34 lines
1.3 KiB
Markdown
34 lines
1.3 KiB
Markdown
# Backend Technical Write Up
|
|
|
|
## Setup
|
|
|
|
- Install `pdm`
|
|
- Install dependencies with `pdm sync`
|
|
- Run development backend with `pdm run dev`
|
|
- Run tests with `pdm run test`
|
|
|
|
### Setup for Development
|
|
|
|
- run `eval $(pdm venv activate in-project)` to activate the virtual env.
|
|
|
|
## Structure
|
|
|
|
- Use FastAPI's `router` to organize different API routes
|
|
- `member` route for getting the current member/user
|
|
- `todo` route to create/read/update/delete todos
|
|
- `token` route for authentication (login/logout)
|
|
- Separate folder for PostgreSQL migrations: Might need a better migration tool. Right now, `alembic` only works with SQLalchemy.
|
|
- Use Pydantic data validation always
|
|
|
|
## TODO list
|
|
- [ ] Setup Docker image and k8s for the API: 3 containers: API, Redis and PostgreSQL.
|
|
|
|
## Authentication notes
|
|
|
|
This API uses OAuth2 (an authorization framework) with JWTs as the format for access token.
|
|
|
|
When a user logs in and is granted an access token by an OAuth 2.0 server, the token is often a JWT. This token can then be sent with requests to access protected resources, and the server can verify the token's authenticity and permissions based on the JWT's contents.
|
|
|
|
- The flow used was: Password flow but instead of username, we use the user's email instead
|
|
- In the Oauth2 spec, the `scope` part is a string of permission(s)
|