We are in the midst of building a mobile application that will let restaurant patrons rate the restaurant in which they are eating. As part of the build, we need to develop a web API that will accept and store the ratings and other sundry data from a publicly accessible interface.
For this project, we would like you to build this API. Feel free to add your own twists and ideas to what type of data we should collect and return, but at a minimum your API should be able to:
- Get a list of restaurants by city
- Post a restaurant that is not in the database
- Post a review for a restaurant
- Get of a list of reviews by user
- Delete a review
Please use whatever techniques you feel are applicable to solve the problem. We suggest that you approach this exercise as if this code was part of a larger system. The end result should be representative of your abilities and style. We prefer that you submit your solution in a language targeting the .NET Framework to help us better evaluate your code.
Please fork this repository. If your solution involves code auto generated by a development tool, please commit it separately from your own work. When you have completed your solution, please issue a pull request to notify us that you are ready.
Have fun.
My solution: Based on recommendation above I implemented the exercise using .NET Web API 2 and Sql Server Express. Items of note: • The majority of the Api is secured and requires an authorization header with a bearer token to access the action methods. Normally this would be JWT or other bearer token auth mechanism which supports claims, encryption of the claims, and signature verification. For simplicity, there is no encryption, there is no signature, the token is the user id, and there are no claims beyond the identity of the user. To use the Api, you will first have to create a user POST: api/User Every other endpoint will require a header “Authorization: Bearer [userid]”, which will establish a generic principal for that user id. Actions, such a creating a review, use the identity to persist the user who created, and deleting a review uses it to restrict the ability to delete to the author • I’ve enabled the Web Api Help pages, and installed a Web Api Test Client so Api calls can be made from the help pages. • Logging is not implemented, although there is an ExceptionLogger scaffold in place to send logs to an accumulator • Limited exception handling is in place to demonstrate my preferred approach via ExceptionFilters. An actual production app would need handling for many more types. • Validation is in place via data annotations. I didn’t identify any validations that were necessary beyond its abilities. • FilterAttribute and DbFilter are in place to demonstrate a way filtering could be done on any column as specified by the client in a manner that protects against sql injection. It uses reflection to construct a parameterized where clause. • Stored Procedures – normally I would incorporate stored procedures into an application for more complex operations, but due to the simple nature of this app, the Sql statements required were almost trivial in nature, and I opted to use inline sql for all operations.
To Run the solution
- run the Setup.ps1 PowerShell script to create the schema (requires SQL Server or SQL Express with Integrated Security enabled) Warning re-running this script destroys the database and creates a clean instance with no data *If the server is different than local, you will need to modify config.json and change the 'dbServer' value *If Integrated Security is not enabled you will need to modify the connection string at the top of Setup.ps1 *If all else fails, the RestaurantReviews database can be created manually in SSMS, and create scripts (located under scripts\table) can be opened and run in SMSS
- Compile the solution in Visual Studio
- Modify the connection string in RestaurantReviews.Web.Api project's Web.config if necessary
To Run Tests
- run the SetupCI.ps1 PowerShell script to create the schema (requires SQL Server or SQL Express with Integrated Security enabled) Warning re-running this script destroys the CI database and creates a clean instance with no data *If the server is different than local, you will need to modify config.json and change the 'dbServer' value *If Integrated Security is not enabled you will need to modify the connection string at the top of Setup.ps1 *If all else fails, i.e. powershell incompatability or other dependency issue, the RestaurantReviews database can be created manually in SSMS, and create scripts (located under scripts\table) can be opened and run in SMSS
- Compile the solution in Visual Studio
- Modify the connection string in RestaurantReviews.Data.IntegrationTests project's App.config if necessary