Exam 2022-10-19
Here you find sample answers and marking guidelines to the questions on the exam 2022-10-19.
Start by reading through all questions
PETER HAVE GOT A COLD and won't visit the exam. If you need clarification of any question, ask the exam personnel (tentavakt in Swedish) to call Peter, and we can discuss it over the phone.
Max score is 30 points:
- For grade 3, 40% of max score (12 points) is required
- For grade 4, 60% of max score (18 points) is required
- For grade 5, 80% of max score (24 points) is required
You are not allowed to use any aids except:
- The computer you sit at to only answer the questions on this exam
- A dictionary to translate to/from English from/to your native language
- Pen and paper to sketch with (should not be submitted)
Write your answers in either English or Swedish. If you write your answers in Swedish, make sure to not introduce any translation confusement. Write proper sentences (spelling, upper/lower case characters, punctuation, etc.). Answers that do not do this good enough/are vague/are not understandable will not receive full score on the questions.
Answers that are more or less copies of sample answers given to you or copies of text found somewhere else will be rewarded 0 points. Use your own words to answer the questions.
Good luck!
Question 1 (2p)
Question
Name the method one should use in HTTP when the request is about:
- Deleting a resource
- Retrieving a resource
- Creating a new resource
- Updating a new resource
You will get:
- 0.5 points for each correct name (spelling must be correct)
Sample answer
DELETEGETPOSTPUT
Marking guidelines
- 0.5 points for each correct name (spelling must be correct)
Question 2 (1p)
Question
Explain why the URI /create-movie is no good URI to use in a REST API.
Sample answer
In HTTP, the URI should only identify the resource the request is about. The URI /create-movie do not only identify that the request is about a movie resource, but it also suggests that the request is about creating a movie resource. That part (create-) should not be in the URI, but the method (e.g. POST) should indicate that the request is about creating a resource.
Marking guidelines
- 1 point for URI should only identify resources, not "action"
Question 3 (1p)
Question
Explain when the Accept header is used in HTTP. Also, give one example of a value it can have, and explain how that value should be interpreted.
Sample answer
The Accept header is used in HTTP requests. It can, for example, have the value application/json, which means that the client would like to get back the body of the response in JSON format.
Marking guidelines
- 0.33 points for used in request
- 0.33 points for sample value
- (0.23 points if provided value is too far from correct value)
- 0.33 points for explanation of sample value
Question 4 (1p)
Question
Name the HTTP header that is used to indicate in which data format the body of the request is written in.
Sample answer
Content-Type
Marking guidelines
- 1 point for correct answer
- (0.75 points for spelling errors)
Question 5 (2p)
Question
Write the HTTP status code one should use in a response when the request:
- Couldn't be carried out, because something on the server didn't work as expected (for example the web app couldn't communicate with the database)
- The server successfully carried out the request, and a new resource was created
- The server successfully carried out the request, but no resource is sent back (the response contains no body)
- The resource identified by the URI doesn't exist
You will get:
- 0.5 points for each correct status code
Sample answer
- 500
- 201
- 204
- 404
Marking guidelines
- 0.5 points for each correct status code
Question 6 (1p)
Question
REST is built upon a set of constraints. In this context, give a general description of what a constraint is.
Sample answer
A constraint means something that is limiting us in how to build the system. It prevents us from building the system in a bad way. The more of these constraints we use, the more of the bad ways of building the system we will avoid, and it is more likely that we will end up with a good system.
Marking guidelines
- 1 point for a correct description
Question 7 (3p)
Question
Name and describe each constraint REST consists of.
Sample answer
See CHAPTER 5, Representational State Transfer (REST) in Roy Fielding's dissertation Architectural Styles and the Design of Network-based Software Architectures.
