danielemery / quizlord-api Goto Github PK

Sometimes users upload quizzes as blurry photos.

Some of these are so bad the quiz cannot be completed.

Users should be able to mark quizzes as unreadable so they do not appear as incomplete quizzes on their list. (especially when #27 is done).

Other users should be able to see how many people have marked the quiz as illegible.

Add resolver to get a list of the last (~20) activities completed on quizlord

This could include quiz completions and quiz uploads along with the score.

It should support filtering on the activity type.

Should migrations be performed as part of ci rather than at container start?

Enhance the existing individualUserStatistics resolver.

• Should allow either by TOTAL_COMPLETIONS or AVERAGE_SCORE
• Should allow ASC or DESC

Currently the only way to approve a new user and give them a role is direct database queries

This should be able to be done through the app by anyone with the "admin" role.

In #44 we missed the version injection that used to be done in the CircleCI job. This is causing the container to fail on startup.

It would be nice to generate types for the resolver code to use from the graphql schema.

• Types are generated from the graphql schema
• Types are consumed by the resolvers
• Bonus: Types are exported in an npm package for use by the client

Currently Joi is being used for schema validation.

zod provides better typescript support and should be used instead. Especially since the quizlord-client will soon also be migrated to work with the new version of docker-react.

Change should be confined to src/config.ts and define the same contract.

• Integrate into existing github workflow
• Consider using https://about.codecov.io/
• Add README card with current coverage percentages

Currently GitHub actions authenticate with aws (to publish helm charts to s3) using key id and key secret stored as GitHub secrets.

It's recommended that instead openid connect is configured for this.

This should be defined in terraform (both on the GitHub side and the AWS side) and the actions updated as necessary.

Currently the project is making use of the apollo-server package (v3.12.0)

This has been marked deprecated in favour of the @apollo/server (currently at version 4.5.0).

The package should be updated and any breaking changes addressed.

EOL is scheduled for October 22nd 2023

Enter your results more granularly so later we can compare who did well on each question etc

Currently the terraform configuration for quizlord lives in a private repo along with infrastructure for other applications.

It should be moved here (or more likely to quizlord-stack) where it can be developed on in the open.

Replace knex with prisma...

Our database hosting has already been upgraded to postgres 15 and luckily no issues were encountered.

The local development docker should now also be updated as well as anything else dependent on postgres version.

Add sentry error tracking to api application.

Requires creation of a custom apollo server plugin: https://www.apollographql.com/docs/apollo-server/integrations/plugins/

Improve test coverage, depending on how much this covers follow up tickets should be created.

Currently we have failing builds as circleci's tokens have expired. Instead of fixing this we will take the oppurtunity to migrate to github actions.

This will have the following benefits:

• More approachable for any new developer coming into the project
• Easier credential management (since the registry is already in git)
• Better developer experience since more information is available directly in github about failed builds etc

Add required flake to be able to work on the quizlord api from a nixos operating system.

Often quizzes are split across multiple pages or answers are separate
In these cases, we need to support multiple files

• multiple files supported for questions
• multiple files supported for answers

Currently the following scenarios result in unhandled errors being returned:

• Calling the api without a jwt
• Calling the api with an invalid jwt
• Calling the api with an expired jwt

Acceptance Criteria

• Each of these should be handled and an appropriate error code returned.
• Handled errors should not be reported to sentry

Add a simple endpoint to load quiz completion statistics.

The initial endpoint should include:

• List of all users by name and their average score as a percentage as well as a count of how many quizzes they have completed
• List of all permutations of users and their average score and quizzes completed together

It's fine if this is computed with a delay, but the time it was computed should be included in the result.

At the moment anyone can create an account
This should say the same but a permission should need to be added to them in auth0 before that can participate in quizlord

As a developer I want to use the graphql playground more easily to explore the schema and test the api.

It's best practice for this not to be exposed on production.

Action Required: Rules will Reach End of Life on November 18, 2024

We've received a notification that auth0 rules will be retired. They are currently being used based on a community forum recommendation to have the user's email and name included in the auth0 JWT.

We need to either:

• Replace it with an Auth0 action (or whatever the recommended replacement is)
• Have the api call auth0 with the token to get the user's details (email and name)

Currently, when selecting who you completed a quiz with, the results are in alphabetical order, they should instead be ordered by

1. The number of quizzes you have completed with the person
2. Alphabetically

Users should be able to record a quiz completion/attempt, including

• When it was completed
• Who participated
• The score

In #66 a new statistics resolver and service is being introduced.

