Contest Participation System API

A robust, secure, and fully-featured RESTful API built with .NET 8 and PostgreSQL. This system allows administrators to create contests and questions, while users can register, join contests, submit answers, and climb the leaderboard to win prizes.

🚀 Features

• Role-Based Access Control (RBAC): Secure JWT authentication supporting Guest, Normal, VIP, and Admin roles.
• Contest & Gameplay Engine: Supports time-bound contests with Single-Select, Multi-Select, and True/False questions.
• Secure Server-Side Scoring: Answers are graded strictly on the backend to prevent client-side cheating or payload manipulation.
• Enterprise-Grade Data Integrity: Utilizes explicit database transactions (BeginTransactionAsync) for critical multi-table writes (e.g., submitting answers, granting prizes).
• Robust Validation: Implements Data Annotations and IValidatableObject to ensure strict data integrity (e.g., strong passwords, valid email formats, logical contest start/end times).
• Global Error Handling: Features a custom Global Exception Middleware to securely catch unhandled exceptions, log them, and return standardized user-friendly JSON responses.

🛠️ Tech Stack

• Framework: C# / .NET 8 (ASP.NET Core Web API)
• Database: PostgreSQL
• ORM: Entity Framework Core
• Authentication: JSON Web Tokens (JWT) & BCrypt Password Hashing

📋 Prerequisites

Before you begin, ensure you have the following installed:

• .NET 8 SDK
• PostgreSQL (Running locally or hosted)
• Postman (For testing the API)

⚙️ Local Setup & Installation

1. Clone the repository and navigate to the project directory:

git clone <your-repo-url>
cd ContestSystem

2. Configure your Database and JWT Key:

Open appsettings.json and ensure your ConnectionStrings and Jwt:Key are configured correctly.

  "ConnectionStrings": {
    "DefaultConnection": "Host=localhost;Database=ContestDB;Username=postgres;Password=YOUR_DB_PASSWORD"
  },
  "Jwt": {
    "Key": "YourSuperSecretKeyThatIsAtLeast64CharactersLongForSHA512!"
  }

3. Apply Database Migrations:

Generate the tables in your PostgreSQL database using Entity Framework Core.

Bash
dotnet ef database update

4. Run the Application:

Bash
dotnet run

The API will start running on http://localhost:.

🧪 Testing with Postman

This project includes a fully configured Postman Collection to test all user flows.

Setup Instructions

1. Import the Postman Collection into your workspace.
2. Go to the Variables tab of the collection.
3. Set the baseUrl variable to your local running API URL (e.g., http://localhost:5123).

Note: The collection includes a script on the Login endpoint that automatically extracts the JWT token and saves it to a {{token}} variable. You do not need to manually copy/paste tokens for authenticated requests!

---

🗺️ API Endpoints Summary

Authentication (/api/auth)

• POST /register - Register a new user (Supports role flags for Admin/VIP).
• POST /login - Authenticate and receive a JWT.

Contests (/api/contests)

• GET / - List all active contests (Filters out VIP contests for Normal users).
• POST / - Create a new contest [Admin Only].
• POST /{id}/questions - Add questions and options to a contest [Admin Only].
• POST /{id}/join - Join a contest.
• GET /{id}/play - Fetch contest questions (hides correct answers).
• POST /{id}/submit - Submit answers and calculate score securely.

Leaderboard & Prizes (/api/contests/{id})

• GET /leaderboard - View current user rankings and scores.
• POST /grant-prize - Award the prize to the highest-scoring user [Admin Only] (Transactional).

User Dashboard (/api/users)

• GET /history - View your past contest participations and won prizes.