Marking guidelines
- 0.25 points for each correct name
- 0.25 points for each correct description
OR (if the code-on-demand constraint is not mentioned):
- 0.25 points for each correct name
- 0.25 points for each correct description
- 0.5 points for overall very good, accurate and correct descriptions
Question 8 (2p)
Question
On a backend storing information about humans, the following SQLite table is used to store the humans:
| id | name | age |
|---|---|---|
| 1 | Alice | 10 |
| 2 | Bob | 15 |
| 3 | Alice | 15 |
| 4 | Claire | 20 |
| 5 | Claire | 10 |
| ... | ... | ... |
As you can see, there are many humans, and some of them have the same name, or the same age. To find one that you are looking for without knowing all details about, it would be good to support filtering, so clients can obtain only the humans that have a specific name, or a specific age, or both.
Your task is to design the REST API for this request, so clients in the HTTP request can specify the name, or age, or both, and would only get back the humans matching those values.
You only need to design the HTTP request, not the response.
Sample answer
Since the request is about retrieving resources, the GET method should be used.
Since the request is about human resources, the URI /humans is a good choice.
To filter, the query string parameters can be used:
/humanswould send back all humans/humans?age=AGEwould send back all humans with the ageAGE(an actual number, like10)/humans?name=NAMEwould send back all humans with the nameNAME(an actual name, likeAlice)/humans?age=AGE&name=NAMEwould send back all humans with the ageAGE(an actual number, like10) and the nameNAME(an actual name, likeAlice)
Marking guidelines
- 0.25 points for GET
- 0.25 points for
/humans(or similar) - 1.5 points for suggesting query string parameters
- 0.5 points for instead suggesting
/humans/age/THE_AGEand/humans/name/THE_NAME
- 0.5 points for instead suggesting
Question 9 (2p)
Question
On a backend storing information about blogposts, the following SQLite table is used to store the blogposts:
| id | title | content |
|---|---|---|
| 1 | HTML | HTML is fun. |
| 2 | CSS | CSS is very fun! |
The backend is implemented in Express, and the following code is used to send back a blogpost with a specific id:
app.get('/blogposts/:id', function(request, response){
const id = request.params.id
const query = "SELECT * FROM blogposts WHERE id = ?"
const values = [id]
db.get(query, values, function(error, blogpost){
// Let us assume no error occurs.
response.json(blogpost)
})
})
Write the body the HTTP response would contain for the request GET /blogposts/2.
Sample answer
{
"id": 2,
"title": "CSS",
"content": "CSS is very fun!"
}
Marking guidelines
- 2 points for an answer that is largely correct
- Small point reductions for smaller errors:
- -0.1 points for keys/string values being surrounded by
'instead of"(has to be"in JSON) - -0.25 points for keys not being surrounded by quotes at all
- -0.25 points for
"2"instead of2 - -0.5 points for excluding the
idproperty - -0.5 points for string values not being surrounded by quotes at all
- -0.5 points for including a JSON array
- -0.1 points for keys/string values being surrounded by
Question 10 (2p)
Question
Explain how a middleware is implemented in Express. Don't explain how a specific middleware is implemented, just give a general description.
Sample answer
A middleware in Express is implemented as a function. The function will be called each time the Express application receives an HTTP request. When it's called, it will be passed 3 arguments:
request, which is an object containing information about the HTTP request that is being receivedresponse, which is an object containing information about the HTTP response that should be sent back to the clientnext, which is a function one should call if the next middleware in the Express application should be invoked
Marking guidelines
- 0.5 points for function
- 0.5 points for
req/requestparameter - 0.5 points for
res/responseparameter - 0.5 points for
nextparameter
Question 11 (1p)
Question
Does it make sense to put the user's favorite color in an ID Token? Justify your answer.
Sample answer
The ID Token should contain information about the user, and if the frontend needs to know which the user's favorite color is, then putting that information in the ID Token makes sense.
Marking guidelines
- 1 point for an answer with a correct and valid justification
Question 12 (2p)
Question
Explain why it's very important that the secret the server use to generate a JWT Access Token is known only by the server.
Sample answer
If someone else knows the secret, then that someone else is able to create his own JWT Access Token and put whatever information in it he wants, which the server then would trust.
