sliit-foss / bashaway-backend Goto Github PK

Endpoint should return the team name, team email and the total score as an array of objects in a given order

Submission score must not exceed the max score for a question.

There'll be 3 jobs to be run in parallel

• Run linter
• Run prettier formatter and if there are changes left on complete, add them back and commit to the repo if there is enough permission or else fail the job with a suitable error message
• Run commitlint and validate the commit message

All 3 can implemented as reusable actions under the following repo and consumed. Later these can be united under a resuable workflow. A new folder with a name of code-quality can be added for this purpose and registered under workspaces

The third needs to check if the repo already has a commitlint.config.js file and if it is not there, download one which is defined under the actions directory, the contents of the file will be the same as the ones in this repo. The necessary dependencies must be installed as well if not already available

As of now, any user may view any other user's submission. This needs to be changed so that only,

1. Admins
2. User that uploaded the submission

can view the submission

Responses for bad requests that prompt bad database queries (such as requests with invalid object ID's) are sent with status 500 (Internal server error).

The messages must be fixed so that the cause of the error is clear. @Akalanka47000

• There is a grammar mistake on the email verified page.

• URL: /api/auth/verify:verification_code

When all user scores must be updates, the scoring API must be called for each user. Which is tedious on the front end and inefficient on the back end (because the question list must be retrieved over and over, for each user).

This issue has a dependency and is blocked by #80

Summary

• I have already registered and logged in. Even though I can resend verification emails.

POC

1. Register a new user and log in to the Bashaway server as usual.
2. You can visit this endpoint (POST) /api/auth/verify and send a verification email again. Have a look at the example request bellow:

POST /api/auth/verify HTTP/1.1
Host: localhost:3001
Content-Type: application/json
Content-Length: 43

{
    "email": "[email protected]"
}

Postman Preview:

Impact

• It is possible for someone to send emails recursively. So our email quota gets over.

We need to move the existing verifyRegistration html template to a folder under 2022 and implement the new one in it's place.

The link to the new design - https://www.figma.com/file/90khkDVsXIF9GL1nQzSlEB/Bashaway?node-id=588%3A293&mode=dev

Summary

• I have already logged in as a user. Even though I can register another user account while I'm already been logged in.

POC

1. Log in as an existing user.
2. Verify your login by visiting (GET) /api/auth/current.
3. Now try registering a new user. By going to the following endpoint (POST) /api/auth/register. Have a look at the example request bellow:

POST /api/auth/register HTTP/1.1
Host: localhost:3000
Authorization: Bearer <YOUR-JWT-TOKEN>
Content-Type: application/json
Content-Length: 715

{
  "name": "Brand New User",
  "email": "[email protected]",
  "password": "Pass0000#",
  "university": "SLIIT",
  "members": [
    {
      "name": "DanTheMan",
      "email": "[email protected]",
      "phone": "0725661324",
      "academic_year": 4
    },
  ]
}

Postman Preview:

• Login to bashaway backend

• Verify I'm logged in

• Registering a new user even though I'm logged in

Impact

• Generally if a user is already logged in. That particular user cannot be able to register a new account. Unless logging out from the platform.

When sending a request with a json body that has syntactic errors, The server responds with status code 500 (Internal server error), Although the issue lies with the request.

@Akalanka47000

Sample request with an invalid json body:

curl -v -X POST -d '{,}' --header "Content-Type: application/json" http://localhost:3001/api/auth/register

Response:

< HTTP/1.1 500 Internal Server Error

Response body:

{
  "message": "Just patching things up. This'll be over in a jiffy!"
}

Log:

{"level":"error","message":"Error: Unexpected token , in JSON at position 1 | Stack: SyntaxError: Unexpected token , in JSON at position 1
    at JSON.parse (<anonymous>)
    at parse (/home/shifan/projects/bashaway-backend/node_modules/body-parser/lib/types/json.js:89:19)
    at /home/shifan/projects/bashaway-backend/node_modules/body-parser/lib/read.js:128:18
    at AsyncResource.runInAsyncScope (node:async_hooks:203:9)
    at invokeCallback (/home/shifan/projects/bashaway-backend/node_modules/raw-body/index.js:231:16)
    at done (/home/shifan/projects/bashaway-backend/node_modules/raw-body/index.js:220:7)
    at IncomingMessage.onEnd (/home/shifan/projects/bashaway-backend/node_modules/raw-body/index.js:280:7)
    at IncomingMessage.emit (node:events:513:28)
    at IncomingMessage.emit (node:domain:482:12)
    at endReadableNT (node:internal/streams/readable:1359:12)","timestamp":"2022-07-26T11:33:40.968Z"}

• The default value of this should be false and this key should be added to the validator to allow filtration by it

The task is to add the necessary crud operations to add a collection named settings to the db. The collection will have documents each of which holds a different type of setting. As of now there will be 2 types:

• Submission settings with a key named submission deadline which is a timestamp
• Registration settings with a key named registration deadline which is a timestamp

The endpoints for this module will only be accessible by admins

Indicates that during the evaluation of submissions, the inputs to the problem if provided any will be replaced by their originals within the submission to bypass tampering

• This is a boolean and defaults to false.
• It should be added to validators and be optional

Passwords are hashed on the front end before sending. Hashing in the back end is not necessary.

@saputhebeast
Certain fields have to be set to a default value.

• This will deprecate the 2 endpoints in the user module for computing scores