There are two docker services:

• mongo
• app, listens on port 8080

mongo service is supposed to be set up as a cluster and/or sharded database, but it's not done yet.

app service is an express application with API endpoints (see /src/routes.js).

By default the app container is started in development mode, so users fixture is applied.

Three sample users are created:

• phone = 111-222-333
• phone = 123-456-789
• phone = 444-555-666

These phones should be used to make API requests.

To run the service:

$ docker-compose up

$ curl -X "POST" "http://localhost:8080/user/codegen" \
       -H 'Content-Type: application/json; charset=utf-8' \
       -d $'{
    "otpCode": "111111",
    "phone": "111-222-333",
    "pairingCode": "222222"
  }'

$ curl -X "POST" "http://localhost:8080/user/otp" \
       -H 'Content-Type: application/json; charset=utf-8' \
       -d $'{
    "phone": "111-222-333",
    "code": "111111"
  }'

The response will return uuid param, save it as it will be used in further requests.

$ curl -X "POST" "http://localhost:8080/user/pair" \
       -H 'Content-Type: application/json; charset=utf-8' \
       -d $'{
    "phone": "111-222-333",
    "uuid": "insert-the-uuid-from-previous-request",
    "code": "222222"
  }'

$ curl -X "POST" "http://localhost:8080/user/unlock" \
     -H 'Content-Type: application/json; charset=utf-8' \
     -d $'{
  "phone": "111-222-333",
  "uuid": "insert-the-uuid-from-previous-request"
}'

To make it production-ready there are multiple things remaining to be done:

• SSL connection to the DB
• setup DB cluster/shards for scaling
• setup proper role-based access to the DB, do not use the root user
• use secure DB passwords, specify them in docker-compose.yml
• use a more sophisticated system to authenticate customer agents
• ensure app service can be scaled

Unfortunately there was no time to write proper E2E and/or unit tests.

But there is a simple test case ./test.js that would make requests from code generation to unlock.
For them to work the app container must run in development env.

I had no time to make a proper Docker setup, so to run them (while docker-compose is running):

$ npm install
$ node test.js

OTP code validation. Accepts and responses in JSON.

Expected params:

• phone, the phone number identifying a user
• code, the OTP code generated by system

Returns when validated:

• message
• uuid, the gadget identifying code that must be stored on the client app. Prevents making unauthorized requests from other gadgets.

After three invalid codes or OTP expiration (5 minutes), user is locked out and requires a customer agent to reset the process using a separate endpoint (see below).

Pair code validation. Accepts and responses in JSON.

Expected params:

• phone, the phone number identifying a user
• code, the pairing code generated by system and display in the vehicle
• uuid, the uuid code stored by the client app after the OTP validation step

If a valid code wasn't entered after expiration time of 2 minutes, user is locked out and requires a customer agent to reset the process using a separate endpoint (see below).

Reset user pairing state.
Accessible only to customer agents authenticated by an auth token specified as an env variable AGENT_AUTH in docker-composer.yml.

It resets:

• OTP code
• pairing code
• attempts history
• verification, pairing, requiresReset statuses

Expected params:

• phone, the phone number identifying a user
• authToken, the authentication code

Unlocks a vehicle associated with the user.

Expected params:

• phone, the phone number identifying a user
• uuid, the uuid code stored by the client app after the OTP validation step

Generate OTP and pairing codes for a user with the creation date set to now.

Expected params:

• phone, the phone number identifying a user
• otpCode, string, OTP code
• pairingCode, string, pairing code

Delete and recreate users using fixture in /src/db.js.