HW10: REST Backend due Tue 02 Apr 13:20
Allowed and Disallowed Resources
In completing this assignment you MAY use/access the following resources:- The JavaScript Command Sheets handed out in Web 1 (and also available here: https://josephus.hsutx.edu/classes/all/javascriptcommandsheets/.
- Examples and sample code found here: https://josephus.hsutx.edu/classes/w2/source/.
- The VSCode editor with appropriate syntax highlighting and formatting plugins. You may not use any plugins that generate code, however.
- Video instructions provided in Canvas as part of this course. You MAY NOT USE any other video resources.
- The course notes that accompany the video instructions which can be found here: https://docs.google.com/presentation/d/113px2eo6b2rltW0cKty7782GpEFIYA4WyFlhE6ye5G4/edit?pli=1#slide=id.p
- The official JavaScript Documentation found here: https://developer.mozilla.org/en-US/docs/Web/JavaScript.
- The official PHP Documentation found here: https://www.php.net/docs.php
- The official jQuery Documentation found here: https://api.jquery.com/
- Any handouts provided by the instructor as part of this course.
- Your own course notes
- Your instructor
- Discussions about the assignment with other students as long as you never look at the code produced by another student and you never receive instructions about solving the homework. That is, discussions need to be about concepts and understanding the technologies and not about how to solve the particular problem posed in this assignment.
You may NOT use/access:
- Resources not expressly listed above, including, but not limited to, the following ...
- Source code not provided as part of this assignment. (Obviously, this includes, but is not limited to, source code written by other students whether current or in the past).
- Code-generating tools (of which ChatGPT is one example).
- Any web sites not directly linked to from the homework assignment.
Failure to abide by these guidelines will result in a zero for the assignment and the incident will be reported to the university provost as a violation of the university academic integrity policy. A second incident of academic dishonesty (whether from this course or another computer science course) will result in an F in the course.
Overview
In this assignment you will be starting from a fresh/empty Laravel application. When the assignment is finished you will not have a full fledged application. Instead you will have implemented a REST API that will provide the endpoints needed to support the database actions required by the book sellers application.
Details
Begin by creating a new laravel application in the hw10 directory. Then follow the steps presented in class and in the video to provide the following endpoints for the Book Seller application we have been writing for homework. NOTE: In order to facilitate grading you need to use the following route names exactly:- GET /api/books
- Return 200 status code along with a JSON array of book
objects with the following fields. The field names should match exactly, but the
order of the fields doesn't matter.
[ { "book_id": 25, "title": "Post Wins2!", "condition": 2, "price": "5.99", "created_by": 1, "name": "Fred", "email": "fred@fun.com" }, { "book_id": 22, "title": "Jo's Fun <Day>!", "condition": 3, "price": "19.99", "created_by": 1, "name": "Fred", "email": "fred@fun.com" } ]The query to produce this list is:
SELECT book_id, title, condition, price, created_by, name, email FROM books JOIN book_users ON (books.created_by=book_users.user_id)
- GET /api/books/{id}
- If provided id is invalid format or does
not match a book in the database return 400 status code with appropriate
error message. Otherwise, return 200 status code along with a single JSON book
object formatted as above. The query to extract a single book is the same
as above, but with with a where clause appended to it:
WHERE book_id=? - POST /api/books
- This endpoint is used to add a new book to the database.
It requires fields for title, condition, and price that match requirements from
previous assignments. If validation for the various fields is passed then
the result is a 201 status code and an empty JSON object as the response
body. If the validation does not pass then we give a JSON response that
is generated by Laravel's validation function such as:
{ "message": "The given data was invalid.", "errors": { "title": [ "The title field is required." ] } }The query to add a book:
INSERT INTO books (book_id, title, condition, price, created_by) VALUES (default, ?, ?, ?, ?)
- PUT /api/books/id
- This endpoint is used to update/modify an
existing book in the database. It should perform the typical checks
on the book id with appropriate responses for invalid/non-existent book
id. It will also do the same validation/responses as when adding a new
book.
The query to modify a book:
UPDATE books SET title=?, condition=?, price=? WHERE book_id=?
- DELETE /api/books/id
- This endpoint is used to remove an
existing book from the database. It requires a valid book id that exists
in the database.
As before, a malformed or missing book id should return a 400 status code.
Valid requests provide a 204 status code and an empty JSON object as the response. The query to delete a book:
DELETE FROM books WHERE book_id=?
Requests for routes that don't exist should return 404 status code with an appropriate JSON-formatted error string. In the BookController, database requests should be put in a try-catch block to handle unexpected database errors. In the case of reaching the catch block we return a 503 status code with an appropriate message.
Status Code Summary
Here is a summary of status code we'll be using for this assignment:
| Code | Phrase | Meaning in our App |
| 200 | OK | successful get request or successful PUT request |
| 201 | Object created | successful post request |
| 204 | No content | successful delete request |
| 400 | Bad request | request failed validation or invalid book id given |
| 401 | Unauthorized | user not logged in |
| 403 | Forbidden | user logged in, but not allowed to perform this action |
| 404 | Not found | no endpoint for this request was found |
| 503 | Service unavailable | Unexpected database error |