WebFund 2013F: Assignment 4: Difference between revisions

From Soma-notes
No edit summary
No edit summary
 
(19 intermediate revisions by the same user not shown)
Line 1: Line 1:
'''This assignment is not yet finalized.'''
'''Solutions are now online as a [http://homeostasis.scs.carleton.ca/~soma/webfund-2013f/assign4-sol.zip zip file] and an [http://homeostasis.scs.carleton.ca/~soma/webfund-2013f/assign4-sol/ unpacked directory].''' Note these solutions do not contain an editor (question 7) or keys (question 8).  However student solutions with some or all of these features [http://homeostasis.scs.carleton.ca/~soma/webfund-2013f/assign4-student-sol/ are available].


In this tutorial you'll be looking at how authenticated sessions can be done in NodeNote that this example '''sends passwords in the clear to the server'''. If you wanted to prevent this, you would need to add SSL support to your application, e.g., using the [http://nodejs.org/api/https.html https npm module].
In this assignment you will be extending <tt>adventure-ajax-demo</tt> covered in [[WebFund 2013F: Tutorial 9|Tutorial 9]] with a simple editor interface and a persistent MongoDB datastore.  The assignment is worth 50 points with 20 bonus points and is due on December 9th.  You should upload a complete node application (including modules) as a zip file.  '''Please also include a sample room backup containing at least three rooms.'''  Your modifications should be as follows:


The sample express application is [http://homeostasis.scs.carleton.ca/~soma/webfund-2013f/demo-auth-hash.zip demo-auth-hash].  It behaves similarly to the [[WebFund 2013F: Tutorial 5|sessions tutorial]] from October 4th. The only difference here, though, is the server doesn't store plaintext passwords, and it stores them in MongoDB.
# [5] Store the rooms data in a MongoDB collection entitled "2406rooms" and have the game use this collection rather than the in-memory rooms object.
 
# [4] Make the starting room "start" (rather than bridge)Optionally make it so that any room can be the start room.
You should get the application running, look at the code, and then attempt to answer the following questions about this codeExpect to see modified versions of these questions soon...
# [5] Have the string "<?player>" be automatically replaced in a room's description by the player's name.
 
# [1] At the bottom of the player name screen (/, index.jade) add a heading "Administration" that has three bulleted links under it: Editor, Export Rooms, Import Rooms.
===Note for Windows users===
# [10] Have the Import Rooms link lead to "/import", a new screen that asks "Upload what rooms file?" and has a file input field. This field should be part of a form that allows the selected file to be uploaded to the server when the button "Upload" (a form submit button) is pressed.  The server, upon receiving the file, should check to make sure the uploaded file is valid JSON with all the necessary fields (including the special "start" room)Then, if it is valid file, it should overwrite the current 2406rooms MongoDB table, replacing it with the contents of the uploaded fileThe server should return a page stating whether the import was successful or not and should give a link to go back to /.
 
# [5] Have the Export Rooms link return a JSON object (in a text file) containing all of the rooms in the 2406rooms MongoDB collectionThis file should be suitable for importing back into the gameNote the file may be displayed in the browser or you can force the browser to prompt to save it.
This code uses OpenSSL's implementation of bcrypt.  Thus building this on Windows machines can be tricky if OpenSSL is not installedSee [https://npmjs.org/package/bcrypt the node bcrypt package documentation] for more information on how to use this on Windows.
# [20] Have the Editor link lead to <tt>/editor</tt> the URL of your editor (just as <tt>/game</tt> is the URL for the game). In one or more screens implement a simple room editor of your own designAt a bare minimum your interface should allow for the following:
 
#* [4] Edit each room link name, title, and description.
A reasonable question here is, why not use a JavaScript implementation of the crypto primitives?  They do exist; however, you should always use CERTIFIED IMPLEMENTATIONS of cryptography in your applicationsIf it hasn't been properly tested and evaluated, you are running very very serious risksFriends don't let friends implement cryptography for anything except personal entertainment!
#* [2] Add rooms
 
#* [4] Add and remove exits, giving feedback whether specified rooms existEither give clear warnings regarding invalid rooms or automatically create rooms as needed.
Having said that, you should be able to get the code working using pure JavaScript with the [https://npmjs.org/package/bcrypt-nodejs bcrypt-nodejs] package with minor changes to the application.
#* [4] Delete rooms, either giving clear warnings about exits that now refer to non-existent rooms or automatically deleting such exits.
 
