[2022] COMPSCI 335 - Functional Programming and Distributed Services: Auction Server API
We want to develop some APIs to support of the operations of an auction site. A template project has been created for you. You can download the template project here. Your programs MUST run on .NET 6.
Important Note:
This quiz will be marked using a program. Therefore, please follow the instructions below carefully.
You MUST use the template project and the files in the project.
You MUST NOT change the name of any file/folder or move any file to a different folder. You can change the contents of the files.
You MUST NOT create any other file/folder apart from the Migrations folder.
Your data must be stored in “QuizDatabase.sqlite”.
You MUST submit the files as indicated in section “Submission”.
You MUST use the marking program to make sure that your program works with the marking program BEFORE submission. The details on how to use the marking program is given in section “Checking Your Submission”.
The prefix of the URLs of your endpoints MUST be https://localhost:8080/api (https://localhost:8080/api .)
You MUST NOT use any absolute path, e.g., C:\Users\jbon007\335, in your code as the path on marker’s machine would be different from your machine.
Apart from the standard C# packages and the three packages for Entity Framework discussed in our lectures, you MUST NOT use any other packets.
YOU WILL NOT GET ANY MARK IF YOUR PROGRAMS DO NOT WORK WITH THE MARKING PROGRAM. So, please check your submission using the marking program.
Database
The database in this quiz has three tables, i.e., Admins, Users and Items.
Table Admins records the information of the administrators of the auction site. The table has two columns, i.e., UserName, and Password, both of which are of type string. UserName is the key of the table.
Table Users records the information of the users who are registered with the auction site. The table has two columns, i.e., UserName, and Password, both of which are of type string. UserName is the key of the table.
Table Items stores the information of the items that are auctioned at the site. The table has seven columns as described below.
- Id: This is the Id assigned to an item in the table. Id is the key of the table. The value of Id is given by the DB automatically when the record of an item is inserted into the table. The data type of this field is int.
- Owner: This is the name of the owner who sells the item. The name should be the UserName of the owner in table Users. The data type of this field is string.
- Title: This is the name of the item. The data type of this field is string.
- Description: It is the description of the item. The data type of this field is string.
- StartBid: It is the starting bid price. The data type of this field is float in C#.
- CurrentBid: It is the current bid price. The data type of this field is float in C#.
- State: It indicates whether the auction is still active. It has two possible values, i.e., active and
closed. The data type of this field is string.
Endpoint 1: USER REGISTRATION (3 marks)
This endpoint registers a new user. The information of a registered user should be stored in DB table Users. A new user’s UserName should not be the same as any UserName that are already in DB table Users or Admins.
It should be implemented using the POST method.
Depending on the information sent in by the user, the server should generate the response below. The message must be exactly the same as below (the quotation mark is not part of the message).
"User successfully registered." : The new user’s UserName has not been used by other registered users.
"Username not available." : The new user’s UserName has been used by other registered users or administrators.
Name this API as Register
Endpoint 2: LIST AUCTION ITEMS (1 mark)
This endpoint returns a list of items that are available for auction. This endpoint should only show the items whose State value is active in the Items table.
The returned items should be sorted in ascending order according to their StartBid value. If two items have the same StartBid value, they should be sorted in ascending order according to their Id.
The information of each item should be in JSON format. The names of the keys in a JSON object should be the same as their corresponding columns in DB table Items. Each JSON object is an object of class Item defined in file Item.cs.
Name this API as ListItems.
Endpoint 3: GET THE PHOTO OF AN ITEM (2.5 marks)
This endpoint returns the photo of an item with a given Id.
The photos of the items are stored in the Photos folder under the project folder. It should be assumed that a photo is of type png, jpeg or gif.
If the photo cannot be found, the API should return file “logo.pdf”.
Name this API as GetItemPhoto.
Note: The “Content-Type” header in the response must match the type of the returned image/file.
Endpoint 4: GET AN ITEM (2 marks)
This endpoint returns the information of an item with a given Id.
