Sprint Challenge - Authentication & Testing

Sprint Challenge

This sprint challenge will test your understanding of authentication, JSON Web Tokens, and testing in web development. You'll build a secure API with comprehensive test coverage, demonstrating your mastery of these concepts.

Challenge Objectives

Authentication

Implement secure user authentication using both session-based and JWT approaches.

API Development

Build a RESTful API with proper error handling and data validation.

Testing

Create comprehensive test suites covering unit tests, integration tests, and API endpoints.

Project Requirements

Authentication Features

  • User Registration: Implement secure password hashing with bcrypt
  • Login/Logout: Create secure login endpoints with JWT generation
  • Password Security: Apply proper password validation and storage
  • JWT Implementation: Use JWTs with appropriate payload structure and expiration
  • Protected Routes: Create middleware to verify tokens and protect resources

API Endpoints

  • User Management: CRUD operations for user resources
  • Protected Routes: Implement token-based access control
  • Error Handling: Comprehensive error handling with appropriate status codes
  • Data Validation: Validate incoming data before processing
  • Response Format: Consistent API response structure

Testing Requirements

  • Unit Tests: Test individual functions and components
  • Integration Tests: Test interactions between modules
  • API Tests: Test API endpoints using Supertest
  • Authentication Tests: Verify security measures work as expected
  • Test Coverage: Achieve high test coverage across the codebase

Challenge Tasks

Authentication Implementation

Implement a secure authentication system with the following features:

  • User registration with password hashing
  • Login endpoint that generates JWT tokens
  • JWT middleware to protect routes
  • Secure password storage and validation
  • Proper error handling for auth failures

Testing Requirements

Create comprehensive test suites to verify your implementation:

  • API endpoint tests for auth routes
  • Unit tests for auth middleware
  • Tests for protected routes
  • Database operation tests
  • Token verification tests

API Documentation

Document your API endpoints with:

  • Endpoint descriptions
  • Request/response formats
  • Authentication requirements
  • Error responses
  • Example usage with cURL or Postman

Project Setup

Starter Repository

Get started with the project using our provided starter code. The repository includes:

  • Basic Express server setup
  • Database configuration with Knex
  • Initial Jest configuration
  • Project structure for routes, models, and middleware
  • README with detailed instructions
View Repository

Resources & Guidelines

Project Guidelines

  • RESTful API: Follow RESTful design principles for your endpoints
  • Error Handling: Implement comprehensive error handling with appropriate HTTP status codes
  • Code Organization: Keep your code modular and well-organized
  • Documentation: Write clear documentation for your API endpoints
  • Testing: Aim for high test coverage and well-structured tests

Helpful Resources

Submission Guidelines

  • Fork and clone the repository
  • Implement all required features
  • Write comprehensive tests
  • Submit a pull request with your solution
  • Include a README with setup instructions and API documentation