Backend Task for Engineering Role

Thank you for showing an interest in joining iGnosis Tech.

Please read this document carefully. We've tried to be as specific as we could, but if you feel something is not clear in the task, feel free to raise a issue and someone from our team should reply ASAP.

As a part of the process, please create a server using Python (Ideally FastAPI). Below is a sample specification for the server.

You'll be implementing a basic authentication server.

---

1. Create an app with Python

The API should support the following

• User Signup
• Users Sign-In
• Allow user to access their own information

A user must have the following information:

• username
• password (Please hash the passwords, you may use MD5/SHA-2 etc)
• firstname
• lastname

Please do not use a database to store the User information, store it in a JSON file stored on the local file system. (No MongoDB, No MySQL, No Postgres, No Elasticsearch, No Sqlite) -- Plain old JSON.

Data Validation

Some data validations that should be taken care of

• username
  • can only contain lowercase English alphabets (no numbers and special characters) [example: ignosistech is allowed, iGnosisTech is not allowed, ignosistech1 is not allowed, ignosis_tech is not allowed]
  • it should be of at least 4 characters
• password
  • must contain at least 1 uppercase character
  • must contain at least 1 lowercase character
  • must contain at least 1 number
  • no special characters allowed
  • should be of at least 5 characters
• fname
  • First name
  • should only contain English alphabets [A-Z, a-z]
• lname
  • Last name
  • should only contain English alphabets [A-Z, a-z]

(Requests / Responses)

- POST /signup

• The request body should have username, fname, lname and password
• The body should be content-type application/json

{
  "username": "<username>",
  "password": "<password>",
  "fname": "<first_name>",
  "lname": "<last_name>"
}

On success, this should return with HTTP status code 201

{
  "result": true,
  "message": "SignUp success. Please proceed to Signin"
}

On failure, either due to empty body, field constraints or missing fields, please check the provided Postman collection.

- POST /signin

• The request body should have username and password
• The body should be application/json
• On successful login, you have to sign a JWT token with the username and firstname in the JWT payload.

{
    "username": "<username>",
    "password": "<password>"
}

On success, this should return with HTTP status code 200

{
    "result": true,
    "jwt": "<jwt_token>",
    "message": "Signin success"
}

On failure, either due to empty body, invalid credentials or missing fields, please check the provided Postman collection.

- GET /user/me

• Set the Authorization header equal to JWT token you received after POST /signin

On success, this should return with HTTP status code 200

{
    "result": true,
    "data": {
        "fname": "<first_name>",
        "lname": "<last_name>",
        "password": "<hashed_password>" // bad practice, doing it just for the task
    }
}

On failure, in case of missing token, it should return with HTTP status code 400

{
    "result": false,
    "error": "Please provide a JWT token"
}

On failure, in case of bad token, it should return with HTTP status code 400

{
    "result": false,
    "error": "JWT Verification Failed"
}

2. Testing your server -- Option A

Install newman (We'll use this for API testing)

npm install -g newman

You may have to use sudo while installing newman (if using Linux or Mac).

Once it's installed, run the following command to run the test cases against your server

newman run --env-var baseUrl="<YOUR_SERVER_URL>" --env-var username="<SOME_VALID_USERNAME>" https://raw.githubusercontent.com/UXGorilla/hiring-backend/main/collection.json

2. Testing your server -- Option B

You will need to Download Postman to test your server.

Your code will be evaluated against a postman collection which you can download here.

The postman collection consists of the tests already written for you. You just have to run all the cases against your application and see if they all pass (green ticks).

You will have to set a few variable names in the Postman collection to run the test cases effectively. (Here is a video to help understand Postman variables better) -- Video may be little dated, please feel free to find a new one if needed.

The collection also defines some variables.

1. baseUrl - Set this to the URL of your Express server. IMPORTANT
2. accessToken - On SignIn success, this variable is set to the received JWT token
3. username - You can put in your username here
4. password - You can put in your password here
5. fname - You can put in your firstname here
6. lname - You can put in your lastname here

To run all the test cases, click on the "Run" button.

If all of your testcase passes (against your sever!), you can proceed to deploy your application

3. Create script to help us test

Create a script called test.sh (Linux/Mac/WSL), test.bat (Windows) or test.ps1 (Windows). Bonus point for sh script. Anyway, the script should:

1. Start your server
2. Run newman tests against your server and print the output from newman on console

Before running test.sh, we wil ensure that we have requirement.txt and newman installed -- so no need to test for those.

4. Deploy it

If all of the test case pass, you have to deploy your server on any provider of your choice Railway, Vercel, Leapcell, Render.

---

5. Submit your task

Please submit it on the link you've received over email -- Your url will be manually reviewed and someone from our team will get back.