In this assignment, you will create a web application for persistent handling of programming code snippets using an application framework and an object data modeling library for MongoDB.
The application in Node.js will use Express as the application framework and Mongoose as the object modeling library. The application must have full CRUD functionality regarding snippets, whereby a user must be able to create, read, update, and delete snippets.
Users must be able to register and login to the application after entering a username and a password. A user cannot register an already existing username because the username must be unique to the application. A logged-in user must be able to log out of the application.
Anonymous users should only be able to view snippets. Authenticated users, in addition to view snippets, must also be able to create, edit, and delete their snippets. No one but the authenticated user should be able to create, edit and delete their snippets. Because of this, the application must support some basic authentication and authorization. On the server-side, you may only use session storage, using the express-session package, to implement authentication and authorization. You must not use any packages such as Passport, etc., to authenticate or authorize.
When writing and presenting snippets, the application must support multiline text, enabling the user to write real code snippets, not just a one-line text string. The application should be easy to understand, which means that users should be notified of what is happening in the application (e.g., with flash messages).
If a user tries to access a resource that requires the user to be logged in, the application must return the status code 403 (Forbidden). Of course, when necessary, the application must also return the status code 404 (Not Found) as well as 500 (Internal Server Error).
As far as possible, the application must be protected from vulnerable attacks. Be prepared to explain and defend your solution at the oral hearing.
As always, we have the following requirements:
- The only command that the examiner will need to execute to run your application after cloning it from its repository is
- You must use GitLab, and make several commits, to show how your completed assignment has evolved from the start to the end.
- To announce that you have completed the assignment, you must make a release of your assignment at its repository on GitLab. If a release is not made, the assignment will not be assessed.
You are free to set up your development environment. You need access to a document database, using Docker or a DaaS (see How to set up your MongoDB for more information).
Extra features [optional]
For those of you who want to add extra functionality to the application, and get an extra plus on the assignment, feel free to do that. Some examples of this could be:
- Add support for tagging each snippet by one or more tags.
- Add support for just showing snippets that's belongs to one tag or/and one user.
Deadline and submission
Deadline: 2020-02-26 12:00
To tell the course management that your application is ready to be assessed, you need to make a release.
The release must be made before the deadline to get the assignment assessed. To make a release you need to add a RELEASE.md-file with certain content to your repository.
- Make sure you are located in the root of your repository.
- Get the template. `wget https://gitlab.lnu.se/1dv023/content/examination-assignments/examination-2-template/raw/master/RELEASE.md`
- Edit the file and make sure to follow the instructions in the file.
- Save the file and add it to git (`git add RELEASE.md`)
- Commit (`git commit`) the file and push (`git push`) it to GitLab.
- Visit CodeGrade and make sure you pass the “Release”-rubric category.
To tell you that you intend to submit the assignment, it is important that you make a complete submission for the assignment to be assessed.
To be able to book a time slot for the oral examination you must make a release before the deadline. Booked time slots without a release made will be cleared without further notice.
The examination will be an oral hearing, including the theory raised to this point of the course. During the examination, you will be asked a couple of questions. You will also defend your solution for the assignment. Notes will be taken on how well you answered the questions and how good your application is depending on security, functionality, and code quality. The notes will be used when setting the final grade on the course. For this assignment, however, the grade is U (failed, “underkänd”), and G (pass, “godkänd”).
Book time for examination
You book a time slot in MyMoodle, https://mymoodle.lnu.se/course/view.php?id=45628.