Public | Automated Build

Last pushed: a year ago
Short Description
Challenge
Full Description

Building and executing the project (via Docker)

Firstly, install and set-up docker:

https://docs.docker.com/engine/installation#on-linux
  or
https://docs.docker.com/engine/installation#on-osx-and-windows

Then pull the latest docker images and execute it:

git clone https://github.com/rickclare/reachrobotics_challenge
cd reachrobotics_challenge

# either
docker-compose pull # pull pre-built image from Docker Hub (this may take a few minutes)
# or
docker-compose build # build using latest local source code (this will take several minutes)

docker-compose up web

Testing API calls

curl -k https://`docker-machine ip`/api/v1/mekamons # Docker-machine on OS X or Windows

curl -k https://localhost/api/v1/mekamons/2 # Native docker on linux

curl https://reachrobotics-challenge-rick.herokuapp.com/api/v1/mekamons # Heroku hosted service

Running test specs

docker-compose run test_specs

Implementation Notes

Security

This service takes the following steps to ensure security.

  1. The service uses auth tokens that are:
  • Changed after every request of cryptographic strength
  • Hashed using BCrypt (not stored in plain-text)
  • Securely compared (to protect against timing attacks)
  • Invalidated after 2 weeks (thus requiring users to login again)
  1. The most important step is to use and enforce SSL access
    (i.e. in Production mode the service forces SSL access, redirecting all HTTP requests to HTTPS)

API Endpoints

User accounts

User account sign-up

POST /api/v1/auth

Example:

curl -ki -X POST -H "Content-Type: application/json" -d '{
  "email": "test@example.com",
  "password": "12345678",
  "name": "John Smith",
  "address_line_1": "1 The Larch",
  "address_line_2": "Larchington",
  "city": "Larchington",
  "county": "Larchinshire",
  "postcode": "LN1 1XX"
}' https://reachrobotics-challenge-rick.herokuapp.com/api/v1/auth

User account sign-in (retrieve authentication tokens)

POST /api/v1/auth/sign_in

This results in a HTTP response with headers access-token and client that can be used a subsequent request that require authentication.

Example:

curl -ki -X POST -H "Content-Type: application/json" -d '{
  "email": "test@example.com",
  "password": "12345678"
}' https://reachrobotics-challenge-rick.herokuapp.com/api/v1/auth/sign_in

User account sign-out (token based authentication)

DELETE /api/v1/auth/sign_out

Example below. Note, the request header values for access-token and client need to be obtained first (from response-header in a previous API request, or via POST /api/v1/auth/sign_in request)

curl -ki -X DELETE -H "access-token: xxxx" -H "client: yyyy" -H "uid: test@example.com" https://reachrobotics-challenge-rick.herokuapp.com/api/v1/auth/sign_out

Delete a user account (token based authentication)

DELETE /api/v1/auth

Example below. Note, the request header values for access-token and client need to be obtained first (from response-header in a previous API request, or via POST /api/v1/auth/sign_in request)

curl -ki -X DELETE -H "access-token: xxxx" -H "client: yyyy" -H "uid: test@example.com" https://reachrobotics-challenge-rick.herokuapp.com/api/v1/auth

Retrieve current user data (token based authentication)

GET /api/v1/user

Example below. Note, the request header values for access-token and client need to be obtained first (from response-header in a previous API request, or via POST /api/v1/auth/sign_in request)

curl -ki -H "access-token: xxxx" -H "client: yyyy" -H "uid: test@example.com" https://reachrobotics-challenge-rick.herokuapp.com/api/v1/user

Mekamons

List Mekamons that belong to a User (token based authentication)

GET /api/v1/user/mekamons

Note: This currently returns dummy data

Example below. Note, the request header values for access-token and client need to be obtained first (from response-header in a previous API request, or via POST /api/v1/auth/sign_in request)

curl -ki -H "access-token: xxxx" -H "client: yyyy" -H "uid: test@example.com" https://reachrobotics-challenge-rick.herokuapp.com/api/v1/user/mekamons

List all mekamons (publically available endpoint)

GET /api/v1/mekamons

curl -k https://reachrobotics-challenge-rick.herokuapp.com/api/v1/mekamons

Show details of a single mekamon (publically available endpoint)

GET /api/v1/mekamons/:id

curl -k https://reachrobotics-challenge-rick.herokuapp.com/api/v1/mekamons/3

Games

List Games that a User is participating in

GET /api/v1/user/games

Note: This currently returns dummy data

Example below. Note, the request header values for access-token and client need to be obtained first (from response-header in a previous API request, or via POST /api/v1/auth/sign_in request)

curl -ki -H "access-token: xxxx" -H "client: yyyy" -H "uid: test@example.com" https://reachrobotics-challenge-rick.herokuapp.com/api/v1/user/games
Docker Pull Command
Owner
rickclare