REST API with CRUD operations on messages objects.
Users can send requests to API to view messages anonymously.
In order to create/update/delete messages JWT is required.
(Authorization: Bearer {token} attached to the headers). API provides endpoints for registration and token retrieval.
On every GET request, message's view count is incremented.
It does not apply to the view which lists all of the messages but it could be added.
On every PUT/PATCH request, message's content is updated and view count is set to 0.
- Django + Django REST Framework
Json Web Token authentication is possible thanks to rest_framework_simplejwt package,
which provides JWT implementation including DRF views for obtaining and refreshing tokens.
Tools: Pycharm IDE, Postman
Production database is Heroku Postgres.
Postgres is also used by Github Actions where unit tests are ran.
Locally I used default SQLite database.
ERD diagram including Django's base entities and manually created Message entity.
Message has its own content which can be from 1 to 160 characters long. It stores two datetime attributes: created_at and updated_at which both are initially set on record's creation. View count has been implemented as an attribute. When increasing view count, Django's F expression is used in order to prevent race conditions and to increase performance. The other possible way to tackle this problem was to create seperate model which would be store the hit counts (how many times view was visited). Messages are saved and updated using modified ModelSerializer.
Message does not store information about its author - if this functionality was to be added, it would require adding Foreign Key to User and storing Tokens in database in order to verify the user. (Right now server does the verification based on token's signature and its secret key, meaning that tokens are actually not stored in db)
| HTTP Method | API endpoint | Request body | Response body | Description | Authorization header |
|---|---|---|---|---|---|
| POST | api/auth/register/ | Object { username: str, password: str } |
Object { id: number, username: str, email: str, first_name: str, last_name: str, is_staff: bool } |
Creates new user. Returns simplified user object. | None |
| POST | api/auth/token/ | Object { username: str, password: str } |
Object { refresh: str, access: str } |
Returns personal JWT access and refresh tokens. | None |
| POST | api/auth/token/refresh/ | Object { refresh: str } |
Object { access: str } |
Returns refreshed JWT access token. | None |
| GET | api/messages | X | Array<Object> [ Object { id: number, content: str, views: number, created_at: datetime, updated_at: datetime, } ] |
Lists all of the existing message objects. | None |
| POST | api/messages | Object { content: str } |
Object { id: number, content: str, views: number, created_at: datetime, updated_at: datetime } |
Creates and returns new message object with given content. | Bearer {token} |
| GET | api/messages/{id} | X | Object { id: number, content: str, views: number, created_at: datetime, updated_at: datetime } |
Retrieves message object with given ID. | None |
| PUT | api/messages/{id} | Object { content: str } |
Object { id: number, content: str, views: number, created_at: datetime, updated_at: datetime } |
Perfoms full update on message object with given ID. Returns updated object. | Bearer {token} |
| PATCH | api/messages/{id} | Object { content: str } |
Object { id: number, content: str, views: number, created_at: datetime, updated_at: datetime } |
Perfoms partial update on message object with given ID. Returns updated object. | Bearer {token} |
| DELETE | api/messages/{id} | X | X | Deletes message object with given ID. | Bearer {token} |
Application also uses Swagger for documentation purposes and also as a simpler and more visually appealing interface than individual REST Framework views. You can see its main view at homepage.
There are 2 urls which need to be handled in REST type API, when it comes to messages.
One for listing objects and creating new ones and one for operating on a specific object.
Since in REST architecture there should not be endpoints
such as api/messages/delete/{id}, api/messages/{id}/update or anything like that,
there is no need for creating a view for each CRUD operation.
ListCreateMessageAPIView handles api/messages endpoint. Allows GET, POST and safe methods HEAD, OPTIONS.
GetUpdateDeleteMessageAPIView handles api/messages/{id} endpoint.
Allows GET, PUT, PATCH, DELETE and safe methods HEAD, OPTIONS.
Here are some examples how you can interact with API using different tools (curl, Javascript, Python).
I personally recommend using Postman.
