Conceptual Exercise

Answer the following questions below:

• What is a JWT?

  • A JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. The claims are encoded as a JSON object that is used as the payload of a JSON Web Token. JWTs are often used for authentication and authorization purposes.

• What is the signature portion of the JWT? What does it do?

  • The signature portion of a JWT is created by taking the encoded header and payload, and signing them using a secret key or a public/private key pair. This signature allows the receiving party to verify the integrity and authenticity of the token, ensuring that the content hasn’t been tampered with.

• If a JWT is intercepted, can the attacker see what's inside the payload?

  • Yes, the payload of a JWT is not encrypted. An attacker can decode the payload and view the information inside. It’s important not to store sensitive information in a JWT.

• How can you implement authentication with a JWT? Describe how it works at a high level.

  • Authentication with a JWT typically involves the following steps:

    1. User Login: The user sends their credentials to the server.
    2. Token Creation: If the credentials are valid, the server generates a JWT that includes the user's information in the payload.
    3. Token Storage: The server sends the JWT back to the client, where it is stored.
    4. Token Use: For subsequent requests, the client includes the JWT in the Authorization header. The server verifies the token's signature to authenticate the user.
    5. Token Verification: The server checks the token's validity and extracts the user's information from the payload for authorization purposes.

• Compare and contrast unit, integration and end-to-end tests.

  • Unit Tests: Focus on testing individual components or functions in isolation, ensuring they work as expected. They are fast and usually the first line of defense against bugs.
  • Integration Tests: Verify that different components or systems work together correctly. They test interactions between modules or services, ensuring that integrated parts function as a whole.
  • End-to-End Tests: Simulate real user scenarios, testing the complete flow of an application from start to finish. These tests are broader in scope and ensure that the entire application works as intended.

• What is a mock? What are some things you would mock?

  • A mock is a simulated object that mimics the behavior of real objects in controlled ways. Mocks are used in unit tests to isolate the code being tested from its dependencies. You might mock databases, API calls, or any external services to ensure that tests are focused only on the functionality of the unit under test.

• What is continuous integration?

  • Continuous Integration is a development practice where developers regularly merge their code changes into a shared repository, usually several times a day. Each merge triggers an automated build and test process, allowing teams to detect errors early and often, improving software quality and reducing integration problems.

• What is an environment variable and what are they used for?

  • Environment variables are dynamic values that can influence the behavior of running processes. They are used to configure settings like database credentials, API keys, or environment-specific configurations without hardcoding them into the application.

• What is TDD? What are some benefits and drawbacks?

  • Test-Driven Development (TDD) is a software development process where tests are written before writing the actual code. The process involves writing a test for a new feature or function, writing the minimum code to pass the test, and then refactoring the code while keeping the test passing.
    • Benefits:
      • Encourages well-thought-out design.
      • Helps catch bugs early.
      • Provides documentation through tests.
    • Drawbacks:
      • Can slow down the development process initially.
      • May lead to overly rigid code structures if not done carefully.
      • Requires discipline to maintain.

• What is the value of using JSONSchema for validation?

  • JSONSchema provides a powerful and flexible way to validate JSON data structures, ensuring that they conform to a defined schema. It helps maintain consistency in data formats, prevents invalid data from entering your system, and provides clear error messages when validation fails.

• What are some ways to decide which code to test?

  • Focus on testing:
    • Core Business Logic: Critical paths in your application that directly impact functionality.
    • Edge Cases: Scenarios that may be less common but could lead to unexpected behavior.
    • Frequent Bugs: Areas where bugs have been found before.

• What does RETURNING do in SQL? When would you use it?

  • The RETURNING clause in SQL allows you to return values from rows that were modified by an INSERT, UPDATE, or DELETE statement. It’s useful when you need to retrieve the updated data immediately without issuing a separate SELECT query.

• What are some differences between Web Sockets and HTTP?

  • HTTP: A request-response protocol where the client sends a request and the server responds. It’s stateless and connection is closed after each request.
  • WebSockets: A protocol that allows for full-duplex communication between client and server. It maintains an open connection, allowing for real-time data exchange with low latency.

• Did you prefer using Flask over Express? Why or why not (there is no right answer here --- we want to see how you think about technology)?

  • I preferred Flask. Flask was lightweight and easy for me to understand. Using {%block content%} was a great way to condense code. And the routes are so easy to setup.