Exam 2023-08-15
Here you find sample answers and marking guidelines to the questions on the exam 2023-08-15.
If you need clarification of any question, ask the exam personnel (tentavakt in Swedish) to call Peter, and we can discuss it over the phone.
Max score is 30 points:
- For grade 3, 40% of max score (12 points) is required
- For grade 4, 60% of max score (18 points) is required
- For grade 5, 80% of max score (24 points) is required
You are not allowed to use any aids except:
- The computer you sit at to only answer the questions on this exam
- A dictionary to translate to/from English from/to your native language
- Pen and paper to sketch with (should not be submitted)
Write your answers in either English or Swedish. If you write your answers in Swedish, make sure to not introduce any translation confusement. Write proper sentences (spelling, upper/lower case characters, punctuation, etc.). Answers that do not do this good enough/are vague/are not understandable will not receive full score on the questions.
Answers that are more or less copies of sample answers given to you or copies of text found somewhere else will be rewarded 0 points. Use your own words to answer the questions.
Good luck!
Question 1 (2p)
Question
Name the method one should use in HTTP when the request is about:
- Retrieving a resource
- Updating a resource
- Creating a new resource
- Deleting a resource
You will get:
- 0.5 points for each correct name (spelling must be correct)
Sample answer
GETPUTPOSTDELETE
Marking guidelines
- 0.5 points for each correct name (spelling must be correct)
Question 2 (1p)
Question
Is the URI /movies/search a good or bad URI to use when a client needs to be able to search for different movies, and only get back the movies that matches the search criteria? Justify your answer.
Sample answer
The URI should only identify the resources the request is about. The search part does not contribute to identifying any resources since it's a verb, so that should not be part of the URI, hence it's bad.
Marking guidelines
- 1 point for explaining that
searchis bad
Question 3 (1p)
Question
Explain when the Accept header is used in HTTP. Also, give one example of a value it can have, and explain how that value should be interpreted.
Sample answer
The Accept header is used in HTTP requests. It can, for example, have the value application/json, which means that the client would like to get back the body of the response in JSON format.
Marking guidelines
- 0.33 points for used in request
- 0.33 points for sample value
- (0.23 points if provided value is too far from correct value)
- 0.33 points for explanation of sample value
Question 4 (2p)
Question
Name 2 different headers that exist in HTTP in addition to Accept, and for each of them also write a value they can have.
You will get:
- 0.5 points for each correct header name
- 0.5 points for each valid header value
Sample answer
Content-Type:application/jsonLocation:/movies/123
Marking guidelines
- 0.5 points for each correct header name
- 0.5 points for each valid header value
Question 5 (2p)
Question
Write the HTTP status code one should use in a response when:
- The server successfully carried out the request, and a new resource was created
- The URI in the request identifies a resource that doesn't exist
- The server successfully carried out the request, and the requested resource is being sent back in the body of the response
- The server can't carry out the request because something on the server didn't work as expected (for example the web app couldn't read from a file on the file system, which it must be able to do to carry out the request)
You will get:
- 0.5 points for each correct status code
Sample answer
- 201
- 404
- 200
- 500
Marking guidelines
- 0.5 points for each correct status code
Question 6 (1p)
Question
REST is built upon a set of constraints. In this context, give a general description of what a constraint is.
Sample answer
A constraint means something that is limiting us in how to build the system. It prevents us from building the system in a bad way. The more of these constraints we use, the more of the bad ways of building the system we will avoid, and it is more likely that we will end up with a good system.
Marking guidelines
- 1 point for a correct description
Question 7 (3p)
Question
Name and describe each constraint REST consists of.
Sample answer
See CHAPTER 5, Representational State Transfer (REST) in Roy Fielding's dissertation Architectural Styles and the Design of Network-based Software Architectures.
Marking guidelines
- 0.25 points for each correct name
- 0.25 points for each correct description
OR (if the code-on-demand constraint is not mentioned):
- 0.25 points for each correct name
- 0.25 points for each correct description
- 0.5 points for overall very good, accurate and correct descriptions
Question 8 (2p)
Question
On a backend storing information about species, the following SQLite table is used to store the species:
| id | name | numberOfLegs |
|---|---|---|
| 1 | Snake | 0 |
| 2 | Dog | 4 |
| 3 | Human | 2 |
| 4 | Cat | 4 |
| ... | ... | ... |
As you can see, there are many species, and some of them have the same number of legs.
Your task is to design the REST API clients can use to update a species with a specific id. The following validation rules should exist:
namemust contain at least 1 characternumberOfLegsmust be 0 or more
You need to design the HTTP request and the HTTP responses, including all details another programmer needs to know to be able to use your API without having to look at implementation details on the server.
Sample answer
Words written IN_THIS_FORMAT are placeholders for actual values:
- The request:
- Method:
PUT - URI:
/species/THE_ID - Headers:
Host:THE_HOSTAccept:application/jsonContent-Type:application/jsonContent-Length:THE_CONTENT_LENGTH
- Body: Content:
{"id": "THE_ID", "name": "THE_NAME", "numberOfLegs": THE_NUMBER_OF_LEGS}
- Method:
- The response if something doesn't work on the server, so the request can't be carried out:
- Status code:
500
- Status code:
- The response if no resource with the given id exists:
- Status code:
404
- Status code:
- The response if there are validation errors:
- Status code:
400 - Headers:
Content-Type:application/jsonContent-Length:THE_CONTENT_LENGTH
- Body:
- Content:
["ERROR_CODE_1", "ERROR_CODE_2", ...] - Possible error codes:
nameTooShortnumberOfLegsTooFew
- Content:
- Status code:
- The response if the resource is successfully updated:
- Status code:
204
- Status code:
Marking guidelines
- For each operation:
- 0.25 points for request method
- 0.25 points for request URI
- 0.25 points for at least 2 relevant request headers
- 0.25 points for request body
- 0.50 points for two or three of
500,404and204/200 - 0.25 points for one of
500,404and204/200 - 0.25 points for
400response- 0.25 points for much additional info about
400response
- 0.25 points for much additional info about
- Point reductions for small mistakes:
- -0.1 points for
/animals(much better to be consistent and call itspecies)
- -0.1 points for
Question 9 (2p)
Question
On a backend storing information about blogposts, the following SQLite table is used to store the blogposts:
| id | title | content |
|---|---|---|
| 1 | HTML | HTML is fun. |
| 2 | CSS | CSS is very fun! |
The backend is implemented in Express, and the following code is used to send back all blogposts:
app.get('/blogposts/:id', function(request, response){
const id = request.params.id
const query = "SELECT * FROM blogposts WHERE id = ?"
const values = [id]
db.get(query, values, function(error, blogpost){
// Let us assume no error occurs.
response.json(blogpost)
})
})
Write the body the HTTP response would contain for the request GET /blogposts/2.
Sample answer
{
"id": 2,
"title": "CSS",
"content": "CSS is very fun!"
}
Marking guidelines
- 2 points for an answer that is largely correct
- Small point reductions for smaller errors:
- -1 point for returning an array with an object
- -0.25 points for keys not being surrounded by quotes at all
Question 10 (2p)
Question
Express comes with some middlewares built into it, such as express.json() (previously bodyParser.json()). Explain how one of these built in middlewares work. Choose whichever one you want.
Sample answer
The express.json() middleware will check if the request contains a body. If so, it will check if the Content-Type header has the value application/json. If so, it will parse the body in the JSON format, and assign the parsed value to request.body, so the middlewares next in the chain can access the parsed value that way.
In all cases, it will invoke end with invoking the next middleware in the chain.
Marking guidelines
- 0.5 points for
Content-Type - 0.5 points for
application/json - 0.5 points for
request.body - 0.5 points for invoking next middleware
Question 11 (2p)
Question
Mention a value that makes sense to put in an ID Token, but that you most likely won't find in an Access Token.
Sample answer
The ID Token should contain information about the user, while the Access Token should contain information about what the user is allowed to do. Therefor, the user's first name would make sense to put in the ID Token, but not in the Access Token, since authorization is usually not granted based on a user's first name.
Marking guidelines
- 2 points for a valid example
Question 12 (2p)
Question
Here is a short story:
Alice has got a ticket for a football game. When she arrives to the football arena, she shows her ticket to the personnel there, who let her enter the arena.
