Exam 2023-01-08
Here you find sample answers and marking guidelines to the questions on the exam 2023-01-08.
If you need clarification of any question, ask the exam personnel (tentavakt in Swedish) to call Peter, and we can discuss it over the phone.
Max score is 30 points:
- For grade 3, 40% of max score (12 points) is required
- For grade 4, 60% of max score (18 points) is required
- For grade 5, 80% of max score (24 points) is required
You are not allowed to use any aids except:
- The computer you sit at to only answer the questions on this exam
- A dictionary to translate to/from English from/to your native language
- Pen and paper to sketch with (should not be submitted)
Write your answers in either English or Swedish. If you write your answers in Swedish, make sure to not introduce any translation confusement. Write proper sentences (spelling, upper/lower case characters, punctuation, etc.). Answers that do not do this good enough/are vague/are not understandable will not receive full score on the questions.
Answers that are more or less copies of sample answers given to you or copies of text found somewhere else will be rewarded 0 points. Use your own words to answer the questions.
Good luck!
Question 1 (2p)
Question
Name the method one should use in HTTP when the request is about:
- Updating a resource
- Deleting a resource
- Creating a new resource
- Retrieving a resource
You will get:
- 0.5 points for each correct name (spelling must be correct)
Sample answer
PUTDELETEPOSTGET
Marking guidelines
- 0.5 points for each correct name (spelling must be correct)
Question 2 (1p)
Question
Is the URI /movies/12/delete a good or bad URI? Justify your answer.
Sample answer
In HTTP, the URI should only identify the resource the request is about. The URI /movies/12/delete seems to identify the movie resource with id 12, which is OK, but then it also contains delete, which suggests the URI is used to delete the resource. That is wrong; what to do with the identified resource (such as deleting it), should instead be identified by the method. So, therefor, the URI is a bad one.
Marking guidelines
- 1 point for URI should only identify resources, not an "action"
Question 3 (1p)
Question
Explain what the Content-Type header is used for in HTTP. Also, give one example of a value it can have, and explain how that value should be interpreted.
Sample answer
The Content-Type header is used in HTTP requests and HTTP responses to indicate which data format the body of the request/response is written in. It can, for example, have the value application/json, which means that the body is written in JSON format.
Marking guidelines
- 0.25 points for used in requests
- 0.25 points for used in responses
- 0.25 points for explanation
- 0.25 points for correct example
Question 4 (2p)
Question
Name 3 different headers that exist in HTTP in addition to Content-Type.
You will get:
- 0.66 points for each correct header name
Sample answer
- Accept
- Authorization
- Host
Marking guidelines
- 0.66 points for each largely correct header name
- -0.25 points for a header name that is almost correct
Question 5 (2p)
Question
Write the HTTP status code one should use in a response when the request:
- The resource identified by the URI doesn't exist
- Couldn't be carried out, because something on the server didn't work as expected (for example the web app couldn't communicate with the database)
- The server successfully carried out the request, but no resource is sent back (the response contains no body)
- The server successfully carried out the request, and a new resource was created
You will get:
- 0.5 points for each correct status code
Sample answer
- 404
- 500
- 204
- 201
Marking guidelines
- 0.5 points for each correct status code
Question 6 (1p)
Question
REST is built upon a set of constraints. In this context, give a general description of what a constraint is.
Sample answer
A constraint means something that is limiting us in how to build the system. It prevents us from building the system in a bad way. The more of these constraints we use, the more of the bad ways of building the system we will avoid, and it is more likely that we will end up with a good system.
Marking guidelines
- 1 point for a correct description
Question 7 (3p)
Question
Name and describe each constraint REST consists of.
Sample answer
See CHAPTER 5, Representational State Transfer (REST) in Roy Fielding's dissertation Architectural Styles and the Design of Network-based Software Architectures.
