Mod 2 Refactor the lessons into 2 day workshop and 3 day workshop

[mandyWW]

I have refactored Mod 2 and the updated version is now available at: https://multiverselearningproducts.github.io/curriculum

Key changes:

• removed all content related to OpenAPI

• used a "Messages API" for examples rather than a "User API" to avoid confusion about authentication of a user and use of an API

• added in prework section which includes Pluralsight overviews on REST, how to design a RESTful API plus links for how to implement an API in your language of choice

• simplified the Hashing lesson

• added in a prework Pluralsight section which discusses alternatives to Basic Auth

• simplified all lessons to be the "bare bones" of Basic Auth & OAuth/OpenID Connect

• replaced the Banking App with Charlie's Journal App

• TODO: update the Mod 2 swe-solutions to match notes

• Note there is some Rest content which needs moving to the Bootcamp.

Please add any review comments below...

[charliemerrell]

Implement the following "Messages" APIs in your framework of choice

I think, if we're going to hard code respones, we should just hard code responses like "This was a PUT request for id :id". It's a bit confusing if /messages and /messages/:id return the same thing.

Alternatively, we could have them use a JavaScript object as an in memory database:

const app = express();

let messages = {
  1: "hello",
  2: "hi"
}

...

and then they could actually read and write to it without having to get a database involved?

[charliemerrell]

A few cases of text expanding outside the table (e.g. on the hashing page). I think we should maybe also not show the password in the table (but say, "Mandy and Charlie both have the same password" beforehand) as it looks like an SQL table and I'd be worried apprentices would think they should store the password in the database.

[charliemerrell]

To speed up database searches

I'm not sure the explanation with this is really sufficient. I think we should either just say "HashTables can be used for fast lookup" and leave it there, or else give the full explanation of how they work (I give think I have explanation in my mod1 notes).

[charliemerrell]

Bcrypt is considered secure as it enforces the use of a salt and has a work factor to reduce the speed at which an attacker can crack the hash.

I think we should make the point that Bcrypt is computationally expensive and so slow to brute force. "work factor" probably won't mean much to them wihtout context.

[charliemerrell]

I think the hashing assignment will be too easy if they choose not to use the database, since they can just copy paste the code from the example and they're done.

[charliemerrell]

validating the incoming username and password against hashed credentials created in the previous lesson

What would the students who didn't use a database in the last lesson do here?

[charliemerrell]

Your API must have associated unit and integration tests [from final project]

I think the section on unit testing APIs has been removed - I'm not sure they'll know how to unless it's covered in the REST Pluralsight courses?

[charliemerrell]

but looks great, @mandyWW - nice work :D

[millerpils]

We've lost all the HTTP content? That's a great shame if so as there are many concepts therein that are applicable to REST.

Edit: actually I think this now lives in the bootcamp so not such a big deal

[mandyWW]

HI @charliemerrell - I have implemented all your changes aside from "text expanding outside the table". All the code snippets for cut & paste have been removed so should be more of a challenge!

[mandyWW]

@millerpils - the rest intro is now in the pre-work - see https://multiverselearningproducts.github.io/curriculum/Module-2/Unit-1-Securing_APIs_with_Basic_Auth/2.1.1-RESTful_APIs_and_Frameworks.html#javascript. I think we should still move some content to the Bootcamp too though - hasn't yet been done.