There are two docker services:
mongo
app
, listens on port8080
mongo
service is supposed to be set up as a cluster and/or sharded database, but it's not done yet.
app
service is an express application with API endpoints (see /src/routes.js
).
By default the app container is started in development mode, so users fixture is applied.
Three sample users are created:
- phone = 111-222-333
- phone = 123-456-789
- phone = 444-555-666
These phones should be used to make API requests.
To run the service:
$ docker-compose up
$ curl -X "POST" "http://localhost:8080/user/codegen" \
-H 'Content-Type: application/json; charset=utf-8' \
-d $'{
"otpCode": "111111",
"phone": "111-222-333",
"pairingCode": "222222"
}'
$ curl -X "POST" "http://localhost:8080/user/otp" \
-H 'Content-Type: application/json; charset=utf-8' \
-d $'{
"phone": "111-222-333",
"code": "111111"
}'
The response will return uuid
param, save it as it will be used in further requests.
$ curl -X "POST" "http://localhost:8080/user/pair" \
-H 'Content-Type: application/json; charset=utf-8' \
-d $'{
"phone": "111-222-333",
"uuid": "insert-the-uuid-from-previous-request",
"code": "222222"
}'
$ curl -X "POST" "http://localhost:8080/user/unlock" \
-H 'Content-Type: application/json; charset=utf-8' \
-d $'{
"phone": "111-222-333",
"uuid": "insert-the-uuid-from-previous-request"
}'
To make it production-ready there are multiple things remaining to be done:
- SSL connection to the DB
- setup DB cluster/shards for scaling
- setup proper role-based access to the DB, do not use the
root
user - use secure DB passwords, specify them in
docker-compose.yml
- use a more sophisticated system to authenticate customer agents
- ensure
app
service can be scaled
Unfortunately there was no time to write proper E2E and/or unit tests.
But there is a simple test case ./test.js
that would make requests from code generation to unlock.
For them to work the app
container must run in development env.
I had no time to make a proper Docker setup, so to run them (while docker-compose is running):
$ npm install
$ node test.js
OTP code validation. Accepts and responses in JSON.
Expected params:
phone
, the phone number identifying a usercode
, the OTP code generated by system
Returns when validated:
message
uuid
, the gadget identifying code that must be stored on the client app. Prevents making unauthorized requests from other gadgets.
After three invalid codes or OTP expiration (5 minutes), user is locked out and requires a customer agent to reset the process using a separate endpoint (see below).
Pair code validation. Accepts and responses in JSON.
Expected params:
phone
, the phone number identifying a usercode
, the pairing code generated by system and display in the vehicleuuid
, the uuid code stored by the client app after the OTP validation step
If a valid code wasn't entered after expiration time of 2 minutes, user is locked out and requires a customer agent to reset the process using a separate endpoint (see below).
Reset user pairing state.
Accessible only to customer agents authenticated by an auth token specified as an env variable AGENT_AUTH
in docker-composer.yml
.
It resets:
- OTP code
- pairing code
- attempts history
- verification, pairing,
requiresReset
statuses
Expected params:
phone
, the phone number identifying a userauthToken
, the authentication code
Unlocks a vehicle associated with the user.
Expected params:
phone
, the phone number identifying a useruuid
, the uuid code stored by the client app after the OTP validation step
Generate OTP and pairing codes for a user with the creation date set to now.
Expected params:
phone
, the phone number identifying a userotpCode
, string, OTP codepairingCode
, string, pairing code
Delete and recreate users using fixture in /src/db.js
.