The response is a JSON object containing the information of the item in DB table Items. The names of the keys in a JSON object should be the same as their corresponding columns in DB table Items. Each JSON object is an object of class Item defined in file Item.cs.
Name this API GetItem.
Note: If the specified item cannot be found, the response status code should be set to 204, i.e., the response body contains no object.
Endpoint 5: ADD A NEW AUCTION ITEM (4.5 marks)
This endpoint allows a registered user to add a new auction item. A registered user is a user whose information has been stored in DB table Users.
When calling this API, the user needs to provide the title, the description and the starting bid price of the item. The information should be sent to the server as an JSON object. The JSON object should correspond to class ItemInput defined in file ItemInput.cs.
If the title or the description are not provided, the server should respond with status code 400 (i.e., Bad Request).
If the starting bid price is not given while the title and the description are provided, the server should set the starting bid price to 0 and record the item in DB table Items.
If the item is inserted into the DB table, the State of the item should be set to active.
The response is a JSON object containing the information of the item in DB table Items. The names of the keys in the JSON object should be the same as their corresponding columns in DB table Items. The JSON object is an object of class Item defined in file Item.cs.
Endpoint 6: LIST AUCTION ITEMS FOR ADMINISTRATOR (1.5 marks)
This endpoint returns a list of ALL the items in DB table Items.
The information of each item should be in JSON format. The names of the keys in a JSON object should be the same as their corresponding columns in DB table Items. Each JSON object is an object of class Item defined in file Item.cs.
The returned items should be sorted in ascending order according to their Ids.
This endpoint can only be accessed by the administrators of the auction site. That is, authentication is carried out when this endpoint is called. The authentication method is Basic Authentication.
Name this API ListItemsAdmin.
Note 1: For a user with no credential or with invalid credential (i.e., the user does not provide UserName and Password or the UserName and Password pair do not match), the response header “www-authenticate” should be set.
Note 2: For a user who is not an administrator but with a valid credential (i.e., the user is a registered user in DB table Users), the response status code should be set to 403.
Note 3: In the Admins DB table of the example program, there is one record with UserName and Password both set to "admin".
Endpoint 7 CLOSE AN AUCTION (3.5 marks)
This endpoint allows a registered user or an administrator to close the auction of an item.
When calling this API, the user/administrator needs to specify the Id of the item that they want to close auction.
A user can only close the auction of their own item. An administrator can close the auction of any item.
When the auction of an item is closed, the State of the item in the Items table should be set to closed.
This endpoint can only be accessed by registered users or administrators. That is, authentication is carried out when this endpoint is called. The authentication method is Basic Authentication. Depending on the request sent in by the user/administrator, the following responses are generated by the server. The response is returned as a string. The response must be exactly as shown below (the quotation mark is not part of the message).
Endpoint 8 UPLOAD THE PHOTO OF AN ITEM (2 marks)
This endpoint allows a registered user to upload the photo of an auction item. A registered user is a user who exists in the Users table of the DB.
The photo must be an item that is already in the Items table of the DB.
A user can only upload their own item.
This endpoint can only be accessed by registered users. That is, authentication is carried out when this endpoint is called. The authentication method is Basic Authentication.
The uploaded file must be stored in folder Photos in the template project.
The file name of the uploaded file consists of two components, i.e., ID and a suffix. The ID is the Id of the item and the suffix indicates the type of the image. For example, the image of a product with Id number 123 could be named as 123.png/123.jpeg/123.gif. It should be assumed that the image is of type png, jpeg or gif.
Depending on the data sent in by the user, the server should generate the response below. The message must be exactly the same as below (the quotation mark is not part of the message).
“You do not own the item.”: The user does not own the item whose image is being uploaded or the item does not exist in the Items table of the DB.
“Image uploaded successfully.”: The uploaded image has been stored in the Photos folder.
Name this API UploadImage
Hint: The signature of the method should be as below:
public ActionResult<string> UploadImage(IFormFile file)
