This is the capstone project of Udacity's Full Stack Development Nanodegree
Key data models are defined using SQLAlchemy in here
Below is the ERD generated by ERAlchemy
All database queries in this project is implemented using Python SQLAlchemy.
DB queries for resource posts can be found here
In this project all the RESTful endpoints are implemented using Flask RESTplus inside here
The interactive RESTful endpoints using Swagger UI can be accessed at here
Here is the overview of posts endpoints
Utilize the @app.errorhandler Decorator to Format error Responses as JSON Ojects for at least Four Different Status Codes
All error handlers are implemented inside here
The custom @requires_auth decorator, which implementes * Authentication * Authorization can be found here
The two roles defined in this project are as follows:
First role is admin, which can perform all actions on posts.
Second role is user, which can perform all actions except delete on posts.
All the 5 endpoints are fully tested, each with * At least one test for expected success and error behavior * All the 2 roles plus non-login situation. The test case implementations can be found here
The test coverage analysis is as below
The coverage rate is limited due to the implementation nature of Flask RESTPlus.
The Auth0 Domain Name, Client ID and the two JWT code signing secrets are available at here
The two roles defined in this project are as follows:
First role is admin, which can perform all actions on posts.
Second role is user, which can perform all actions except delete on posts.
Below is the association between roles and accounts in this project
The generated JWT can be analyzed in the JWT Online Debugger
Here is one example of decoded JWT payload, which contains the permissions field.
The APP is hosted on Heroku at D & G Services Uda Social Blogging
The API is available as Swagger UI at D & G Services Uda Social Blogging APIs
Please follow the instructions below to play around with the APIs.
First, get the required JWT for Authorization header at here
You can login using the following accounts:
No | Account | Password | Sample JWT |
---|---|---|---|
1 | guest01@udasocialblogging.com | guest01@udasocialblogging | eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6Ik1rUTVOVEZDTXpaRk5UYzFPVVk1T0VVMlF6VXdPRFExUVRFME56UkRRek14T0VGRE1UVkdSZyJ9.eyJpc3MiOiJodHRwczovL2Rldi1kLWFuZC1nLXVkYXNvY2lhbGJsb2dnaW5nLmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHw1ZTY1OGVmMWM2ZGJjOTBkM2RlNGIxMmUiLCJhdWQiOiJkZXYtZC1hbmQtZy11ZGFzb2NpYWxibG9nZ2luZy1hcGkiLCJpYXQiOjE1ODM3MjQzMDAsImV4cCI6MTU4MzczMTUwMCwiYXpwIjoiaTdRSEFRalBpNm9VMUxMRkZsVTBybEkwcTQ2SDNub2siLCJzY29wZSI6IiIsInBlcm1pc3Npb25zIjpbXX0.sjlYQoWm3_IDuWnDvWj5gvKRH-PxPcPY6jDf3K3e_Hzqyljua56YiY3FUujJpWEU6e5lqWZvzpwse9WoUhS-HhVH21XRcBNjZ7_ni7hUW4jeJ7AeLUtwZMayVvVtIVBwHMs70lX69AnS64H4Pfe0plrr2c0LLioog3Ww-d2J8awpICbtn2kGo6uyhRaXWiRelO3Og2I3n0GVn26owivUgGow_9bLRNH2Vc4CJV3r-yM5CyzsJO5CLCDSxax737aiCVKZbEAhF-axDEKGpxB6nWWhLfM8CYYnzaIzXKedzNac9AFz6DBZqGBcuwqA9PSXr9kuI2TDFZs70Iy5KaVjKQ |
