yesetoda / Loan-Tracker-API

Loan Tracker API is a backend service built with Golang, Gin, JWT-Go, and bcrypt. It features user registration, login, password management, and admin controls for managing users. The API follows Clean Architecture principles for scalability and maintainability. Explore the API via the provided Postman collection.
0 stars 0 forks source link

task1 #1

Closed yesetoda closed 2 months ago

yesetoda commented 2 months ago

Loan Tracker API - Assessment Overview This assessment is designed to evaluate the students' understanding and ability to implement a comprehensive backend API using Golang with the Gin framework and clean architecture principles. The task involves developing a Loan Tracker API with both user and admin functionalities, covering a range of features including user management, loan management, authentication, and system settings. Assessment Objectives Develop a RESTful API with the Golang Gin framework. Implement user and admin functionalities. Apply clean architecture principles. Ensure secure and efficient handling of data. Document the API using Postman. Project Requirements

  1. Introduction Develop a backend API for a Loan Tracker system where users can apply for loans, and admins can manage user accounts and loans. The system should handle user authentication and authorization, provide various endpoints for loan management, and include administrative functionalities.
  2. Functional Requirements 2.1 User Management User Registration Endpoint: POST /users/register Description: Register a new user with email, password, and profile details. Response: Success or error message. Email Verification Endpoint: GET /users/verify-email Description: Verify the user's email address using a token sent to their email. Parameters: token: Verification token sent via email email: User's email address Flow of Events: User registers on the platform. System sends a verification email with a unique token. User clicks on the verification link. User is directed to the email verification endpoint. The system verifies the token and activates the user's account. Response: Success or error message. User Login Endpoint: POST /users/login Description: Authenticate user and provide access and refresh tokens. Flow of Events: User Submits Credentials: The user submits their username (or email) and password to the system. System Validates Credentials: The system checks the submitted credentials against stored user data. Account Status Check: If the credentials are valid, the system checks whether the user's account is active or deactivated. Handling Deactivated Accounts: If the user is deactivated, the system may return a more specific notification and optionally, the system sends an email notification to the user informing them that their account is deactivated and provides steps for reactivation. Successful Authentication: If the account is active and the credentials are correct, the system generates access and refresh tokens and returns them to the user Token Refresh Endpoint: POST /users/token/refresh Description: Refresh access token using refresh token. Response: New access token or error message. User Profile Endpoint: GET /users/profile Description: Retrieve authenticated user profile. Response: User profile data. Password Reset Request Endpoint: POST /users/password-reset Description: Send password reset link to user's email. Response: Success or error message. Password Update After Reset Endpoint: POST /users/password-reset Description: Update the user's password using the token received in the password reset email. Flow of Events: User receives the password reset link via email. User clicks the link and is directed to a password reset page. User submits the new password along with the token. The system verifies the token and updates the password. System sends a confirmation response to the user. Response: Success or error message.

2.2 Admin Functionalities View All Users Endpoint: GET /admin/users Description: Retrieve a list of all users. Response: List of users. Delete User Account Endpoint: DELETE /admin/users/{id} Description: Delete a specific user account. Response: Success or error message.

yesetoda commented 2 months ago

finished