Marking guidelines
- 0.25 points for each correct name
- 0.25 points for each correct description
OR (if the code-on-demand constraint is not mentioned):
- 0.25 points for each correct name
- 0.25 points for each correct description
- 0.5 points for overall very good, accurate and correct descriptions
Question 8 (2p)
Question
On a backend storing information about species, the following SQLite table is used to store the specifies:
| id | name | numberOfLegs |
|---|---|---|
| 1 | Snake | 0 |
| 2 | Dog | 4 |
| 3 | Human | 2 |
| 4 | Cat | 4 |
| ... | ... | ... |
As you can see, there are many species, and some of them have the same number of legs.
Your task is to design the REST API clients can use to obtain:
- all species
- all species with a specific number of legs (provided by the client)
You need to design the HTTP requests and the HTTP responses, including all details another programmer needs to know to be able to use your API without having to look at implementation details on the server.
Sample answer
To retrieve back all species, GET /species should be used. This will send back all species in JSON format with the status code 200. If something goes wrong while carrying out the request (for example communication with the database doesn't work), then status code 500 will be sent back with no body.
To retrieve all species with a specific number of legs (let's say 4), one should send the request GET /species?numberOfLegs=4. This will work the same way as GET /species, but only send back the species with the provided number of legs.
Marking guidelines
- For each operation:
- 0.25 points for correct method
- 0.25 points for a correct URI
- 0.25 points for data format/required headers
- 0.1 points for first status code
- 0.15 for second status code
- Point reductions for small mistakes:
- -0.1 points for
/animals(much better to be consistent and call itspecies)
- -0.1 points for
Question 9 (2p)
Question
On a backend storing information about blogposts, the following SQLite table is used to store the blogposts:
| id | title | content |
|---|---|---|
| 1 | HTML | HTML is fun. |
| 2 | CSS | CSS is very fun! |
The backend is implemented in Express, and the following code is used to send back all blogposts:
app.get('/blogposts', function(request, response){
const query = "SELECT * FROM blogposts"
const values = []
db.all(query, values, function(error, blogposts){
// Let us assume no error occurs.
response.json(blogposts)
})
})
Write the body the HTTP response would contain for the request GET /blogposts.
Sample answer
[{
"id": 1,
"title": "HTML",
"content": "HTML is fun"
}, {
"id": 2,
"title": "CSS",
"content": "CSS is very fun!"
}]
Marking guidelines
- 2 points for an answer that is largely correct
- Small point reductions for smaller errors:
- -2 points for not returning an array with two objects
- -0.25 points for keys not being surrounded by quotes at all
Question 10 (2p)
Question
Explain how a middleware is implemented in Express. Don't explain how a specific middleware is implemented, just give a general description.
Sample answer
A middleware in Express is implemented as a function. The function will be called each time the Express application receives an HTTP request. When it's called, it will be passed 3 arguments:
request, which is an object containing information about the HTTP request that is being receivedresponse, which is an object containing information about the HTTP response that should be sent back to the clientnext, which is a function one should call if the next middleware in the Express application should be invoked
Marking guidelines
- 0.5 points for function
- 0.5 points for
req/requestparameter - 0.5 points for
res/responseparameter - 0.5 points for
nextparameter
Question 11 (2p)
Question
Explain how the purpose of an ID Token differs from the purpose of an Access Token.
Sample answer
ID Tokens are used to contain information about a specific user, such as the user's account id, username, email, etc. ID Tokens should be opened up by clients to read out this information, and then the client can use this information however it wants.
Access Tokens on the other hand should contain information proving that the user is authorized to perform some operations. It should not be opened up by clients, but instead sent back to the server in future requests as proof of being authorized to carry out those type of requests.
Marking guidelines
- 0.5 points for what ID Token contains
- 0.5 points for ID Token used by client
- 0.5 points for what Access Token contains/used for
- 0.5 points for Access Token sent to server from client as proof of authorization
Question 12 (2p)
Question
Here is a short story:
Alice is going to buy wine at Systembologat (a store in Sweden selling wines). To be allowed to buy wine at Systembologet, you must be at least 20 years old. She enters the store, pickup the wine she wants to buy, and then she waits in the checkout line. When it's her turn to pay, she shows her driver license to the cashier, and then she pays for the wine and exits the store with the wine and a receipt.
