This project was created for the technical test at DTGO. It is not for commercial purposes.
This project is divided into 2 parts:
- client-side web application (app)
- server-side API (api)
The web application techstack includes Vite, React, TailwindCSS. The server side techstack includes Node.js, Express.js, JWT, Bcrypt.
Below is the instructions and requirements to get this project running. This project was developed and tested on MacOS Ventura 13.15.1 operating on an Apple Silicon only. You may need to tweak the setup process based on your current system environment.
SQLite
was chosen as the database option for this project for its portability and setup convenience. If you prefer other databases, you may need to edit database schema promptly (The file is located at db/schema.sql
).
This project assumes that you already have yarn
package manager already installed. If you need to install it, please follow the instruction on their website: Yarn.
This project includes the .env files to store app secrets on the environment level, however, in the typical production environment, they should not be commited to the git repository for security reasons. App secrets should be securely stored in the environment variables for instance.
- MacOS (Ventura 13.15.1) (Apple Silicon)
- Homebrew
- Node (v16.14.2)
- Yarn
- ZSH (optional)
- NVM (optional)
This instructions manual assume you have the basic knowledge on operating the terminal. This project was developed and tested using ZSH Unix shell only.
- Install
sqlite
usingHomebrew
using the following command inside the terminal:
arch --x86_64 homebrew install sqlite
- Install dependencies for the API.
cd api/
yarn
- Install dependencies for the web application
cd app/
yarn
- Start the API server
cd api/
yarn start
- Build and start the web application
cd app/
yarn build
yarn preview
or run it in development mode
yarn dev
For easier API testing, I have provided the POSTMAN JSON collection that can be imported directly into POSTMAN. Inside the collection, you will find the API requests ready to be used. Please find the POSTMAN JSON collection here.
- Authentication for API endpoints uses JWT (JSON Web Tokens).
- To authenticate, clients need to include the JWT token in the Authorization header of their requests.
- Example header for an authenticated request:
Authorization: <JWT-Token>
Endpoint | Description |
---|---|
POST /users/register | Register a new user. |
Request Body | |
- username (string) |
The username for the new user. |
- password (string) |
The user's password. |
- rePassword (string) |
Confirm the user's password. |
Response | |
- 201 Created | User registration successful. |
- 400 Bad Request | Invalid request data (e.g., username already exists, passwords don't match, weak password). |
- 500 Internal Server Error | Server error. |
Endpoint | Description |
---|---|
POST /users/login | Authenticate a user and return a JWT token. |
Request Body | |
- username (string) |
The username of the user. |
- password (string) |
The user's password. |
Response | |
- 200 OK | Login successful. Returns a JWT token in the response. |
- 401 Unauthorized | Incorrect password. |
- 404 Not Found | User not found. |
- 500 Internal Server Error | Server error. |
Endpoint | Description |
---|---|
GET /wallet/balance | Retrieve the wallet balance of the authenticated user. |
Authentication | Required (JWT token in the Authorization header). |
Response | |
- 200 OK | Successful. Returns the wallet balance. |
- 404 Not Found | User not found. |
- 500 Internal Server Error | Server error. |
Endpoint | Description |
---|---|
POST /wallet/top-up | Top-up the wallet balance of the authenticated user. |
Authentication | Required (JWT token in the Authorization header). |
Request Body | |
- amount (number) |
The amount to top up. |
Response | |
- 200 OK | Top-up successful. Returns the updated wallet balance. |
- 400 Bad Request | Invalid request data (e.g., invalid amount). |
- 404 Not Found | User not found. |
- 500 Internal Server Error | Server error. |
Endpoint | Description |
---|---|
POST /wallet/pay | Make a payment from the authenticated user's wallet to another user. |
Authentication | Required (JWT token in the Authorization header). |
Request Body | |
- recipient_username (string) |
The username of the recipient. |
- amount (number) |
The amount to pay. |
Response | |
- 200 OK | Payment successful. Returns the updated sender's wallet balance. |
- 400 Bad Request | Invalid request data (e.g., invalid amount, insufficient balance). |
- 404 Not Found | User not found (sender or recipient). |
- 500 Internal Server Error | Server error. |
Endpoint | Description |
---|---|
GET /wallet/history | Retrieve the transaction history of the authenticated user. |
Authentication | Required (JWT token in the Authorization header). |
Response | |
- 200 OK | Successful. Returns the transaction history for the user. |
- 404 Not Found | User not found. |
- 500 Internal Server Error | Server error. |
Endpoint | Description |
---|---|
POST /wallet/void | Void a pending transaction of the authenticated user. |
Authentication | Required (JWT token in the Authorization header). |
Request Body | |
- transaction_id (string) |
The ID of the transaction to void. |
Response | |
- 200 OK | Transaction voided successfully. |
- 400 Bad Request | Invalid request (e.g., transaction is not pending). |
- 403 Forbidden | Unauthorized to void this transaction. |
- 404 Not Found | User or transaction not found. |
- 500 Internal Server Error | Server error. |
For sending sensitive data in API, we'll use HTTPS (TLS/SSL) encryption. This ensures that data sent between the client and server is encrypted and cannot be intercepted by malicious actors.
Encryption Mechanism:
- Client-Side: The client starts a request to the server.
- TLS Handshake: The client and server establish a secure connection using a TLS handshake.
- Data Encryption: Sensitive data (like passwords or transaction details) is encrypted using the established secure connection.
- Server-Side: The server receives and decrypts the data, processes the request, and sends an encrypted response back.
- Client-Side: The client decrypts the received response.
Pavaruth Pengcharoen (Poom)
Senior Software Developer
Tel: +66 93 124 2007
Email: [email protected]