author: Zoltán Domahidi
date: February 2, 2024
Spend a maximum of 3 hours on this assignment.
- Create an application that connects to a MongoDB database and performs CRUD (Create, Read, Update, and Delete) operations on a collection.
- Implement a concurrency mechanism that allows the application to handle a large number of concurrent requests.
- Implement a custom business logic that involves data encryption and decryption for sensitive fields in the collection.
- Use an Object-Document Mapping (ODM) framework (e.g. Mongoose) to handle the database operations.
- Create a REST API for the application.
- Add unit tests to test the main parts of the application.
- Use Git for version control and GitHub for code sharing.
- Create a detailed document that explains the architecture of the application, the technologies used, and the reasoning behind the design decisions made, especially the encryption and decryption mechanism.
- Create a Dockerfile to containerize the application, and a docker-compose.yml file that sets up the application and the MongoDB database.
- The application should be functional and correctly perform CRUD operations on the database.
- Proper use the selected technologies (MongoDB, ODM, REST API)
- Proper multi-threading mechanism.
- Proper use of encryption and decryption mechanism for sensitive data.
- Proper error handling.
- Proper use of Git and GitHub for version control.
- Clear and well-written documentation.
- Proper code formatting and commenting.
- The ability to explain the design decisions made during the development process, especially the encryption and decryption mechanism.
- Proper use of Docker and Docker-compose for containerization and testing.
Comments on my solution
Here I try to give some context about my solution to the CommIT Smart backend assignment described here https://github.com/commitsmart/career/tree/main/backend
After reading the requirements it was clear to me that I don't use some technologies so I have to spend some time reading the docs and that means I can't accomplish all the requirements within the given 3 maybe 4 hours. Probably only in that case if I would be the master of all these technologies but I still have some doubts. Anyways, because lack of time I was in hurry so usually this is not the style and code quality what I used to give when I write production code. I used to put more accent to the following points:
- readable code
- fine grained tests (in multiple unit and integration for both happy and negative paths)
- better structured code (I try to follow the Hexagonal Architecture pattern and keep the business logic as independent as possible from the code of the tooling, like handlers and ORMs)
- ports, DB connections and most of the configs should come from env vars or config files and should not be hardcoded
- put more accent to input validation and error handling
I haven't used MongoDB in the last couple of years and never touched it by using Go. So I picked the first tool what I could find by searching "golang mongo odm" which was this https://github.com/Kamva/mgm
I created a docker-compose.yaml for the database and my plan was to add mongo-express (on http://127.0.0.1:8081/) to browse the DB content. This worked until I had to set up a password for MongoDB because I had an error with mgm and I couldn't figure it out in a short time why mongo-express can't authenticate with the provided password.
The REST API server was generated by OpenAPI Codegen tool what I also haven't used for a while https://github.com/deepmap/oapi-codegen
The generated code is commited but in case you must regenerated them these were the steps:
go install github.com/deepmap/oapi-codegen/v2/cmd/oapi-codegen@v2.1.0
oapi-codegen -package generated -generate types openapi.yaml > users/generated/types.go
oapi-codegen -package generated -generate server openapi.yaml > users/generated/server.goThe endpoints are visible by opening the openapi.yaml but here are some curl commands what could be used for testing:
- create a user:
curl -X POST http://localhost:8000/api/v1/users -H 'Content-Type: application/json' -d '{"email":"test@test.com", "password":"pass","username":"test"}'- list users
curl http://localhost:8000/api/v1/users- get a single user by ID (e.g. 65bcebdba137730ad1cb3afe)
curl http://localhost:8000/api/v1/users/65bcebdba137730ad1cb3afe- delete a single user by ID (e.g. 65bce4f2d9ceaa191eec2f80)
curl -X DELETE -H 'Content-Type: application/json' http://localhost:8000/api/v1/users/65bce4f2d9ceaa191eec2f80I didn't had time to implement the update handler due to investigation of other problems. I was also struggling to figure out why the ODM does not delete my record even though the ID is parsed (I had some issues with this as well) and the ODM did not returned any error.
At the end I refused to investigate the problems in favor of writing some basic tests. I wanted to write at least one test to the scenario where we create -> get -> delete -> list the users. It's not a good practice to put all the things in one test but that's what I could do at the moment. The OpenAPI codegen tool generated an Echo server for me what is another tool what I just barely touched before. Because of this I had to learn about Echo testing what is more like integration testing. My plan was to mock at least the DB connection but I couldn't find anything in the documentation how to do this with mgm. I also checked a couple of tests in their GitHub repo.
So I made the test with the same DB connection what means the list request assertion will fail (this way how I made the test now) or I have to clean the DB every time before the test (I did this but I agree it's not a good approach). This test should pass now but it still fails because of the deletion issue already mentioned above.
At this time I also ignored the task to encrypt/decrypt the sensitive data (password in this case).
Another thing what I left out was the Proper multi-threading mechanism. point from the evaluation criteria. It was not clear to me what should be handled at this level. Concurrent requests are handled by the Echo framework and I don't use any state in the handler except mgm but I guess it's thread safe (at least it was not mentioned in the documentation that it's an issue). At this level also couldn't see anything to run in parallel within any handler methods.