minhtrannhat/neo-neo-todo
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
neo-neo-todo/backend/README.md
minhtrannhat 0bd4508d11
feat(api): insecure login flow skeleton 
- Updated backend technical writeup
2024-03-11 22:33:30 -04:00

1.3 KiB
Raw Blame History

Backend Technical Write Up

Setup

  • Install pdm
  • Install dependencies with pdm sync
  • Run development backend with pdm run dev
  • Run tests with pdm run test

Setup for Development

  • run eval $(pdm venv activate in-project) to activate the virtual env.

Structure

  • Use FastAPI's router to organize different API routes
    • member route for getting the current member/user
    • todo route to create/read/update/delete todos
    • token route for authentication (login/logout)
  • Separate folder for PostgreSQL migrations: Might need a better migration tool. Right now, alembic only works with SQLalchemy.
  • Use Pydantic data validation always

TODO list

  • Setup Docker image and k8s for the API: 3 containers: API, Redis and PostgreSQL.

Authentication notes

This API uses OAuth2 (an authorization framework) with JWTs as the format for access token.

When a user logs in and is granted an access token by an OAuth 2.0 server, the token is often a JWT. This token can then be sent with requests to access protected resources, and the server can verify the token's authenticity and permissions based on the JWT's contents.

  • The flow used was: Password flow but instead of username, we use the user's email instead
  • In the Oauth2 spec, the scope part is a string of permission(s)