2 | user01@udasocialblogging.com | user01@udasocialblogging | eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6Ik1rUTVOVEZDTXpaRk5UYzFPVVk1T0VVMlF6VXdPRFExUVRFME56UkRRek14T0VGRE1UVkdSZyJ9.eyJpc3MiOiJodHRwczovL2Rldi1kLWFuZC1nLXVkYXNvY2lhbGJsb2dnaW5nLmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHw1ZTYzMGRiYTEwYjQ2MTBkM2Q4OTZjNjgiLCJhdWQiOiJkZXYtZC1hbmQtZy11ZGFzb2NpYWxibG9nZ2luZy1hcGkiLCJpYXQiOjE1ODM3MjQxNDksImV4cCI6MTU4MzczMTM0OSwiYXpwIjoiaTdRSEFRalBpNm9VMUxMRkZsVTBybEkwcTQ2SDNub2siLCJzY29wZSI6IiIsInBlcm1pc3Npb25zIjpbImdldDpwb3N0LWRldGFpbCIsInBhdGNoOnBvc3QiLCJwb3N0OnBvc3QiXX0.aDhKHb9VXOnffwk3Ywa4Q3PhKfrs4S2QbjXy3uigokFNUrcVKitmM9LRmMoePxRIUklZIWXwl8vYAraWT12p4vDFt1DzuMRLKH4n2GpGaIRuPaW9A0SGBaD8jRt1-x3Hdtqd2Lj5vKpUtnfji_X8c0oUMYj8P8JYvwIeS5Vj49qqybZAm8_lsWOJhWW0S6wzasH_VXIb_mLibSYFiI3ybFZrAsDOAYLDNFY0LrM8cc__lkLx8-E9T6qKm_Z-Pehe2uAQ7zXbjAcgwv6OVvOliYe1ehtvjViXXzG_4u5vTCrQ5x2vgKMP53-QIWihwhAyl9VxRJ--rf1pGsAW1sSR7Q |
3 | admin01@udasocialblogging.com | admin01@udasocialblogging | eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6Ik1rUTVOVEZDTXpaRk5UYzFPVVk1T0VVMlF6VXdPRFExUVRFME56UkRRek14T0VGRE1UVkdSZyJ9.eyJpc3MiOiJodHRwczovL2Rldi1kLWFuZC1nLXVkYXNvY2lhbGJsb2dnaW5nLmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHw1ZTYzMDVhMDEwYjQ2MTBkM2Q4OTVjZDQiLCJhdWQiOiJkZXYtZC1hbmQtZy11ZGFzb2NpYWxibG9nZ2luZy1hcGkiLCJpYXQiOjE1ODM3MjQxNjYsImV4cCI6MTU4MzczMTM2NiwiYXpwIjoiaTdRSEFRalBpNm9VMUxMRkZsVTBybEkwcTQ2SDNub2siLCJzY29wZSI6IiIsInBlcm1pc3Npb25zIjpbImFkbWluOmFsbCIsImRlbGV0ZTpwb3N0IiwiZ2V0OnBvc3QtZGV0YWlsIiwicGF0Y2g6cG9zdCIsInBvc3Q6cG9zdCJdfQ.Smu7gYbXLskQaNuhvNo2YLRXxvutHr1osLFPIFf02P9a_m9_rUwDfWNzmt-RiOF7UUF8-J4tJkbkLSpDYRhHpwGhlZIxDoEpp594DSmuvNXhRYqSS1V6ghrxMhhg9_PgM8Z2hdZw_dEY3Ef2aV8L7NIP6YISctg4iF17A9MRaM7ad5rfEIbmdJWtjn1EVYer0ZhQXgogKy8TRVE4_wNLNExFehj27pI2VbYT5k7hLnuWSwi_lIu8-eg6CkwEb-EIYj41HXeHH81Lo86oAw0blTURInLAuB2QM3XBOYv2AQvCP3F56ahMHYCd9milnv9h_BhSTHe18twq_qgsKTblCQ |
Copy this token for API debugging
After that, all the APIs can be tested interactively inside Swagger UI. Please interact with the APIs here. Below is one example for create new post.
Fill in the Authorization Header with "Bearer [THE_JWT_TOKEN_ABOVE]". Enjoy!
All the core functionalities follows recommended coding practices plus ample comment for understanding.
The backend is deployed for production using the following best practices:
- Log Collection Outputs from stdout and stderr of Heroku are collected by flask logger.
- SSL Proxy SSL redirect is enabled
Please find the Heroku deployment details inside HerokuConfig
The project has been structured according to Miguel Grinberg's recommended best practices.
The project has been well documented both for local and on Heroku evaluation.