neo-neo-todo/backend

Backend Technical Write Up

Setup

• Install pdm
• Install dependencies with pdm sync
• Run development backend with pdm run dev
• Run tests with pdm run test

Setup for Development

• run eval $(pdm venv activate in-project) to activate the virtual env.

Structure

• Use FastAPI's router to organize different API routes
  • member route for getting the current member/user
  • todo route to create/read/update/delete todos
  • token route for authentication (login/logout)
• Separate folder for PostgreSQL migrations: Might need a better migration tool. Right now, alembic only works with SQLalchemy.
• Use Pydantic data validation always

TODO list

• Setup Docker image and k8s for the API: 3 containers: API, Redis and PostgreSQL.

Authentication notes

This API uses OAuth2 (an authorization framework) with JWTs as the format for access token.

When a user logs in and is granted an access token by an OAuth 2.0 server, the token is often a JWT. This token can then be sent with requests to access protected resources, and the server can verify the token's authenticity and permissions based on the JWT's contents.

• The flow used was: Password flow but instead of username, we use the user's email instead
• In the Oauth2 spec, the scope part is a string of permission(s)

Sign up flow TODO

Login flow

• Send a POST request to API route /token
• If username and password are correct, create JWT for user
• User logged in

Check authentication status

• Send a GET request to API route /members/meo
• If status code is 401: they are not authenticated
• If status code is 200: they are authenticated and we can get the email and email_verified status