Ecsodikas.eu : "Current Project: Arenae, the API Testing Tool"

Introduction

Arenae is the Latin plural for sand. And as we all know, the deserts where the camels live are full of the sand(s), that's why the name makes sense in the OCaml world. I'm a fan of library and tool names that stay in the theme the language set up. Dune is a great example of this. There are also sandstorms which blast through the desert, relentlessy hammering against everything and everyone. That's the reason this web application exists. The basic idea behind Arenae is to give an easy way for developers to set up a system that fires predefined requests against their APIs. These APIs can be live systems, development systems or whatever system the users want to target. Arenae then logs the results and sends an email to the user in case a request fails.

Idea

The idea for this tool came to my mind after an accident I had with a private project. I should have set up a monitoring system myself, but why not using a system that provides monitoring, testing and warning at the same time? If you have critical infrastructure, you should still roll-out a own monitoring system, but as a additional robustness layer it can't hurt to have something easy to set up.

Functionality

The user should be able to register and log in. Afterwards it should be possible to upload a configuration file to the web application. This configuration file contains either hard-coded instructions to generate requests or generators that allow the user to describe what kind of data in what structure should be in the request and Arenae creates those requests automatically. For example, a configuration with the fullname generator could look like this:

{
    "version": "0.0.1",
    "url": "https://my-example-api.eu",
    "verb": "POST",
    "body": {
        fields: [
            {
                "type": "generator",
                "name": "receiver",
                "type": "fullname"
            }
        ]
    }
}

which produces POST requests with bodies like these:

{
    "receiver": "Jack Jonson"
}

{
    "receiver": "Michael B. Hudson"
}

If one of these requests fail, the user will get a mail with the failing body. Perhaps the API failed to parse the '.' character and responded with a 500 status code. This error could be found by this fuzzy approach.

That's basically all this app will do. But it is a great project to learn the tech stack for OCaml web development.

Challenges

First and foremost it could be possible to abuse the system by attacking systems with a huge number of requests, also known as denial-of-service attack. This is prevented by only allowing up to N requests per minute, where N is a pretty small number like 6 or 10.

Additionally, every problem that's faced by wev developers for modern web applications has to be solved aswell. The good thing is that Dream is a feature-complete web framework for OCaml that handels most of the problems we encounter on the way.

Tech Stack

The following tools will be used to create the application:

Frontend: Bonsai
Backend: Dream
Database connection: Caqti
JSON parsing: Yojson
Requests: Curly

Final Words

I have not really planned out how the software will look and I have no idea how Bonsai, Dream, Caqti, Yojson and Curly work, so it will be a great learning adventure to build this project. I am looking forward to it!

Have a good one!