Register yourself if you do not own an account.
curl -d "username=YourUserName&password=YourPassword" -X POST https://messages-api-daftcode.herokuapp.com/api/auth/register/Get your JWT token.
const request = fetch('https://messages-api-daftcode.herokuapp.com/api/auth/token/', {
method: 'POST',
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify({
username: 'YourUserName',
password: 'YourPassword'
})
})
.then(res => res.json())
.then(data => console.log(data))
const {refresh, access} = request;If your token expires (access token lives for 2 hours, refresh token - 24h):
const refresh = 'refresh token you previously redeemed or had stored';
const request = fetch('https://messages-api-daftcode.herokuapp.com/api/auth/token/refresh/', {
method: 'POST',
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify({
refresh: refresh,
})
})
.then(res => res.json())
.then(data => console.log(data))
const {access} = request;Now you can send requests to the API endpoints. Attach Authorization header if you want to POST/PUT/PATCH/DELETE.
import json
import requests
token = 'your JWT access token'
headers = {
'Authorization': f'Bearer {token}',
'Content-Type': 'application/json'
}
# get all messages - no token needed
messages = requests.get('https://messages-api-daftcode.herokuapp.com/api/messages')
print(messages.json())
# create new message
payload = json.dumps({'content': 'message content'})
new_message = requests.post('https://messages-api-daftcode.herokuapp.com/api/messages',
data=payload,
headers=headers
)
print(new_message.json())
# get message
message = requests.get('https://messages-api-daftcode.herokuapp.com/api/messages/1')
print(message.json())
# update message
payload = json.dumps({'content': 'updated content'})
updated_message = requests.post('https://messages-api-daftcode.herokuapp.com/api/messages/1',
data=payload,
headers=headers
)
print(updated_message.json())
# delete message
delete = requests.post('https://messages-api-daftcode.herokuapp.com/api/messages/2',
headers=headers
)
print(delete.json())All of API endpoints have their own unit tests. This repository has its own Github Workflows testing pipeline. CI is ran on each push on any branch and pull request to master branch.
- Get all messages (empty list or few objects)
- Unauthorized POST request
- Not allowed method
- Create message: with valid content, empty, 1 and 160 characters long, too long
- Unauthorized PUT/PATCH/DELETE
- Get/Update/Delete but there's no id
- Get/Update/Delete message which does not exist
- Update message with too many characters
- Successfully Get/Update/Delete message
- Register new user, get token for them, refresh token
(views from external packages are already tested by the authors)
This repository has been deployed to Heroku. You can visit API here
- Create staticfiles folder and put any file into it. (Make sure you made an exception in .gitignore for this file. Mine is called temp.)
- Make sure there is Procfile is root directory with these 2 lines:
release: python manage.py migrate --no-input
web: gunicorn core.wsgi - Set
DEBUG = False, adddjango_heroku.settings(locals())on the bottom of settings.py. Make sure your requirements.txt contains every needed package. You may want to update it withpip freeze > requirements.txt. - Go to Heroku and add new app.
- Go to Resources tab and install Heroku Postgres add-on.
- Go to Settings tab and set SECRET_KEY in config vars. Add heroku/python buildpack.
- Go to Deploy tab, connect your Github repository, select branch to deploy. You can Enable Automatic Deploys or Deploy Branch manually.
- App should be up and running at
https://<name_of_app>.herokuapp.com.
Create new virtual environment, activate it and install dependencies.
py -3 -m venv venv
venv\Scripts\activate
pip install -r requirements.txtSet SECRET_KEY in your environmental variables.
You can also install python-dotenv, put .env file with secrets in root directory
and add those lines in settings.py. (Make sure .env is not being commited to git repository if you want to use this method)
from dotenv import load_dotenv
load_dotenv()Run migrations and create super user. (Making migrations might not be necessary)
python manage.py makemigrations
python manage.py migrate
python manage.py createsuperuser Run server and open your browser at http://127.0.0.1:8000/.
python manage.py runserverRun tests with coverage (unit tests + report)
coverage run manage.py test
coverage report -m- User account customization
- Info about message's author (e.g Message model with FK to User).
- Permissions to access message (e.g only author can modify)
- Query endpoint (get message by other attributes than its id)
- Pagination (so that user would not receive everything at once)