feat(jwt): add lecture on how JWTs are used

Author: jslvtr

docs/docs/08_flask_jwt_extended/03_how_is_jwt_used/README.md

@@ -36,14 +36,12 @@ class User(MethodView):
     when we are manipulating data regarding the users.
     """
 
-    @classmethod
     @blp.response(200, UserSchema)
-    def get(cls, user_id: int):
+    def get(self, user_id):
         user = UserModel.query.get_or_404(user_id)
         return user
 
-    @classmethod
-    def delete(cls, user_id: int):
+    def delete(self, user_id):
         user = UserModel.query.get_or_404(user_id)
         db.session.delete(user)
         db.session.commit()

docs/docs/08_flask_jwt_extended/03_how_is_jwt_used/assets/access-token-flow.drawio.png

@@ -52,14 +52,12 @@ class User(MethodView):
     when we are manipulating data regarding the users.
     """
 
-    @classmethod
     @blp.response(200, UserSchema)
-    def get(cls, user_id: int):
+    def get(self, user_id):
         user = UserModel.query.get_or_404(user_id)
         return user
 
-    @classmethod
-    def delete(cls, user_id: int):
+    def delete(self, user_id):
         user = UserModel.query.get_or_404(user_id)
         db.session.delete(user)
         db.session.commit()

docs/docs/08_flask_jwt_extended/03_how_is_jwt_used/assets/my-info-flow.drawio.png

@@ -36,14 +36,12 @@ class User(MethodView):
     when we are manipulating data regarding the users.
     """
 
-    @classmethod
     @blp.response(200, UserSchema)
-    def get(cls, user_id: int):
+    def get(self, user_id):
         user = UserModel.query.get_or_404(user_id)
         return user
 
-    @classmethod
-    def delete(cls, user_id: int):
+    def delete(self, user_id):
         user = UserModel.query.get_or_404(user_id)
         db.session.delete(user)
         db.session.commit()

docs/docs/08_flask_jwt_extended/03_flask_jwt_extended_setup/README.md renamed to docs/docs/08_flask_jwt_extended/04_flask_jwt_extended_setup/README.md

@@ -52,14 +52,12 @@ class User(MethodView):
     when we are manipulating data regarding the users.
     """
 
-    @classmethod
     @blp.response(200, UserSchema)
-    def get(cls, user_id: int):
+    def get(self, user_id):
         user = UserModel.query.get_or_404(user_id)
         return user
 
-    @classmethod
-    def delete(cls, user_id: int):
+    def delete(self, user_id):
         user = UserModel.query.get_or_404(user_id)
         db.session.delete(user)
         db.session.commit()

docs/docs/08_flask_jwt_extended/03_flask_jwt_extended_setup/end/.dockerignore renamed to docs/docs/08_flask_jwt_extended/04_flask_jwt_extended_setup/end/.dockerignore

@@ -52,14 +52,12 @@ class User(MethodView):
     when we are manipulating data regarding the users.
     """
 
-    @classmethod
     @blp.response(200, UserSchema)
-    def get(cls, user_id: int):
+    def get(self, user_id):
         user = UserModel.query.get_or_404(user_id)
         return user
 
-    @classmethod
-    def delete(cls, user_id: int):
+    def delete(self, user_id):
         user = UserModel.query.get_or_404(user_id)
         db.session.delete(user)
         db.session.commit()

docs/docs/08_flask_jwt_extended/03_flask_jwt_extended_setup/end/.flake8 renamed to docs/docs/08_flask_jwt_extended/04_flask_jwt_extended_setup/end/.flake8

@@ -52,14 +52,12 @@ class User(MethodView):
     when we are manipulating data regarding the users.
     """
 
-    @classmethod
     @blp.response(200, UserSchema)
-    def get(cls, user_id: int):
+    def get(self, user_id):
         user = UserModel.query.get_or_404(user_id)
         return user
 
-    @classmethod
-    def delete(cls, user_id: int):
+    def delete(self, user_id):
         user = UserModel.query.get_or_404(user_id)
         db.session.delete(user)
         db.session.commit()

docs/docs/08_flask_jwt_extended/03_flask_jwt_extended_setup/end/.flaskenv renamed to docs/docs/08_flask_jwt_extended/04_flask_jwt_extended_setup/end/.flaskenv

@@ -0,0 +1,64 @@
+from flask.views import MethodView
+from flask_smorest import Blueprint, abort
+from flask_jwt_extended import create_access_token
+from passlib.hash import pbkdf2_sha256
+
+from db import db
+from models import UserModel
+from schemas import UserSchema
+
+
+blp = Blueprint("Users", "users", description="Operations on users")
+
+
+@blp.route("/register")
+class UserRegister(MethodView):
+    @blp.arguments(UserSchema)
+    def post(self, user_data):
+        if UserModel.query.filter(UserModel.username == user_data["username"]).first():
+            abort(409, message="A user with that username already exists.")
+
+        user = UserModel(
+            username=user_data["username"],
+            password=pbkdf2_sha256.hash(user_data["password"]),
+        )
+        db.session.add(user)
+        db.session.commit()
+
+        return {"message": "User created successfully."}, 201
+
+
+@blp.route("/login")
+class UserLogin(MethodView):
+    @blp.arguments(UserSchema)
+    def post(self, user_data):
+        user = UserModel.query.filter(
+            UserModel.username == user_data["username"]
+        ).first()
+
+        if user and pbkdf2_sha256.verify(user_data["password"], user.password):
+            access_token = create_access_token(identity=user.id)
+            return {"access_token": access_token}, 200
+
+        abort(401, message="Invalid credentials.")
+
+
+@blp.route("/user/<int:user_id>")
+class User(MethodView):
+    """
+    This resource can be useful when testing our Flask app.
+    We may not want to expose it to public users, but for the
+    sake of demonstration in this course, it can be useful
+    when we are manipulating data regarding the users.
+    """
+
+    @blp.response(200, UserSchema)
+    def get(self, user_id):
+        user = UserModel.query.get_or_404(user_id)
+        return user
+
+    def delete(self, user_id):
+        user = UserModel.query.get_or_404(user_id)
+        db.session.delete(user)
+        db.session.commit()
+        return {"message": "User deleted."}, 200