After she has left the store, she remembers that drinking alcohol can be bad, so she enters the store, waits in line again, and when it's her turn, she shows the receipt to the cashier and gives back the receipt and the wine, and she receives back the money she paid for the wine before.
In this story, authentication and authorization take place. Explain when and where these take place.
Sample answer
- When Alice pays for the wine: authentication (she proves she's the one on the driver license) and authorization (she proves she's over 20 (written on the driver license))
- When Alice gives back the wine: authorization (she proves she's authorized to make the exchange by showing the receipt)
Marking guidelines
- 0.66 points for each correct identified authentication/authorization
- -0.33 points for each identified authentication/authorization that doesn't exist
Question 13 (1p)
Question
Below is the table humans found in a database (not all rows are shown).
| id | name | age |
|---|---|---|
| 1 | Alcie | 10 |
| 2 | Bob | 20 |
| 3 | Claire | 15 |
| ... | ... | ... |
Write an SQL query that sets name to Alice for all humans that currently has the name Alcie.
Sample answer
UPDATE humans SET name = "Alice" WHERE name = "Alcie"
Marking guidelines
- 1 point for an answer that is largely correct
- Point reductions for smaller errors:
- -0.75 points for having all but
UPDATE humans SETwrong
- -0.75 points for having all but
Question 14 (1p)
Question
Below is the table humans found in a database (not all rows are shown).
| id | name | age |
|---|---|---|
| 1 | Alice | 10 |
| 2 | Bob | 20 |
| 3 | Claire | 15 |
| ... | ... | ... |
Write an SQL query that deletes all humans that are younger than 18 (those who are 18 should not be deleted).
Sample answer
DELETE FROM humans WHERE age < 18
Marking guidelines
- 1 point for an answer that is largely correct
- Small point reductions for smaller errors:
- -0.1 points for
DELETE humans ... - -0.25 points for
age = age < 18
- -0.1 points for
Question 15 (2p)
Question
Can one and the same table contain two foreign keys? If no, explain why. If yes, show an example of a database structure (the tables in the database) where one table has two foreign keys.
Sample answer
Yes, one and the same table can contain multiple foreign keys. For example, on a platform where users can create accounts and send private/direct messages to each other, we would have an accounts table to keep track of which accounts that exists on the platform, for example:
| id | username | password |
|---|---|---|
| 1 | Alice | abc123 |
| 2 | Bob | bobby |
| ... | ... | ... |
An we would have a messages table to keep track of all the messages that have been written on the platform, for example:
| id | subject | message | fromAccountId | toAccountId |
|---|---|---|---|---|
| 1 | How are you? | ... | 1 | 2 |
| 2 | Happe new year! | ... | 4 | 5 |
| ... | ... | ... | ... | ... |
In the messages table above, both fromAccountId and toAccountId would be foreign keys to the accounts table.
Marking guidelines
- 2 points for correct answer and a good example
Question 16 (2p)
Question
Describe an example where you would use v-model in Vue. There is no need to write any code.
Sample answer
If you implement a Vue app where the user should enter her username, then you can use v-model on an <input> element to automatically store what the user has typed in the <input> element in a property in the model (the JS object returned from the data() function).
Marking guidelines
- 2 points for a description of a good use-case
- -0.5 points for writing
<v-model>(it's not an HTML tag/component)
Question 17 (2p)
Question
Describe a Vue component (come up with one yourself) where it would be good to use one or more props. There is no need to write any code.
Sample answer
If you implement a Vue component that should display a time in a fancy way, then it can be good to pass the time it should display as a prop, so the one using the component can choose which time that should be displayed, instead of hardcoding that in the component.
Marking guidelines
- 2 points for a description of a good use-case
- 1 point if providing a general description without much details