#* [1] Have a quit button to return to /.
 
#* [5] Do all of the above with style.
==Questions==
# [BONUS 20] Add locks and keys to the game and editor, meaning that a player should be able to pick up a key in one room and use it to open a locked room (go through an exit that they couldn't before) in another room.
 
# This app requires two packages that directly access MongoDBWhat are they?
# What is the name of the MongoDB collection that is used to store usernames and hash passwords?
# What MongoDB collection is used to store session information?
# How long before this app's session cookies expire?
# Once the application is running successfully, kill the MongoDB server and see how the application behaves when you attempt to register a new userDoes it "succeed" or does it report an error?  Is the user properly registered?
# In the POST function for /login, it processes a username and password supplied by the user. How are they accessed?  Where did this information come from?
# What CSS templating language does this application use?
# What is MongoStore storing?  What node component(s) are using it?
# Change the app to use raw MongoDB calls rather than Mongoose for storing the username and password.  How much harder is it to do this?

Latest revision as of 21:15, 12 December 2013

Solutions are now online as a zip file and an unpacked directory. Note these solutions do not contain an editor (question 7) or keys (question 8). However student solutions with some or all of these features are available.

In this assignment you will be extending adventure-ajax-demo covered in Tutorial 9 with a simple editor interface and a persistent MongoDB datastore. The assignment is worth 50 points with 20 bonus points and is due on December 9th. You should upload a complete node application (including modules) as a zip file. Please also include a sample room backup containing at least three rooms. Your modifications should be as follows:

  1. [5] Store the rooms data in a MongoDB collection entitled "2406rooms" and have the game use this collection rather than the in-memory rooms object.
  2. [4] Make the starting room "start" (rather than bridge). Optionally make it so that any room can be the start room.
  3. [5] Have the string "<?player>" be automatically replaced in a room's description by the player's name.
  4. [1] At the bottom of the player name screen (/, index.jade) add a heading "Administration" that has three bulleted links under it: Editor, Export Rooms, Import Rooms.
  5. [10] Have the Import Rooms link lead to "/import", a new screen that asks "Upload what rooms file?" and has a file input field. This field should be part of a form that allows the selected file to be uploaded to the server when the button "Upload" (a form submit button) is pressed. The server, upon receiving the file, should check to make sure the uploaded file is valid JSON with all the necessary fields (including the special "start" room). Then, if it is valid file, it should overwrite the current 2406rooms MongoDB table, replacing it with the contents of the uploaded file. The server should return a page stating whether the import was successful or not and should give a link to go back to /.
  6. [5] Have the Export Rooms link return a JSON object (in a text file) containing all of the rooms in the 2406rooms MongoDB collection. This file should be suitable for importing back into the game. Note the file may be displayed in the browser or you can force the browser to prompt to save it.
  7. [20] Have the Editor link lead to /editor the URL of your editor (just as /game is the URL for the game). In one or more screens implement a simple room editor of your own design. At a bare minimum your interface should allow for the following:
    • [4] Edit each room link name, title, and description.
    • [2] Add rooms
    • [4] Add and remove exits, giving feedback whether specified rooms exist. Either give clear warnings regarding invalid rooms or automatically create rooms as needed.
    • [4] Delete rooms, either giving clear warnings about exits that now refer to non-existent rooms or automatically deleting such exits.
    • [1] Have a quit button to return to /.
    • [5] Do all of the above with style.
  8. [BONUS 20] Add locks and keys to the game and editor, meaning that a player should be able to pick up a key in one room and use it to open a locked room (go through an exit that they couldn't before) in another room.