The server functionality is documented with Swagger on the endpoint /api-docs.
Project code has been migrated to Typescript and given proper linting setup with ESLint
and Prettier
for automated code formatting on file save.
Winston
logs are split into two files:
error.log
- error logs onlycombined.log
- all logs combined together (info and error logs)
Test coverage badges are generated with nyc
and jest-coverage-badges
. They're generated during the pre-commit
phase via a husky
script.
Project is connected to Travis CI, current build status of the master
branch is shown on the top of the README file.
GET /rides
endpoints implements pagination, which allows the user to get rides by specific pages with 10 records each.
This feature utilizes sqlite3's LIMIT and OFFSET to iterate over the records with pageSize
increments.
The server now uses async/await style of sql queries with the help of sqlite
wrapper library.
Server logic has been split into small parts consisting of routers and controllers and separate validators utils.
All SQL queries now use a parametrized style of run
and all
queries that sanitize all provided values before execution, instead of using string templates that are vulnerable to injection.
Additionally the server also uses helmet
library for additional security measures with the help of HTTP headers.
Rides API also has a rate limiter that allows a maximum of 100 requests per 5 minutes (doesn't apply to localhost).
Server's load capabilities are tested with artillery
- health and rides endpoints scenarios can be found in artillery/scenarios
directory.
Load tests can be run with npm run test:load
, but require giving execution right to the runAllArtillery.sh
script (chmod +x ./testAllArtillery.sh
from the main directory)
Artillery config starts the tests with 150 workers that request the given endpoint for 1 minute, then it ramps up the amount to 1000.
Endpoint load reports are generated to the artillery
directory under a name <scenario>_report.json
.
The goal of these exercises are to assess your proficiency in software engineering that is related to the daily work that we do at Xendit. Please follow the instructions below to complete the assessment.
- Create a new repository in your own github profile named
backend-coding-test
and commit the contents of this folder - Ensure
node (>8.6 and <= 10)
andnpm
are installed - Run
npm install
- Run
npm test
- Run
npm start
- Hit the server to test health
curl localhost:8010/health
and expect a200
response
Below will be your set of tasks to accomplish. Please work on each of these tasks in order. Success criteria will be defined clearly for each task
Please deliver documentation of the server that clearly explains the goals of this project and clarifies the API response that is expected.
- A pull request against
master
of your fork with a clear description of the change and purpose and merge it - [BONUS] Create an easy way to deploy and view the documentation in a web format and include instructions to do so
Please implement the following tooling:
eslint
- for lintingnyc
- for code coveragepre-push
- for git pre push hook running testswinston
- for logging
- Create a pull request against
master
of your fork with the new tooling and merge iteslint
should have an opinionated formatnyc
should aim for test coverage of80%
across lines, statements, and branchespre-push
should run the tests before allowing pushing usinggit
winston
should be used to replace console logs and all errors should be logged as well. Logs should go to disk.
- Ensure that tooling is connected to
npm test
- Create a separate pull request against
master
of your fork with the linter fixes and merge it - Create a separate pull request against
master
of your fork to increase code coverage to acceptable thresholds and merge it - [BONUS] Add integration to CI such as Travis or Circle
- [BONUS] Add Typescript support
Please implement pagination to retrieve pages of the resource rides
.
- Create a pull request against
master
with your changes to theGET /rides
endpoint to support pagination including:- Code changes
- Tests
- Documentation
- Merge the pull request
Please implement the following refactors of the code:
- Convert callback style code to use
async/await
- Reduce complexity at top level control flow logic and move logic down and test independently
- [BONUS] Split between functional and imperative function and test independently
- A pull request against
master
of your fork for each of the refactors above with:- Code changes
- Tests
Please implement the following security controls for your system:
- Ensure the system is not vulnerable to SQL injection
- [BONUS] Implement an additional security improvement of your choice
- A pull request against
master
of your fork with:- Changes to the code
- Tests ensuring the vulnerability is addressed
Please implement load testing to ensure your service can handle a high amount of traffic
- Implement load testing using
artillery
- Create a PR against
master
of your fork including artillery - Ensure that load testing is able to be run using
npm test:load
. You can consider using a tool likeforever
to spin up a daemon and kill it after the load test has completed. - Test all endpoints under at least
100 rps
for30s
and ensure thatp99
is under50ms
- Create a PR against