In order to keep the codebase tidy I'm proposing separating it into domains:

• user
• quiz
• config
• auth
• files
• statistics*

These will be the top level folders that will hold the resolvers, services, persistence layers, tests etc for each domain.

As things are being consolidated they could also be converted into classes that take dependencies as arguments to make testing easier later.

Due to a small issue in the custom sql query instead of returning users ordered by how many quizzes they have done with you, they are ordered by the number of quizzes done in general.

This is a low impact but but makes the previous feature incorrect so should be fixed as a matter of priority.

When a new user logs into quizlord they get a record in Auth0 but will not have access to the app

Each admin should receive an email notifying them about the signup so they can either promote or block the user.

The project currently has a few unit tests written for pure functions but none with mocks, spys or other testing code.

A few options should be considered and then one decided upon and implemented for a few services.

Current candidates:

• jest: I'm the most familiar with this and so could hit the ground running but it always feels like it introduces a lot of overhead
• mocha, chai and sinon: These are nice and fast and simple and I appreciate the single responsibility of each. But I find the sinon documentation more geared towards old-school javascript with very few typescript & modern module examples.
• node test runner node itself now has a built in test runner, I have no idea how this compares with the others and what scope it has but it's worth a look

• only by admin users
• should also delete related images from s3

General maintenance issue to upgrade npm packages to latest versions and ensure everything is still functioning as expected

Both to docker container and helm template
Health and readiness if possible

Probably implement into https://github.com/danielemery/healthz-core

• Proper healthcheck endpoints implemented
• Helm chart updated to use new healthcheck endpoints
• Health check does not report to sentry (to reduce tracking analytics usage)
• Uptime kuma status page updated to refer to health check endpoint

Currently quiz statistics are computed on demand and then cached. This means that:

a) there is a significant cold start when a user asks for statistics and they result is not already cached
b) if a user completes a quiz and looks at statistics they will not see the results of their just-completed quiz

As an alternative it would be good to rerun the computation every time a quiz is completed.

• This should not be done on the submit completion request but rather just started there (ideally later this will be on a worker but we don''t have one yet).
• This should also be done on application start so the cache is already hot
• The cache expiry should be removed or made very long (as it's now invalidation on completion it should not get out of date)

Allow integration testing of the graphql api with an active database.

• Fresh database is spun up for the tests
• Method for a testing authentication header established
• Some example tests are created
• Tests are run by the github actions on raising an MR

As a developer it would be handy to be able to test against "production-like" data before going to production.

This includes having more than 100 quizzes to test paging, having lots of quiz results for testing when making statistics etc.

A job or script should be greated to:

1. Replace the staging database with a copy of the prod database
2. Replace the contents of the image s3 bucket which what's present in production

The job shouldn't be automatic at this point.

Special care will need to be taken with regards to migrations. If possible the script should trigger a rerun of the staging migration job when it completes.

Allow users to get a list of users with the User role
This will be used to get a list of who you completed a quiz with

The auth0 free trial perhaps does not include a roles implementation
Instead we should just implement roles in our own database using casbin or similar and later consider either something like keycloak OR just improving caching etc of db roles

Currently, we're only storing the email of users, we should also grab their:

• full name
• image URL

This information is available in the auth0 auth token so we should be able to automatically populate on their next login

Consider using https://github.com/simonpratt/eslint-config 🎉

In v1.2.0 an issue was introduced causing the new statistics endpoint to error.

Full details of the error can be found in the sentry error.

Current thoughts are either:

• The endpoint doesn't work if there are users with 0 quiz completions
• Or, there is some issue with the paging

As a user I would like to filter to view only quizzes I haven't done

If possible it would also be good to be able to select people I want to do the quiz with, so it can filter on quizzes none of us have completed.

My filter should persist on the device I set it, and be able to be easily cleared.

Tracey has reported the following:

Interestingly, for example... Incomplete quiz shows 2/7 but 'all quizzes' doesn't show it. Others also pop up in 'incomplete' but not in 'all'. Weird!

The graphql endpoint should be tested and debugged with her email against production data to figure out what's going on.