Merge pull request #53 from tecladocode/jose/cou-97-write-flask-jwt-extended-section

Author: jslvtr

docs/docs-upcoming/07_flask_admin/01_project_overview/README.md

@@ -6,7 +6,7 @@ description: Let's look at what we'll do in this section. There are no changes t
 # Project Overview (and why use SQLAlchemy)
 
 - [x] Set metadata above
-- [ ] Start writing!
+- [x] Start writing!
 
 In this section we'll make absolutely no changes to the API! However, we will completely change the way we store data.
 

docs/docs-upcoming/07_flask_admin/README.md

@@ -59,6 +59,8 @@ class StoreModel(db.Model):
 </Tabs>
 </div>
 
+Remember to import the `TagModel` in `models/__init__.py` so that it is then imported by `app.py`. Otherwise SQLAlchemy won't know about it, and it won't be able to create the tables.
+
 ## The marshmallow schemas
 
 These are the new schemas we'll add. Note that none of the tag schemas have any notion of "items". We'll add those to the schemas when we construct the many-to-many relationship.

docs/docs-upcoming/07_flask_admin/_category_.json

@@ -63,6 +63,15 @@ class ItemsTags(db.Model):
     tag_id = db.Column(db.Integer, db.ForeignKey("tags.id"))
 ```
 
+Let's also add this to our `models/__init__.py` file:
+
+```python title="models/__init__.py"
+from models.item import ItemModel
+from models.tag import TagModel
+from models.store import StoreModel
+from models.item_tags import ItemsTags
+```
+
 ### Using the secondary table in the main models
 
 

docs/docs-upcoming/08_flask_jwt_extended/01_project_overview/README.md

@@ -0,0 +1,19 @@
+---
+title: Changes in this section
+description: Overview of the API endpoints we'll use for user registration and authentication.
+---
+
+# Changes in this section
+
+In this section we will add the following endpoints:
+
+| Method         | Endpoint          | Description                                           |
+| -------------- | ----------------- | ----------------------------------------------------- |
+| `POST`         | `/register`       | Create user accounts given an `email` and `password`. |
+| `POST`         | `/login`          | Get a JWT given an `email` and `password`.            |
+| 🔒 <br/> `POST` | `/logout`         | Revoke a JWT.                                         |
+| 🔒 <br/> `POST` | `/refresh`        | Get a fresh JWT given a refresh JWT.                  |
+| `GET`          | `/user/{user_id}` | (dev-only) Get info about a user given their ID.      |
+| `DELETE`       | `/user/{user_id}` | (dev-only) Delete a user given their ID.              |
+
+We will also protect some existing endpoints by requiring a JWT from clients. You can see which endpoints will be protected in [The API we'll build in this course](/docs/course_intro/what_is_rest_api/#the-api-well-build-in-this-course)

docs/docs-upcoming/08_flask_jwt_extended/README.md

@@ -0,0 +1,21 @@
+---
+title: What is a JWT?
+description: Understand what a JWT is, what data it contains, and how it may be used.
+---
+
+# What is a JWT?
+
+A JWT is a signed JSON object with a specific structure. Our Flask app will sign the JWTs with the secret key, proving that _it generated them_.
+
+The Flask app generates a JWT when a user logs in (with their username and password). In the JWT, we'll store the user ID. The client then stores the JWT and sends it to us on every request.
+
+Because we can prove our app generated the JWT (through its signature), and we will receive the JWT with the user ID in every request, we can _treat requests that include a JWT as "logged in"_.
+
+For example, if we want certain endpoints to only be accessible to logged-in users, all we do is require a JWT in them. Since the client can only get a JWT after logging in, we know that including a JWT is proof that the client logged in successfully at some point in the past.
+
+And since the JWT includes the user ID inside it, when we receive a JWT we know _who logged in_ to get the JWT.
+
+There's a lot more information about JWTs here: [https://jwt.io/introduction](https://jwt.io/introduction). This includes information such as:
+
+- What is stored inside a JWT?
+- Are JWTs secure?

docs/docs/06_sql_storage_sqlalchemy/01_project_overview_sqlalchemy/README.md

@@ -0,0 +1,77 @@
+---
+title: Flask-JWT-Extended setup
+description: Install and set up the Flask-JWT-Extended extension with our REST API.
+---
+
+# Flask-JWT-Extended setup
+
+- [x] Set metadata above
+- [x] Start writing!
+- [x] Create `start` folder
+- [x] Create `end` folder
+- [ ] Create per-file diff between `end` and `start` (use "Compare Folders")
+
+First, let's update our requirements:
+
+```diff title="requirements.txt"
++ flask-jwt-extended
+```
+
+Then we must do two things:
+
+- Add the extension to our `app.py`.
+- Set a secret key that the extension will use to _sign_ the JWTs.
+
+```python title="app.py"
+from flask import Flask
