
Refactor message composing mechanism. The current code check if room exists whenever a message is sent. Refactor it as:
if "room_id" not in request.POST: roomID = _createRoom(userA, userB) _composeMessage(roomID, message, ...)
- Fix a bug related to deleting user.
- Unit testing.
- freeze
- Database views
- ...
Refer to the Kanban board for more details on project status.