This is a skeleton of Spring Boot application which should be used as a start point to create a working one. The goal of this task is to create simple REST API which allows users to manage TODOs. The API should allow to create/delete/update TODOs and categories as well as search for user, name, description, deadline and category in any combination. For example find all todos for an user X where deadline is today and name contains test. The API should also implement basic authorization/authentication: User X cannot access TODOs of user Y as long as he doesn't have admin role.
You are free to use any library or testing framework in the project.
Below you may find a proposition of the DB model:
Once you are ready, please send me link to your git repository which contains complete solution
This todo-app API implements CRUD operations on Todos, Categories and Users as described by the swagger file.
Once the application is running, swagger is accessible at path /swagger-ui/index.html
( Default should be http://localhost:8080/swagger-ui/index.html )
The service was developed contract-first, meaning the swagger mentioned above is used for input model class generation, forcing it that way to be up to date with exposed swagger.
I followed the architecture : Controller - Service - Repository - Database
Database was left as initially suggested in an h2 file database ignored from VCS, provisioning scripts can be found in test resources
- Copy
src/main/resources/application-local.example.ymltosrc/main/resources/application-local.ymland replace secrets - Windows :
.\gradlew.bat clean build - Linux :
./gradle clean build - Run the application with local spring profile :
java -jar -Dspring.profiles.active=local build/libs/tobo-1.0.0-SNAPSHOT.jar
Pushes on main branch trigger a Github workflow which builds and test app and send sonarqube report and Jacoco repôrt to sonarcloud. A docker container is built and pushed to tdonnenfeld/todo-app on docker.io container registry.
Report available Sonarcloud
Application is deployed here
- For the sake of simplicity users are authenticated with Basic Auth on this application.
- Timezones are not handled
- CSRF checks are Disabled
- Can only create users with role USER ( no admins )
- Update endpoints are using replace pattern, not json-patch
- Endpoints might deliver too much information to users
- Gradle management of java modules : cleanly adding generated sources
- Conflict of slf4j implementation :
org.openapitools:openapi-generatortransitively importedslf4j.simplewhich implements SLF4JServiceProvider and collided with default spring-boot-starter-logging SLF4JServiceProvider - Cascading of deletions ( remove todos categoryId FK when category is deleted )
- 1.1.0: Major bug fix on delete category
- 1.0.1: Minor swagger fixes and added CI/CD
- 1.0.0: First draft of working and tested application
- De-couple basic auth from integration tests
- Switch application authentication to OAuth
- Security on categories ? Any user can currently delete any category
I thought the exercise was enjoyable as it is simple but yet forces you to demonstrate global understanding, project is small enough for you to take time to code not too much in a hurry and it is also nice to work on every layer starting from a greenfield project. I also had a bit of fun deploying it :)
. I hope this project suits your expectations !