- Overview
- Project Structure
- API Endpoints
- API Documentation
- Testing
- Grading Criteria
- Getting Started
- Contact & Support
- Contributors
Welcome to the V.A.S.T. Coding Hackathon hosted by the Academic Association of Mathematics & Computer Science of University of Isfahan (A.M.C.S.U.I.) ! ๐
In this exciting challenge, teams of up to 4 participants will design, develop, and deploy a robust API using any programming language or framework of their choice. ๐ป
- Create a secure ๐ and efficient โก API
- Implement proper authentication
- Handle rate limiting and security measures
- Dockerize the application ๐ณ
- Pass all provided test cases ๐งช
Your API's logic and performance will be evaluated based on:
- Test case pass rate
- Code quality and organization
- Security implementation
- Error handling
- Documentation quality
vast-game/
โโโ src/ # Source code
โโโ test/ # Test cases
โโโ runner.sh # Test runner script
โโโ setup.sh # Setup script
| Endpoint | Method | Description | Auth Required | Rate Limit |
|---|---|---|---|---|
/login |
POST | User authentication | โ | 4/min |
/register |
POST | New user registration | โ | 4/min |
/logout |
POST | User logout | โ | 4/min |
/protected |
GET | Protected resource | โ | 4/min |
/forget-password |
POST | Password recovery | โ | 4/min |
/profile |
GET | User profile | โ | 4/min |
- Register a new user
- Login to get JWT token
- Use token for protected routes
- Logout to invalidate token
POST /loginHeaders
Content-Type: application/jsonBody
{
"email": "user@example.com",
"password": "StrongPass123!"
}Parameters
| Name | Type | In | Description |
|---|---|---|---|
| string | body | User's email address | |
| password | string | body | User's password |
Responses
| Code | Description | Response Body Example |
|---|---|---|
| 200 | Success | {"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...", "message": "Login successful"} |
| 400 | Bad Request | {"error": "Invalid email format"} |
| 401 | Unauthorized | {"error": "Invalid credentials"} |
| 429 | Too Many Requests | {"error": "Rate limit exceeded"} |
Test Requirements:
- Email validation (must be valid email format)
- Password validation (min 8 characters, special chars, numbers, uppercase)
- Email existence check
- Password correctness verification
- Rate limit: 4 requests per minute
POST /registerHeaders
Content-Type: application/jsonBody
{
"email": "user@example.com",
"password": "StrongPass123!"
}Parameters
| Name | Type | In | Description |
|---|---|---|---|
| string | body | User's email address | |
| password | string | body | User's password |
Responses
| Code | Description | Response Body Example |
|---|---|---|
| 201 | Created | {"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...", "message": "Registration successful"} |
| 400 | Bad Request | {"error": "Invalid email format"} |
| 409 | Conflict | {"error": "Email already exists"} |
Test Requirements:
- Email validation (must be valid email format)
- Password validation (min 8 characters, special chars, numbers, uppercase)
- Email uniqueness check
- Rate limit: 4 requests per minute
POST /logoutHeaders
Authorization: Bearer <token>Responses
| Code | Description | Response Body Example |
|---|---|---|
| 200 | Success | {"message": "Logged out successfully"} |
| 401 | Unauthorized | {"error": "Invalid token"} |
Test Requirements:
- Token validation
- Token invalidation after logout
- Rate limit: 4 requests per minute
GET /protectedHeaders
Authorization: Bearer <token>Responses
| Code | Description | Response Body Example |
|---|---|---|
| 200 | Success | {"message": "This is a protected route", "data": {}} |
| 401 | Unauthorized | {"error": "Invalid token"} |
Test Requirements:
- Token validation
- Token expiration handling
- Rate limit: 4 requests per minute
GET /profileHeaders
Authorization: Bearer <token>Responses
| Code | Description | Response Body Example |
|---|---|---|
| 200 | Success | {"email": "user@example.com", "profile": {}} |
| 401 | Unauthorized | {"error": "Invalid token"} |
Test Requirements:
- Token validation
- User data retrieval
- Rate limit: 4 requests per minute
POST /forget-passwordHeaders
