KIT214 Intelligent and Secure Web Development - Assignment 2: Web services for an online book-shopping website
Total: 25 Marks
Due: 19th Oct 2022
Problem:
Assignment 2
Note: If you have the expertise, you can build a proper HTML/CSS/JS interface, but it is not required. The output should be ideally tested with JMeter or POSTMAN, or curl.
This is an open-ended assignment; if the following functionalities are implemented, it is your choice how to implement them.
You have to establish web services for an online book-shopping website. You do not have to create a proper HTML/CSS/JS-based website for this.
Consider the WS Architecture with THREE sections (Market, Seller 1, and Seller 2):
RATING ( pur_id *, user_id F, book_id F, review, rating)
PURCHASE ( pur_id *, user_id F, book_id *, qantity, price, seller_ip, date)
USER ( user_id *, balance, password, address, token, token_date)
VM1
Book list WS
Search WS, Purchase WS, Post Rating WS, Recommend Book WS, Add Balance WS
VM1
You have created the following web services:
Books ( book_id *, book_name, stock_qty, price_of_book)
i. Book list web service: This web service will return an XML/JSON response of what books are available from a seller. Each IP address you have will represent a seller. So, the seller’s book list can be determined by:
https://<ipaddress>/seller/booklist.php
You decide what you want to sell and prepare the list (at least 5 books). The XML file should look like this:
<root>
<book><bookid>100</book>
<bookname>Very legal book</bookname> <price>5</price>
</book>
<book><bookid>120</book> <bookname>Something</bookname> <price>50</price>
</book> ...
</root>
OR in JSON:
[{
}, {
}
...
]
Create appropriate tables in your MySQL database and fill in your data. Then create the XML/JSON dynamically. Use appropriate content type.
Given an IP address, the book list is shown in the XML (or JSON) output in the web browser.
ii. Search for books WS: In this web service, you can pass a search parameter with any name, and if a book is found in any of the IP addresses, the details (book_id, name, price, seller_ip) are returned as an XML or JSON output in your web service. It should be sorted in ascending order concerning price. The seller_ip identifies a seller. An example of a URL for this WS:
/book/search/:name
Fix a set of IP addresses to search as you wish. You should not access the database directly with this WS; you must consume the book list WS with guzzle or curl or file_get_contents. You can use your own VMs to set up at least two book lists.
If the book is found in two separate seller lists, you must merge the lists. But the purchase in the next step happens in only one VM. You have to manually copy-paste details from the search into the purchase service.
If you feel more adventurous, ask other students for their IP addresses with the book list (you may need to see the format they are using), but this is not required.
Hint: You must check more than one Fixed IP address within the same web service.
iii. Authorization Token WS: This web service will generate a token that is time limited by 10s. The token will be generated for users if they give the correct password.
/user/getToken/:user_id/:password
"book_id" : 100,
"bookname": "Very legal book", "price": 5
"book_id" : 120, "bookname" : "Something", "price" : 50
The token is then used in the Purchase, Add balance and Ratings WS along with the user_id. If the token is not valid or expired, the Purchase, Add balance and Ratings will return a 401 error. A token signifies a session for a WS.
iv. Purchase a book WS: This web service will take the parameters user_id, token, book_id, seller_ip, and quantity. An example of a URL for this WS,
/book/purchase/:user_id/:token/:book_id/:seller_ip/:quantity_req/
It will reduce the user’s balance based on the price x quantity. The price and available quantity must be retrieved from the seller_ip’s book list from (i). The transaction will fail if there is an inadequate balance or available quantity. The output (purchase fail or successful purchase details) is returned in XML or JSON format, including the pur_id, if the purchase was successful. This adds a record to the purchase table, if successful.
You must create appropriate USER and PURCHASE tables for this.
v. Rating WS: This WS will take a review for a book from a user. The inputs are the pur_id, user_id, token, rating, review, and book_id. The data will be stored in a RATING table. One user can give only one Rating/Review for one book. If the purchase was not found in the PURCHASE table, then it returns an error.
/book/rating/:user_id/:token/:pur_id/:rating/:review/:book_id
vi. Recommend New Book WS: This web service will take a user_id and recommend a new book based on the purchase they have already made, and the rating provided by this user and other users for all the books. It may return an empty response if the user has read all the books. Otherwise, it will return an XML/JSON list of books in descending order of recommendation. The data will be taken from the RATING table.
/book/recommend/:user_id
vii.Add Balance: This web service adds funds to the balance. It takes an amount, user_id and token to add to the balance. If zero is added, the current value is returned. Otherwise, the new value is returned. The return format should be XML or JSON. The data will be taken from or put into the USER table.
/balance/add/:user_id/:token/:addbalance
You can choose your style of XML or JSON response. But it should have the minimum information according to what is mentioned above. You must choose appropriate response codes 400, 404, 401, 503, etc. Explain your decision in the comments and the 2-page report.
Database:
Create your own database(s). Ideally, you should have different databases for each section, i.e., 3 in total. But if you cannot do this, you can put all tables in the same database. BUT ... a Web Service should ONLY access data from its corresponding tables (and/or database) in its section.
Typical outcomes:
You can prefill your databases with the BOOKS tables. Also, create USER and PURCHASE tables and prefill them with any data. You may prefill the RATINGS table with some values, but typically this will be filled while testing.
In your video, you will have to demonstrate the following: o Purchase 10-15 books.
o Leave 10-15 reviews.
o Get 5 recommendations for 5 different users.
Use POSTMAN as below by creating an endpoint for all the functions in your API. An example is shown below.
You may use JMeter to do the same, set up your own HTML forms for this or use curl.
Submission:
All PHP codes, XML/JSON, text files, .htaccess files, and SQL files as a zip and a 2-page report on MyLO.
Submit a video of the operation and everything in the marking scheme below. Also, explain your code. The video length should be around 15 mins.
