[go: nahoru, domu]
Skip to content

frozen0601/ChattyBevy-django-backend

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
bevyApi
bevyApi
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

ChattyBevy-django-backend

A Back End Coding Test Project.

Here is the Kanban board for tracking this project.

No logical/functional changes are made to this branch after my date of submission. A separate branch afterDeadline is created for any post-deadline improvements. Please checkout to branch afterDeadline for more refined codes.

    Updates to afterDeadline includes (last updated: 2/14 16:19):
    1. Errors are now handled by a api_exception_handler with a uniform return.
    2. MessageSerilaizer now checks valid input thoroughly.
    2. Overall code refactoring. Less code for same functionality. More edge cases regarding to access control handled.

Setup

  1. Clone the project

  2. Move to the project file

    • cd ChattyBevy-django-backend/

  3. Create and activate a virtual environment

    • python -m venv venv or python3 -m venv venv

    • source venv/bin/activate

  4. Install the requirements

    • pip install -r requirements.txt

  5. Move to the django project file

    • cd bevyApi/

  6. Run the server

    • python manage.py runserver

APIs

The project's APIs are setup to run at localhost on port 8000. The APIs can be seperated into three parts, User Management, JWT authentication, and Messaging.

User Management

The User Management APIs leverages Tivix's repo django-rest-auth, which makes it extremely easy to manage user accounts.

  • [POST] Login /rest-auth/login/

    • required fields:

      {
    "username": "",
    "email": "",
    "password": ""
}

      *choose one between username and email

    • return fields:

      {
    "key": ""
}

  • [POST] Register /rest-auth/registration/

    • required fields: 
      {
    "username": "",
    "email": "",
    "password1": "",
    "password2": ""
}
    • return fields: 
      {
    "key": ""
}

JWT authentication

Django REST framework comes with authentication methods such as session/token authentication. Yet, there are some benefits of using JWT authentication.

JWT authentication is good because it allows for stateless, secure transmission of information between client and server. JWT tokens can be signed and encrypted for added security. They are also compact, allowing for efficient storage and transfer. This makes JWT a suitable choice for RESTful API authentication. - ChatGPT

The APIs provided by SimpleJWT is used to provide the required authentication services.

  • [POST] Get tokens /api/token/

    • required fields: 
      {
    "username": "",
    "email": ""
}
    • return fields: 
      {
    "refresh": "",
    "access": ""
}

  • [POST] Get refresh token /api/token/refresh/

    • required fields: 
      {
    "refresh": ""
}
    • return fields: 
      {
    "refresh": ""
}

Messaging

  • [GET] Get established contacts (room) /messaging/room/

    • return fields: 
      {
    "count": int,
    "next": href,
    "previous": href,
    "results": [
        {
            "id": int,
            "user1": str,
            "user2": str
        },
    ]
}

  • [GET] Get chat room /messaging/room/{room_id}

    • return fields: 
      [
    {
        "id": int,
        "room_id": int,
        "sender": str,
        "recipient": str,
        "title": str,
        "body": str,
        "created_at": datetime
    },
]

  • [POST] Send message /messaging/room/{room_id}/message/

    • required fields: 
      {
    "sender": str,
    "recipient": str,
    "title": str,
    "body": str
}
    • return fields: 
      {
    "id": int,
    "room_id": int,
    "sender": str,
    "recipient": str,
    "title": str,
    "body": str,
    "created_at": str
}

  • [DELETE] Delete message /messaging/room/{room_id}/message/{message_id}/

    • return fields: 
          "message": {
    "message": "Item deleted successfully"
}

Features

Pagination, Throttling, Caching, and CORS are the new terms/knowledge I picked up in this project.

Throttling has been enabled throughout the APIs.

Caching is used for storing user login session (JWT tokens).

Pagination is applied on /messaging/room/ but has not been done on /messaging/room/{room_id} yet.

Access Control on composing/viewing/deleting messages should be protected thoroughly.

TODOs & notes & learned

TODO Features

  • Applies pagination thoroughly.
  • Manage a unifiy error raising interface.

TODO Refactor

  • Refactor code to handle malicious inputs.

    • POST with fields/fields value altered
    • Malformed hidden field

  • Refactor message composing mechanism. The current code check if room exists whenever a message is sent. Refactor it as:

    if "room_id" not in request.POST:
    roomID = _createRoom(userA, userB)
_composeMessage(roomID, message, ...)

TODO Bug Fix

  • Fix a bug related to deleting user.

Others

  • Unit testing.
  • freeze
  • Database views
  • ...

Refer to the Kanban board for more details on project status.

About

A Back End Coding Test Project

Topics

pagination django authentication rest-api django-rest-framework jwt-authentication throttling allauth django-rest-auth

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages