Description
You can't extend a backend you don't understand. The Juice Shop runs on Express.js with a Node.js backend, and it has dozens of API endpoints — many of them undocumented, some of them intentionally insecure. Before you build anything new, you need to map what already exists.
In this challenge, you'll explore the backend codebase, trace how requests flow from routes to controllers to the database, and use GitHub Copilot to help you document the existing API surface. Understanding the data model, the authentication flow, and the middleware stack gives you the context to build features that actually fit the architecture.
Objectives
- Explore the Juice Shop backend codebase: routes, controllers, models, middleware
- Use GitHub Copilot to help document existing API endpoints (method, path, purpose, authentication requirements)
- Map the data model and understand the database structure
- Identify the authentication and authorization patterns used in the application
Success Criteria
- API documentation created covering existing endpoints (method, path, description, auth requirements)
- Data model and database structure understood and documented
- Authentication/authorization flow documented
- GitHub Copilot used to assist with code exploration and documentation
Learning Resources