In this lab, you will creating an API that will be used by another application. Because this API is used by another application, is important that you create it exactly according to the specification that the consuming app is expecting. In this case, you will be building a “backend” to a privacy-focused note management web application. You can access the application by going to https://spy-notes.rk0.xyz/. The way this web application works is that there is some code that runs on the browser (the “frontend”) and code that runs on a server (the “backend”). That frontend code will be in charge of presenting information to the user, as well as handling animations, input validations, and some other UI responsibilities. The backend code is often responsible for things like centralized data storage and authentication. Intuitively, having data stored in a central location is what lets you log into an app on your phone, create some content, and then be able to log in with a totally different computer and continue working.
In this lab, you will be writing the backend data-storage code for the note-taking web application mentioned above. Unlike most web applications, the frontend lets the user provide a URL for the backend server they want handling their request. When your assignment is done, you should be able to plug in your own server’s URL, and have the app work exactly as it did with the default built-in backend.
When this project is done, you will have written a new working backend, in a different language than I used to write the original backend, with different data-storage technology and no specific knowledge of how my app is coded.
Part 1: The REST API
There are a number of features in the web application that rely on a backend server. Each of those features is associated with a REST-ish endpoint. The endpoints are listed below.
Note: Browsers have a security mechanism that by default prevents requests to servers at URLs other than the domain your are currently browsing unless the server allows it explicitly. This prevents a site like www.evil.com from making unsafe requests to www.yourbank.com. To opt out of this protection for a specific API, annotate your RestController classes with @CrossOrigin (or follow another config pattern here: https://spring.io/blog/2015/06/08/cors-support-in-spring-framework)
Create a User
Users are able to register for the secure-notes site. When they do, they will be given a long random string that they need to keep safe. It will act as their anonymized username and password. The string is a UUID. When a user clicks the button to register themselves a user, the browser will make a request to the server and the server will generate one of those UUIDs. You should store that key and the date the key was created. There is a built-in way to generate UUIDs in Java. Check out an article for how to use that here
This endpoint should return a list of all users in a JSON array. The response should include their IDs and a timestamp for when they were created. A real privacy-focused app either wouldn’t have this endpoint. In this case, it’ll be helpful for debugging though.
Fetch User QR Code
Each user’s UUID can be encoded as a QR code. The job of this request handler is to return a QR code image that represents that UUID. In this case, the browser will pass the UUID for a user in the request. ZXing is a good potential library for generating QR codes. The documentation is not the best IMO but this article gives a pretty complete descriiption of how to make a Spring Server respond to a request with a QR code.
Note: There are different formats of QR code and different image that can scan. As long as it shows something in the browser and it’s scannable by a reasonable app / tool, I don’t care what format you choose.
Create a Note:
Users should have the ability to create notes through your API that will be associated with their particular user. Each note has a title and some content as well as a UUID and a creation date. The UUID will be unique for each note and separate from the UUID of the user.
“title”: “Note title”,
“content”: “This is the body of my note”
“title”: “Note title”,
“content”: “This is the body of my note”,
This API return the list of all notes for a specific user. The web application will call this when it wants to load or refresh the list of notes. It might happen more often than you would think.
A JSON Array of all the note objects for that particular user, in the format specified for the previous request
This API deletes a specific note for a specific user
The JSON form of the note that was just deleted
Part 2: Storage
All of the notes and users in this API should be stored in DynamoDB. You should use one table for notes and one table for users. The requests to fetch and create users should all correspond to appropriate Dynamo queries to fetch and insert data. Please set up your Dynamo tables so that all queries that return multiple items (users or notes) use a Query against an index.
Note that QR codes don’t need to be stored anywhere. It is possible to generate them on the fly when users make requests so you should not need to upload them to S3 or something. If you want to do that though, that is fine.
Part 3: Hosting
Like the past few assignments, this project should be hosted on at least one EC2 instance on AWS. You should use an IAM role to make sure that EC2 instance is able to make requests to your DynamoDB tables (and any other infrastructure you may create). Remember when running your server to use nohup or something similar to make sure the app stays running when you are not connected to your EC2
To test your server, please navigate to https://spy-notes.rk0.xyz and use the input box in the bottom right of the UI to paste in the URL for your server. In development, you will all just be pasting in http://localhost:8080 when your server is running. If your server is working, you should be able to use the site properly. If your server is not working and you want to try using the app with my pre-made backend server again, you can blank out this input field or reset the server back to the original value of https://spy-notes-api.rk0.xyz
It might also help to use Postman to test your requests and responses outside of all the other stuff going on in the browser