In this assignment, you will create a web application for persistent handling of programming code snippets using an application framework and an object data modeling library for MongoDB.
The application in Node.js will use Express as the application framework and Mongoose as the object modeling library. The application must have full CRUD functionality regarding snippets, whereby a user must be able to create, read, update and delete snippets.
Users must be able to register and login to the application after entering a username and a password. A user cannot register an already existing username because the username must be unique to the application. A logged in user must be able to log out of the application.
Anonymous users should only be able to view snippets. Authenticated users, in addition to view snippets, must also be able to create, edit and delete their snippets. No one but the authenticated user should be able to create, edit and delete their snippets. Because of this, the application must support some basic authentication and authorization. On the server-side you may only use plain session storage, using the express-session package, to implement authentication and authorization. You must not use any packages such as Passport, etc., to authenticate or authorize.
When writing and presenting snippets, the application must support multiline text, enabling the user to write real code snippets, not just a one-line text string. The application should be easy to understand, meaning that the users should get clear notifications on what is going on in the application (eg. using flash messages).
If a user tries to access a resource that requires the user to be logged in, the application must return the status code 403 (Forbidden). Of course, when necessary, the application must also return the status code 404 (Not Found) as well as 500 (Internal Server Error).
As far as possible, the application must be protected from vulnerable attacks. Be prepared to explain and defend your solution at the oral hearing.
As always, we have the following requirements:
- The only command that the examiner will need to execute to run your application after cloning it from GitHub is
- You must use GitHub, and make several commits, to show how your completed assignment has evolved from the start to the end.
- To announce that you have completed the assignment, you must create a release of your examination repository on GitHub. If a release is missing the examinators will not grade your assignment.
You are free to set up your development environment. You will need a database connection. You are free to use Docker or a connection-string to mLab (see the database connection text for more information)
Extra features [optional]
For those who want to expand functionality in the application and get an extra plus on the assignment, feel free to do that. Some examples of this could be:
- Add support for tagging each snippet by one or more tags.
- Add support for just showing snippets that's belongs to one tag or/and one user.
Deadline & examination
Monday 16/12 : 07:30
Wednesday, January 7, 12:00 PM (12 noon) (2020-01-07 12:00 CET)
Wednesday, January 29, 12:00 PM (12 noon) (2020-01-29 12:00 CET)
To be able to book a time slot for the oral examination you must make a release on Github before the above deadline. Booked time slots without a release made will be cleared without further notice.
The examination will be an oral hearing, including the theory raised to this point of the course. This means during the examination we will ask you a couple of theoretical questions. You will also defend your solution for the practical assignment. Notes will be taken on how well you answered the theory questions and how good your application is depending on security, functionality and code quality which will be used when setting the final grade on the course. For this assignment, however, the grade is F (Fail) and P (Pass).
You can choose between a campus or distance exam. Retakes is Slack only!
Campus – Växjö A few times for examination on campus will be available. Be sure to note if you booked a campus or distance/slack examination. If you booked a campus examination you will wait in the hallway of the third floor of the B-building 5 minutes before your time slot. We will call you in.
Distance – Slack
If you choose a distance exam it will take part in Slack using screen sharing, microphone and preferably a web camera. At least 10 minutes before your time slot you should go into slack-channel of the course and write your LNU-username and your booked time. We will contact you on Slack when it is your turn.