#Challenge Overview

Below are a copy of the challange details from TopCoder’s Go Learning Challenge - Simple Web-API Server.

See the contest page for more info.

Welcome to the simple web API server challenge !

This is the first challenge of our second stage ‘Develop Backend Services with Golang’. The Goal of this challenge is to develop a simple web API server with Golang. The server provides an API to authenticate users.

This time we will evaluate your submission based on the scorecard. We totally recommend you to read the articles mentioned in ‘Final Submission Guidelines - Code Guidelines’ section. The person who gets the highest score wins. In case of a tie, the person to submit earlier wins.

If you have any questions, ask and get clarification in the forum.

#API Spec This API is to authenticate user for a domain by username and password via HTTP. The domain name is included as a part of the endpoint.

##Endpoint /api/2/domains/{domain name}/proxyauth

We use port 80 but we would like to use other ports such as 8080 for testing.

##Request ###Request Method POST

###Parameters

• username
• password

‘password’ parameter is encrypted with the following logic

‘{SHA256}’ + Base64 encoded SHA256 digest of the user’s password

Example

original password : abcd1234
password parameter : {SHA256}6c7nGrky_ehjM40Ivk3p3-OeoEm9r7NCzmWexUULaa4=

###ContentType application/x-www-form-urlencoded

###Sample Request parameters

domain name : topcoder.com
username : takumi
password : {SHA256}2QJwb00iyNaZbsEbjYHUTTLyvRwkJZTt8yrj4qHWBTU=
Original password is ‘ilovego’

Request to a server running on localhost with cURL curl --data "username=takumi&password={SHA256}2QJwb00iyNaZbsEbjYHUTTLyvRwkJZTt8yrj4qHWBTU=" http://localhost/api/2/domains/topcoder.com/proxyauth

##Response ###StatusCode Use 200 to indicate that the request is processed successfully. Even if we get some application errors such as ‘password unmatch’ or validation errors of parameters, status code should be 200. 404 is used when the domain name is not supported. 500 is used for system errors.

• 200 Successfully processed the request
• 404 No such domain
• 500 Server error

###Format Return JSON data for status code 200. In case of success.

{ 
        "access_granted": true
}

In case of authentication failure or validation errors. The ‘reason’ is always same.

{
        "access_granted": false, "reason": "denied by policy"
}

No data should be returned for status code 404 and 500.

###ContentType application/json

##Authentication Logic This time we use a json file attached (users.json) for data store.

When you receive a request to appirio.com domain with username ‘jun’ and password, you are supposed to find a record for jun under appirio.com domain in users.json. Encrypt jun’s password you get from the json file, then compare the encrypted password and the password received. If they are same, the authentication succeeds.

##Note No need to handle signals for this challenge

##Test Prepare your test script to cover the following cases.

Case1 Success
topcoder.com domain
StatusCode 200

Case2 Success
appirio.com domain
StatusCode 200

Case3 Failure
password unmatch
StatusCode 200

Case4 Failure
username not found
StatusCode 200

Case5 Failure
domain not found 
StatusCode 404

#Final Submission Guidelines

###Code Guidelines Follow the practices mentioned in the articles below.

• http://golang.org/doc/effective_go.html
• https://code.google.com/p/go-wiki/wiki/CodeReviewComments#Go_Code_Review_Comments We have one note specific to this challenge.

Use ‘lower_case_with_underscore’ name for package, file or directory. However, try to avoid underscores and prefer short names

#Submission Deliverables

##Source code

• Format your code with ‘gofmt’ command.
• Test script that covers the test cases
• Simple README to explain your deliverables

##External Libraries We believe this challenge is not so complicated that we can complete without any external libraries. But if you would like to use external libraries please follow the guidelines below.

• Do not use libraries developed with languages other than Golang
• Do not use GPL libraries and LGPL libraries
• MIT, Apache and BSD libraries are available
• Please mention about external libraries you used in your README