Topcoder Skill Builder Competition | Golang | Solar System data: Reassurance

Key Information

Register
Submit
Competition Timeline

Timezone:Etc/UTC

Registration

Starts

Jul 22, 2021

03:20

Ends

Apr 02, 2022

17:21

Submission

Starts

Jul 22, 2021

03:45

Ends

Apr 02, 2022

17:46

Review

Starts

Apr 02, 2022

17:46

Ends

Apr 04, 2022

17:46

Appeals

Starts

Apr 04, 2022

17:46

Ends

Apr 05, 2022

17:46

Winners Announced

Apr 06, 2022

05:46

Challenge Overview

Challenge Overview

Challenge Banner

Recovery

This is the HARD 1000 Points Competition

With the retrieval system ready, everyone at the Tycho station is happy. But you still need to reassure everyone about the integrity of the data. To that end you now want to create interfaces for the planetary experts to edit the data.

In this challenge, you need to continue updating the API. You'll expand the API to support data editing. But only authorized users should be able to edit data.

Solving this problem you learn:

  • To update existing records in a database using Go
  • To use middlewares
  • To protect routes from unauthorized access

Learning Material: https://tutorialedge.net/golang/authenticating-golang-rest-api-with-jwts/

What do you need to do?

IMPORTANT

Continue using your submission from MEDIUM-500

Technology Stack

  • Go
  • PostgreSQL
  • go-pg
  • Gin framework
  • JWT

Data model

User model (Table name: users)

  • id: Long (Primary key)
  • username: String
  • password: String

Task

Signup User

Method: POST URL: /api/v1/signup

Request Body

{
	"username": "username",
	"password": "password",
	"token": "expansion-in-progress"
}

The endpoint should add the user record to the users table. The password should be SHA256 hashed and salted before adding to the table. This endpoint should only work if "token" is "expansion-in-progress" - this is to prevent unauthorized people to signup themselves up and alter data.

Response If the token matches "expansion-in-progress" the response should return HTTP Status Code 200 with the following JSON.

{
	message: "User successfully created"
}

Error If the "token" doesn't match "expansion-in-progress" the response should return HTTP Status Cod 401 with the following JSON.

{
	message: "Invalid token"
}

Authenticate user

Method: POST URL: /api/v1/login

Request body

{
   “username”: “user-name”,
   “password”: “password”
}

Response If the username and password combination matches one of the records in the users table, the response should return HTTP Status code 200 with the following JSON.

{
   “token”: “JWT Authentication token”
}

Error

If the username and password combination is invalid, return HTTP status code 401 with the following JSON

{
   “message”: “Invalid username and password combination.”
}

Update body

Method: POST URL: /api/v1/bodies/:id

Request body (can contain one or more of the following attributes)

{
  "name": "NAME",
  "description": "DESCRIPTION",
  "moons": "NUMBER OF MOONS",
  "density": "DENSITY",
  "gravity": "GRAVITY",
  "mass": {
    "value": "MASS VALUE",
    "exp": "MASS EXPONENT"
  },
  "volume": {
    "value": "VOLUME VALUE",
    "exp": "VOLUME EXPONENT"
  },
  "sideralOrbit": "SIDERAL ORBIT",
  "sideralRotation": "SIDERAL ROTATION"
}

Request Header: The request header should contain the header “Authorization” with the value “Bearer TOKEN”, where TOKEN is the JWT token returned by the login API.

Response The response should return HTTP Status code 201 and return the updated body data

Error The response should return HTTP Status code 400 if an error occurs. The response body should be the following JSON

{
   “message”: “Error message”
}
  • If the request body is empty message should be “Invalid request”
  • If any of the request body attributes is not one of the allowed request body attributes, response should be “ATTRIBUTE not allowed”, where ATTRIBUTE is the unexpected attribute.
  • If the authorization header is missing or the bearer token is invalid the response should return HTTP Status code 401 and the response body should be
{
   “message”: “Authentication required”
}

Existing endpoints from the previous challenge should work without requiring authentication.

Grading

The automated grader will invoke the endpoints from the spec with different configurations and test for 200, 400 and 404 response codes in addition to checking for correctness of returned data. Each response will either get a 0 or a 1. The final score will be (correct responses/total queries) * 100

Submission Deliverables

You must follow this submission folder structure and the Dockerfile in the sample submission so our automated test process can process your scoring:

  • Create a folder with “code” as the folder name then zip.
  • Inside the “code” folder, there needs to be a file named Dockerfile. This is the docker file used to build the user’s submission. Refer to the provided Docker file in Sample Submission for each level.
  • Zip that “code” folder and submit to the challenge.
  • After you submit - you will be able to check your score and logs on the challenge leaderboard and submission-review app respectively.
  • In case you receive a score of -1, please look at the logs and go through the sample submission and submission guidelines once to see if you are doing things correctly.

Topcoder Go Skill Builder Problems

ELIGIBLE EVENTS:

2022 Topcoder(R) Open

REVIEW STYLE:

Final Review:

Community Review Board

Approval:

User Sign-Off

SHARE:

ID: 30196409