For example, when a user logs in, the server might put the user's account id in the Access Token, which means "Anyone with this Access Token is authorized to act on the behalf of the user with this account id". If Alice knows the secret the server uses to generate the Access Token, she can create her own Access Token and put Bob's account id in it, which gives her the permission to act on behalf of Bob's account, which she shouldn't have permission to do.
Marking guidelines
- 2 points for a valid answer
Question 13 (2p)
Question
Explain what the difference between authorization and authentication is.
Sample answer
Authentication is about proving who you are, for example by providing a username and a password, to prove that you are the owner of a specific account.
Authorization is about checking if a user is allowed to do something. For example, if a user should only be allowed to remove her own account on a website (and not anyone else's), then when the website receives the delete request it must check that the user is logged in to the account that should be removed.
Marking guidelines
- 1 point for correct description of authentication
- 1 point for correct description of authorization
OR
- 1 point if each term describes the other one
Question 14 (1p)
Question
Below is the table humans found in a database (not all rows are shown).
| id | name | age |
|---|---|---|
| 1 | Alice | 10 |
| 2 | Bob | 20 |
| 3 | Claire | 15 |
| ... | ... | ... |
Write an SQL query that sets age to 18 for all humans that currently has an age lower than 18.
Sample answer
UPDATE humans SET age = 18 WHERE age < 18
Marking guidelines
- 0.25 points for an answer that has most of the correct SQL parts, but in wrong order
OR
- 1 point for an answer that is largely correct
- Small point reductions for smaller errors:
- -0.1 points for
humans SET ... - -0.1 points for
UPDATE * FROM humans ... - -0.1 points for using
toinstead of= - -0.25 for having
SETandWHEREin wrong order
- -0.1 points for
Question 15 (1p)
Question
Below is the table humans found in a database (not all rows are shown).
| id | name | age |
|---|---|---|
| 1 | Alice | 10 |
| 2 | Bob | 20 |
| 3 | Claire | 15 |
| ... | ... | ... |
Write an SQL query that deletes all humans with the name Bob.
Sample answer
DELETE FROM humans WHERE name = "Bob"
Marking guidelines
- 1 point for an answer that is largely correct
- Small point reductions for smaller errors:
- -0.1 points for
DELETE humans ... - -0.1 points for
DELETE * FROM humans ... - -0.1 points for
DELETE id, name, age FROM humans ... - -0.1 points for
:instead of= - -0.2 points for not having quotes around
Bob - -0.2 points for writing
bobinstead ofBob - -0.5 points for not including name of table in query
- -0.1 points for
Question 16 (2p)
Question
Explain what a foreign key is. Also, give an example of a database (tables and fields) that would contain a foreign key.
Sample answer
A foreign key is a field in one database table that (in most cases) refers to the primary key field in another table. This way we can have relations between data, and use it to, for example, keep track of which user that created which blogpost.
The accounts table:
| id | username | password |
|---|---|---|
| 1 | Alice | abc123 |
| 2 | Bob | bobby |
| ... | ... | ... |
The blogposts table:
| id | title | content | accountId |
|---|---|---|---|
| 1 | HTML is fun | ... | 1 |
| 2 | CSS is also fun | ... | 1 |
| ... | ... | ... | ... |
In the blogposts table above, the accountId field is a foreign key to the primary key field id in the accounts table, and we can see that Alice har written the two blogposts HTML is fun and CSS is also fun.
Marking guidelines
- 1 point for correct explanation
- 1 point for correct example
Question 17 (2p)
Question
Explain what v-model is used for in Vue.
Sample answer
v-model in Vue is used on HTML element the user can enter input through, such as <input>. It will map what the user enters in the element to a value in the model of the Vue component. It also works the other way around, so if the program changes the value stored in the model, v-model will update the HTML element to show the new value.
Marking guidelines
- 1 point for storing what the user types in input elements in the model
- 1 point for setting what is stored in the model to the input element
Question 18 (2p)
Question
Explain what props are used for in Vue.
Sample answer
When one Vue component (the parent) makes use of another Vue component (the child), the parent can pass values to the child through props (almost like HTML attributes) to give the child access to information it needs to function as it should.
Marking guidelines
- 2 points for passing data to child component