Content-Type: application/jsonBody
{
"email": "user@example.com"
}Parameters
| Name | Type | In | Description |
|---|---|---|---|
| string | body | User's email address |
Responses
| Code | Description | Response Body Example |
|---|---|---|
| 200 | Success | {"message": "Password reset email sent"} |
| 400 | Bad Request | {"error": "Invalid email format"} |
| 429 | Too Many Requests | {"error": "Rate limit exceeded"} |
Test Requirements:
- Email validation (must be valid email format)
- Email existence check
- Rate limit: 4 requests per minute
- Should not reveal if email exists in the system
- Should send password reset email if email exists
- Download NodeJs
- Clone the repository
cd test
- Install dependencies:
npm install
- Run the tests:
npm test
-
Authentication Tests (100 points)
- Registration Tests (25 points)
- Login Tests (25 points)
- Protected Route Tests (15 points)
- Logout Tests (15 points)
- Password Reset Tests (20 points)
-
Security Tests
- Rate limiting
- Token validation
- Password strength
- Input validation
{
"test_user": {
"email": "test@example.com",
"password": "Test123!@#"
},
"test_tokens": {
"valid": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"expired": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"invalid": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
}- Authentication (100 points)
- Registration: 25 points
- Login: 25 points
- Protected Routes: 15 points
- Logout: 15 points
- Password Reset: 20 points
- Test case pass rate
- Code quality and organization
- Security implementation
- Error handling
- Documentation quality
- API design and structure
First, ensure you have the necessary tools installed:
- Node.js (v14 or higher)
- Docker (for containerization)
- Git (for version control)
- A code editor (we recommend VS Code)
Then run the setup script:
./setup.shTo verify your environment is working correctly:
./runner.shSelect your preferred programming language and framework. Here are some recommended options:
- Node.js/Express: Express.js Documentation
- Python/FastAPI: FastAPI Documentation
- Go/Gin: Gin Web Framework
- Java/Spring: Spring Boot
-
API Implementation
- Implement all required endpoints as specified in the API Documentation
- Follow RESTful API best practices
- Use proper HTTP status codes
- Implement comprehensive error handling
-
Security Measures ๐
- Implement JWT authentication
- Add rate limiting (4 requests/minute)
- Use secure password hashing (e.g., bcrypt)
- Implement input validation
- Add CORS protection
- Use environment variables for sensitive data
-
Testing Your Implementation
- Write unit tests for your endpoints
- Test edge cases and error scenarios
- Verify rate limiting functionality
- Test authentication flow
- Run the provided test suite
-
Create Dockerfile Create a
Dockerfilein yoursrcdirectory:# Example for Node.js application FROM node:18-alpine WORKDIR /app COPY package*.json ./ RUN npm install COPY . . EXPOSE 8000 CMD ["npm", "start"]
-
Docker Requirements
- Your service must be self-contained (no external dependencies)
- No database or external service dependencies
- Must run on port 8000 inside the container
- Environment variables should be handled within the container
- Use multi-stage builds for smaller image size
-
Building and Running
# Build the Docker image docker build -t vast-api src/ # Run the container docker run -p 8000:8000 vast-api
-
Best Practices
- Use
.dockerignoreto exclude unnecessary files - Implement health checks
- Use non-root user in container
- Optimize layer caching
- Keep images small and secure
- Use
- All endpoints implemented and tested
- Rate limiting configured (4 requests/minute)
- Authentication working correctly
- Error handling implemented
- Dockerfile created and tested
- Container runs without external dependencies
- Service accessible on port 8000
- All tests passing
- Docker Documentation
- Docker Best Practices
- JWT Authentication Guide
- Rate Limiting Patterns
- API Security Best Practices
- ๐ง Email: amcsui.ir@gmail.com
- ๐ฌ Support: @AMCSSup
- ๐ฌ Event Group: @VAST_event
- ๐ฌ Telegram: @AMCSUI
- ๐ Wiki: wiki.amcsui.ir
|
|
