Skip to content

IMSoley/SocialAppREST

BranchesTags

Repository files navigation

SocialAppREST

A social platform REST-API with voting system, JWT authentication and authorization. The complete software life cycle of this project has been implemented.

  • API endpoint: api.soleyman.xyz
  • Documentation: api.soleyman.xyz/docs

How to run locally

  • Install python 3.8+, with pip package manager
  • Clone the repository git clone https://github.com/IMSoley/SocialAppREST
  • Determine python version for virtual environment set up: python --version or python3 --version (on linux)
    • If you see Python 3.*, then you are good to go
    • Make sure you're in the SocialAppREST directory
    • Install virtualenv package: pip install virtualenv
    • Create virtual environment: python -m venv venv
    • Activate virtual environment
      • On linux: source venv/bin/activate
      • On windows: .\venv\Scripts\activate
    • Install dependencies: pip install -r requirements.txt
  • Install PostgreSQL: sudo apt install postgresql postgresql-contrib, for windows install postgresql
    • Create a database in PostgreSQL
  • Rename env_demo to .env
  • Change all .env variable values as per your PostgreSQL set up except ALGORITHM
    • To generate secret_key, run the following command on a bash/cmd prompt: openssl rand -hex 32 (openssl must be installed)
  • Run alembic upgrade head
  • Run uvicorn app.main:app --reload (--reload flag enables auto-reload on code changes, useful for development)
  • Visit localhost:8000 to see the app

Technology stack used

  • Python - programming language
  • FastAPI - framework for fast, scalable and secure APIs
  • JWT - JWT OAuth 2.0 authentication for secure API endpoints
  • PostgreSQL - relational database management system
  • SQLAlchemy - ORM for SQL databases
  • psycopg2 - PostgreSQL driver for Python
  • Alembic - database migration tool for SQLAlchemy
  • PyTest - unit testing framework
  • Postman - for API testing
  • Docker - containerizing the application for deployment using CI/CD pipelines
  • Heroku - CI/CD platform for deploying to cloud
  • Ubuntu - deployment on production server

Features

The application is a REST-API with the following endpoints and features:

  • /login: authentication endpoint, returns a JWT bearer token for authentication and authorization
  • /users: user management endpoint. To create a new user and to update an existing user the endpoint requires the Authorization header with the JWT bearer token
  • /posts: post management endpoint, creates, updates, and deletes posts
  • /vote: vote management endpoint. A user can vote on a post and the vote is recorded in the database. Also, support self voting like Reddit

How the application works

Without authentication, the application does not allow any user to create, update, or delete posts. The application also does not allow a user to vote on a post. It will show an authentication error message if a user tries to create, update, or delete a post without authentication. It will show an authentication error message if a user tries to vote on a post without authentication.

authentication

To create an account, the user must provide a email, and password. The email must be unique. The password must be at least 8 characters long. /users endpoint will return a 201 Created response if the user is successfully created.

Upon requestiong a /login endpoint, the application verifies the credentials and returns a JWT bearer token for authentication and authorization.

login

Here's how the JWT bearer token works in the application:

JWT Diagram

At the end of the token in blue color is the token signature. The token signature is a hash of the token payload and the secret key.

The purpose of the signature is to prevent tampering with the token by an attacker:

JWT Signature

Once the user is authenticated, user access to the application is granted. The user can use all the endpoints in the application.

Unit tests with pytest

The configuration for unit testing is done in the conftest.py file:

  • defined test database
  • defined all the fixtures
  • all the fixtures are available in the tests directory

Test cases are defined in the tests/test_*.py files, where *.py is the name of the test file.

CI/CD pipeline

Automate the deployment of the application to cloud using GitHub Actions and Workflows.

# deploy to cloud on push and pull request events
on: [push, pull_request]

On build-app.yml, there are two jobs build and deploy. The deploy job is dependent on the build job. If the build job fails, the deploy job will not run and production servers will not be deployed.

  1. build job builds the application, runs unit tests and creates a Docker image
  2. deploy job deploys the application to production servers

Production server has been optimized for performance and scalability. Tmux panes explained below.

  1. API service has been up and running using the config defined in pane 2
  2. Here is the config for the API service: api.service
  3. Ngix is used to proxy the API service to the production server.

production optimization

License

MIT License

About

A social platform REST-API with voting system, JWT authentication and authorization.

api.soleyman.xyz/

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages