5/5 - (6 votes)

You are going to store and manipulate some data in a database. Build a RESTful API to serve HTTP
responses for creating, retrieving, updating, and deleting data.
During Lab 7, you have learnt to set up a basic web server using Node.js and Express. In Lab 8, you
have further set up a MongoDB database on the MongoDB Atlas Cloud, and access it using
Mongoose in Node.js.
Schemas and models in Mongoose help to confine the types of data to be stored. These two schemas
are needed in this assignment:
¨ eventId: number, required, unique
¨ name: string, required
¨ loc: ObjectId à Location documents*
¨ quota: number
¨ locId: number, required, unique
¨ name: string, required
¨ quota: number
* The Event schema has been defined in Lab 8, but some amendment is needed to accommodate the reference to
documents in the locations collection.
(Done in Lab 8 but improvement needed) Your Express server ought to respond to these requests:
CSCI2720/ESTR2106 Building Web Applications: Assignment 3
¨ Q1: GET http://server address/event/event ID
When the server receives this request, look up the event with the
given event ID from the database. Then print the event name,
location ID, location name, event quota on separate lines, as shown in
the illustration on the right. The location quota is not necessary.
All field names and string values should be quoted with double
quotes, like JSON.
If the given event ID is not found, output an understandable message in the response body with
status code 404. All the response should be sent as HTTP responses with content type text/plain.
¨ Q2: POST http://server address/event
When the server receives this request, it should use the parameters submitted in the HTTP request
body to create a new event in the database. A simple HTML form like this can be used:
However, instead of letting the user decide the event ID, your code should look into the database to
find the current maximum event ID, e.g. x. Assign x+1 as the new event ID. The form should ask the
user for the location ID only but not the location name. A lookup should be done to check if the
location quota is larger than or equal to the new event quota. If not, the event should not be created,
and an error message should be responded to the user.
If the event is created successfully, respond to the user with the event details as in the GET response.
Add a header field Location containing the URL of the created event. Use HTTP status code 201.
DELETE (10%)
We would allow users to delete an event using this request:
¨ Q3: DELETE http://server address/event/event ID
If the event ID is found, the event should be removed from the database. Send a response with
status code 204, and nothing in the body. If not found, show an error message in the body with
status code 404.
CSCI2720/ESTR2106 Building Web Applications: Assignment 3
You may utilize the software Postman ( for making DELETE requests to
your Express server during your development. Of course, you may also build user pages to send it
using JavaScript. This JS is not part of the assignment submission.
The following requests needs also to be entertained:
¨ Q4: GET http://server address/event
List all the events available, with details formatted similar to the first
illustration on the right.
¨ Q5: GET http://server address/loc/location ID
Show the details for this location ID, with details formatted similar to
the second illustration on the right. Respond with an error message if
the location ID is not found with status code 404.
¨ Q6: GET http://server address/loc
List all locations available, with details formatted similarly to multiple events.
¨ Q7: GET http://server address/loc?quota=number
List all the locations with quota of at least this number, with details formatted similarly to multiple
events. Respond with an empty array [ ] if there is none.
Implement a simple HTML user interface for updating event information. Assume that the user
always type an existing event ID to load the event information. The current data from the database
should be shown to the user, so that they can decide what to edit, in an HTML form. Then update
the database with the user data on submission, using this request:
¨ Q8: PUT http://server address/event/event ID
If the event is updated successfully, respond to the user with the event details as in the GET
response. You may combine this HTML form with the POST form, or use a new HTML file.
Checking of event and location quota is not necessary here.
CSCI2720/ESTR2106 Building Web Applications: Assignment 3
Please observe these for all the response made by Express in this assignment:
1. In this assignment, since the response body do not always conform to standard JSON formats,
e.g., for error messages, please always use text/plain as the Content-Type.
2. The JSON-like objects and arrays should be readable by standard JavaScript JSON.parse() if all
newline characters are removed. The syntax of quotes is tricky.
3. Use the cors middleware for Express to enable submission from local HTML forms.
const cors = require(‘cors’); app.use(cors());
4. Unless otherwise stated, the HTTP status code would be 200 OK by default. 201 Created is
used for responding to successful POST requests, and 204 No Content is used for responding
to successful DELETE requests. The only error response would be when event/location ID is not
found, as 404 Not Found.
5. Assume that there is always at least one location and one event when grading. All locations linked
from events are valid in the database.
6. Assume that the input data type is always correct, i.e., only numbers will be input for number
fields. All numbers are positive numbers > 0.
7. Assume that the user knows valid location ID when creating/updating events.
8. We will not test for situations not mentioned in this document.
For ESTR2106 students: This part is compulsory. This assignment has a full score at 120%.
For CSCI2720 students: If you finish this part correctly, a 0.5% bonus will be given to the
“Assignment” course assessment, capped at 30% maximum in the course total.
At “/” (root path), show a short paragraph to briefly describe the work here, with ~100 words.
1. In every GET queries above (Q1, Q4–7), add an extra field “query_no”, which indicates the total
count of GET queries for this user on this browser. The count should be reset if there is no
further query in 5 minutes.
2. In the same Node.js/Express implementation, add a GraphQL API at the endpoint /graphql for
these queries in GET/POST for data fetching only:
events, event(id:5) , locations, location(id:5) where the id 5 is only an example
CSCI2720/ESTR2106 Building Web Applications: Assignment 3
There is no cosmetic requirement for this assignment. You are welcome to implement extra styles
and features at your own ability, when complying to requirements above. Besides Express and
Mongoose, you can use any Node.js module at your discretion, but please only use one JS file.
Before submission, you may feel free to try with your own data in your database. We will test your
work using our database server, so you can safely clear the database server URL in the JS file for
You may test your work using Google Chrome (almost-latest versions) and the software Postman.
Please utilize the Developer Tools for debugging of your code. For grading, we may use other
programmatic interfaces.
Please read this article carefully:
Include your full name and student ID in all code files using comments. Zip all your files and
submit it on the course site on Blackboard. Only these files should be included:
¨ 1 .js file
¨ A number of HTML files, named appropriately to show their use
¨ package.json and package-lock.json from Node.js
DO NOT submit the node_modules folder.
Not every feature of the frameworks/libraries have been covered in class. Check the docs for details!
Express: Mongoose: