techminds-backend-dev-cohort-3-Assignment-project-Quiz-API-with-authentication.md

🧠 Full-Stack Backend Assignment: Quiz API with Authentication

Project Overview

You are required to design and implement a modular, secure Quiz Management REST API using:

• Node.js & Express
• MongoDB (Mongoose)
• JWT Authentication
• Best-practice project structure
• Full CRUD and permission controls

The API will allow authenticated users to create quizzes, add questions & answers, manage them, and track quiz performance.

Your API will be used by a potential frontend (not part of the assignment), so the routes, responses, and error handling must be clean and predictable.

---

📌 Core Features & Requirements

1. Authentication

• Implement JWT-based user authentication.

• Users must be able to:

  • Register
  • Login
  • Access protected routes using tokens

---

2. Quiz Management

Users should be able to:

Create a quiz

• Title (required)
• Optional description
• Status: active, archived

Manage quizzes

• Update quiz details
• Delete a quiz
• Archive/unarchive quizzes

Retrieve quizzes

• Fetch all quizzes created by the authenticated user
• Fetch a single quiz with all its nested questions & answers

---

3. Question Management

Within a quiz, the owner can:

• Add questions
• Add optional help/description text (e.g., “Only one answer is correct” or “Multiple answers allowed”)
• Edit questions
• Delete questions

---

4. Answer Management

For each question, the quiz owner can:

• Add answers
• Mark one or more answers as correct
• Edit answers
• Delete answers

Validation required:

• If the question type only allows one correct answer, enforce it
• Handle bad or contradictory submissions with proper error responses

---

5. Performance & Scoring

Users participating in a quiz should be able to:

• Submit answers for a quiz
• Have their submission evaluated

The API must return:

• correct_answers
• total_questions
• total_questions_answered
• score_percentage
• grade (A/B/C/D/F — your own scale)

---

📌 Technical Requirements

Architecture & Code Quality

• Must follow a modular folder structure (routers, controllers, services, models, middlewares, utils)
• Use Mongoose schema relationships (Quiz → Questions → Answers)
• Code must be well documented
• Use environment variables for secrets and DB config
• Use async/await and proper error handling

---

Security Requirements

• Protect routes with JWT authentication middleware

• Users may only manage:

  • Their own quizzes
  • The questions/answers within their quizzes

• Validate object IDs & request bodies

• Prevent unauthorized access by returning correct HTTP errors

---

📌 Error Handling Requirements

Return structured JSON errors such as:

{
  "error": true,
  "message": "Quiz not found",
  "status": 404
}

Handle:

• Missing fields
• Invalid IDs
• Unauthorized access
• Forbidden operations
• Unknown routes
• Server errors

---

📌 Deliverables

Students must submit:

1. Source code repository (GitHub or similar)

2. README.md including:

   • Project setup instructions
   • Route documentation
   • Authentication instructions

3. Postman Collection (exported JSON)

4. Short explanation of key decisions:

   • Folder structure
   • Middleware usage
   • Permission checks
   • Error handling strategy

---

📌 Bonus (Optional)

• Rate limiting
• Swagger API docs
• Quiz categories
• Pagination on large quiz lists
• Soft deletes
• Role-based access control

---

🎯 Expected Learning Outcomes

By completing this assignment, you will learn to:

✔ Build secure REST APIs using Express ✔ Implement JWT authentication ✔ Model relational data using MongoDB ✔ Design clean, modular backend architecture ✔ Implement access control and validation ✔ Return meaningful API responses and errors