Questions:
- Does an identity exist in the story? If so, which identity is that?
- Does authentication take place in the story? If so, when and where?
- Does authorization take place in the story? If so, when and where?
Sample answer
- Yes. Alice is the identity in the story.
- No.
- Yes. Authorization takes place when Alice shows her ticket to the personnel, which authorizes her to enter the arena.
Marking guidelines
- 0.66 points for each correct identified identiy/authentication/authorization
- -0.33 points for each identified authentication/authorization that doesn't exist
Question 13 (1p)
Question
Below is the table humans found in a database (not all rows are shown).
| id | name | age |
|---|---|---|
| 1 | Alice | 10 |
| 2 | Bob | 20 |
| 3 | Claire | 15 |
| ... | ... | ... |
Write an SQL query that changes the age of the human with id 3 to 30.
Sample answer
UPDATE humans SET age = 30 WHERE id = 3
Marking guidelines
- 1 point for an answer that is largely correct
- Point reductions for smaller errors:
- -0.75 points for having all but
UPDATE humans SETwrong
- -0.75 points for having all but
Question 14 (1p)
Question
Below is the table humans found in a database (not all rows are shown).
| id | name | age |
|---|---|---|
| 1 | Alice | 10 |
| 2 | Bob | 20 |
| 3 | Claire | 15 |
| ... | ... | ... |
Write an SQL query that deletes the human with id 2.
Sample answer
DELETE FROM humans WHERE id = 2
Marking guidelines
- 1 point for an answer that is largely correct
- Small point reductions for smaller errors:
- -0.1 points for
DELETE humans ...
- -0.1 points for
Question 15 (2p)
Question
Explain what a foreign key is. Also, give an example of a database (tables and fields) that would contain a foreign key.
Sample answer
A foreign key is a field in one database table that (in most cases) refers to the primary key field in another table. This way we can have relations between data, and use it to, for example, keep track of which user that created which blogpost.
The accounts table:
| id | username | password |
|---|---|---|
| 1 | Alice | abc123 |
| 2 | Bob | bobby |
| ... | ... | ... |
The blogposts table:
| id | title | content | accountId | | 1 | HTML is fun | ... | 1 | | 2 | CSS is also fun ... | 1 | | ... | ... | ... | ... |
In the blogposts table above, the accountId field is a foreign key to the primary key field id in the accounts table, and we can see that Alice har written the two blogposts HTML is fun and CSS is also fun.
Marking guidelines
- 1 point for correct explanation
- 1 point for correct example
Question 16 (2p)
Question
In plain JavaScript, to read out what the user has written in an <input> element, one gets a reference to the <input> element and read out the value in the element's value property.
If you want to retrieve what the user has written in an <input> element in Vue, one does it a bit differently. Explain how. There is no need to write any code (explaining using words is enough), but feel free to show with code if you prefer.
Sample answer
To read out what the user has written in an <input> element in Vue, you first create a reactive variable in the component by returning it as part of the object in the data() function, and then you add the attribute v-model="theReactiveVariableName" to the <input> element. Then this.theReactiveVariableName will store the text written in the <input> element.
Marking guidelines
- 0.66 points for
data() - 0.66 points for
v-model="theReactiveVariableName" - 0.66 points for
this.theReactiveVariableName
Question 17 (2p)
Question
Explain how you would implement a Vue component others can use that should display two numbers (which numbers should be determined by the ones who use the component) and the sum of the two numbers. Feel free to write code implementing the component if you want, but explaining how the component should be implemented using words is OK too.
Sample answer
The component should first declare that it can receive two numbers through props, so it first needs to declare two props with their names, for example x and y.
The one using the components can then use attribute bindings to pass JavaScript numbers as props, e.g. <TheComponentName :x="3" :y="5">.
The component can then display:
- The value for the
xprop in the HTML code using{{x}} - The value for the
yprop in the HTML code using{{y}} - The sum of the
xandyprops in the HTML code using{{x + y}}
Marking guidelines
- 0.50 points for each prop mentioned
- 0.25 points for each prop shown in the HTML
- 0.5 points for showing the sum in the HTML