Skip to content
Node2Know

Take the Wheel

Service Station Challenge (Optional Practice)

Section titled “Service Station Challenge (Optional Practice)”

You’ve been red-lining the engine for 18 lessons. Time to pull over and check the diagnostics. This lab isn’t just about reading the manual; it’s about getting your hands greasy. This is ungraded practice to tune your skills.

Professor Solo’s Directive: Speed is nothing without control. Build this API like you’re tuning a race car. Efficient, clean, and no loose bolts (unhandled errors).

A high-tech cyberpunk pit crew servicing a sleek code-racer. Robotic arms adjusting parameters, neon diagnostic screens showing 'API STATUS: OPTIMAL'. The vibe is urgent but precise.

Fig 1: Solo’s Garage. Where rubber meets the code.

Lab Specs: The “Holo-Garage” API

Section titled “Lab Specs: The “Holo-Garage” API”

Your client, a futuristic vehicle modification shop, needs an API to manage their inventory of aftermarket parts.

Phase 1: The Foundation (Chassis)

Section titled “Phase 1: The Foundation (Chassis)”
  1. Initialize a new project called holo-garage-api.
  2. Install express and morgan.
  3. Create an app.js entry point.
  4. Listen on process.env.PORT (or 4000).

Phase 2: Traffic Control (Routing)

Section titled “Phase 2: Traffic Control (Routing)”

Create a partsRouter.js and mount it at /parts. It needs to handle:

  • GET / -> Return a list of all parts (JSON).
  • GET /:id -> Return a specific part by ID.
    • Bonus: If ID doesn’t exist, send a 404 with a witty error message.
  • POST / -> “Create” a new part (just log the body and send back a 201 status with the mock data).

Phase 3: Security Check (Middleware)

Section titled “Phase 3: Security Check (Middleware)”

Write a custom middleware called mechanicCheck.

  • It should look for a query param ?role=mechanic.
  • If present, let them through.
  • If missing, send a 403: “Unauthorized. Step away from the vehicle.”
  • Apply this middleware ONLY to the POST route.

Phase 4: Storage (Static)

Section titled “Phase 4: Storage (Static)”

Create a public folder. Add a text file named manifest.txt with a list of “Authorized Mods”. serve this folder using express.static.

Acceptance Criteria

Section titled “Acceptance Criteria”
  • Server starts without crashing.
  • GET /parts returns JSON.
  • POST /parts is blocked without the mechanic role.
  • Visiting /manifest.txt in the browser downloads/views the file.
  • Global logging is active via Morgan.

🤖 AI Co-Pilot Challenges

Section titled “🤖 AI Co-Pilot Challenges”

Want to see how an AI would build it? Or check your own work? Try these prompts.

1. The Comparison

Section titled “1. The Comparison”

After you build it yourself, ask an AI to generate the same API. Compare your code structure to theirs. What did they do differently?

Copy/Paste Prompt:

“Act as a Senior Node.js developer. Generate a simple Express API for a ‘Holo-Garage’ inventory. It needs:

  1. A ‘partsRouter’ mounted at /parts with GET / and POST /.
  2. A custom middleware ‘mechanicCheck’ that blocks POST requests unless ‘?role=mechanic’ is present.
  3. Standard logging with ‘morgan’.
  4. Static file serving from a ‘public’ folder. Provide the code in a single file for easy reading, but explain how you would split it up.”

2. The Auto-Mechanic (Self-Correction)

Section titled “2. The Auto-Mechanic (Self-Correction)”

Paste your code into an AI and ask it to find bugs or “security leaks”.

Copy/Paste Prompt:

“Here is my Express API code. Act as a Security Auditor. Review my code for:

  1. Unhandled errors (hanging requests).
  2. Missing status codes.
  3. Any best practices I missed. Be harsh but fair.”

Extra Bits & Bytes

Section titled “Extra Bits & Bytes”

Express Generator (For Future Reference)

⏭ The Map

You survived the garage. Take this map with you. It’s dangerous to go alone.