+from flask_smorest import Api
+# highlight-start
+from flask_jwt_extended import JWTManager
+# highlight-end
+
+from db import db
+
+from resources.item import blp as ItemBlueprint
+from resources.store import blp as StoreBlueprint
+from resources.tag import blp as TagBlueprint
+
+
+def create_app(db_url=None):
+    app = Flask(__name__)
+    app.config["API_TITLE"] = "Stores REST API"
+    app.config["API_VERSION"] = "v1"
+    app.config["OPENAPI_VERSION"] = "3.0.3"
+    app.config["OPENAPI_URL_PREFIX"] = "/"
+    app.config["OPENAPI_SWAGGER_UI_PATH"] = "/swagger-ui"
+    app.config[
+        "OPENAPI_SWAGGER_UI_URL"
+    ] = "https://cdn.jsdelivr.net/npm/swagger-ui-dist/"
+    app.config["SQLALCHEMY_DATABASE_URI"] = db_url or "sqlite:///data.db"
+    app.config["SQLALCHEMY_TRACK_MODIFICATIONS"] = False
+    app.config["PROPAGATE_EXCEPTIONS"] = True
+    db.init_app(app)
+    api = Api(app)
+
+    # highlight-start
+    app.config["JWT_SECRET_KEY"] = "jose"
+    jwt = JWTManager(app)
+    # highlight-end
+
+    @app.before_first_request
+    def create_tables():
+        import models  # noqa: F401
+
+        db.create_all()
+
+    api.register_blueprint(ItemBlueprint)
+    api.register_blueprint(StoreBlueprint)
+    api.register_blueprint(TagBlueprint)
+
+    return app
+```
+
+:::caution
+The secret key set here, `"jose"`, is **not very safe**.
+
+Instead you should generate a long and random secret key using something like `secrets.SystemRandom().getrandbits(128)`.
+:::

docs/docs/07_sqlalchemy_many_to_many/02_one_to_many_review/README.md

@@ -0,0 +1,4 @@
+.venv
+*.pyc
+__pycache__
+data.db

docs/docs/07_sqlalchemy_many_to_many/03_many_to_many_relationships/README.md

@@ -0,0 +1,2 @@
+[flake8]
+per-file-ignores = __init__.py:F401

docs/docs/08_flask_jwt_extended/01_section_changes/README.md

@@ -0,0 +1,2 @@
+FLASK_APP=app
+FLASK_ENV=development

docs/docs/08_flask_jwt_extended/02_what_is_a_jwt/README.md

@@ -0,0 +1,6 @@
+FROM python:3.10
+WORKDIR /app
+COPY ./requirements.txt requirements.txt
+RUN pip install --no-cache-dir --upgrade -r requirements.txt
+COPY . .
+CMD ["gunicorn", "--bind", "0.0.0.0:80", "app:create_app()"]

docs/docs/08_flask_jwt_extended/03_flask_jwt_extended_setup/README.md

@@ -0,0 +1,41 @@
+from flask import Flask
+from flask_smorest import Api
+from flask_jwt_extended import JWTManager
+
+from db import db
+
+from resources.item import blp as ItemBlueprint
+from resources.store import blp as StoreBlueprint
+from resources.tag import blp as TagBlueprint
+
+
+def create_app(db_url=None):
+    app = Flask(__name__)
+    app.config["API_TITLE"] = "Stores REST API"
+    app.config["API_VERSION"] = "v1"
+    app.config["OPENAPI_VERSION"] = "3.0.3"
+    app.config["OPENAPI_URL_PREFIX"] = "/"
+    app.config["OPENAPI_SWAGGER_UI_PATH"] = "/swagger-ui"
+    app.config[
+        "OPENAPI_SWAGGER_UI_URL"
+    ] = "https://cdn.jsdelivr.net/npm/swagger-ui-dist/"
+    app.config["SQLALCHEMY_DATABASE_URI"] = db_url or "sqlite:///data.db"
+    app.config["SQLALCHEMY_TRACK_MODIFICATIONS"] = False
+    app.config["PROPAGATE_EXCEPTIONS"] = True
+    db.init_app(app)
+    api = Api(app)
+
+    app.config["JWT_SECRET_KEY"] = "jose"
+    jwt = JWTManager(app)
+
+    @app.before_first_request
+    def create_tables():
+        import models  # noqa: F401
+
+        db.create_all()
+
+    api.register_blueprint(ItemBlueprint)
+    api.register_blueprint(StoreBlueprint)
+    api.register_blueprint(TagBlueprint)
+
+    return app

docs/docs/08_flask_jwt_extended/03_flask_jwt_extended_setup/end/.dockerignore

@@ -0,0 +1,19 @@
+import pytest
+from app import create_app
+
+
+@pytest.fixture()
+def app():
+    app = create_app("sqlite://")
+    app.config.update(
+        {
+            "TESTING": True,
+        }
+    )
+
+    yield app
+
+
+@pytest.fixture()
+def client(app):
+    return app.test_client()

docs/docs/08_flask_jwt_extended/03_flask_jwt_extended_setup/end/.flake8

@@ -0,0 +1,3 @@
+from flask_sqlalchemy import SQLAlchemy
+
+db = SQLAlchemy()

docs/docs/08_flask_jwt_extended/03_flask_jwt_extended_setup/end/.flaskenv

@@ -0,0 +1,4 @@
+from models.item import ItemModel
+from models.tag import TagModel
+from models.store import StoreModel
+from models.item_tags import ItemsTags

docs/docs/08_flask_jwt_extended/03_flask_jwt_extended_setup/end/Dockerfile

@@ -0,0 +1,16 @@
+from db import db
+
+
+class ItemModel(db.Model):
+    __tablename__ = "items"
+
+    id = db.Column(db.Integer, primary_key=True)
+    name = db.Column(db.String(80), unique=True, nullable=False)
+    price = db.Column(db.Float(precision=2), unique=False, nullable=False)
+
+    store_id = db.Column(
+        db.Integer, db.ForeignKey("stores.id"), unique=False, nullable=False
+    )
+    store = db.relationship("StoreModel", back_populates="items")
+
+    tags = db.relationship("TagModel", back_populates="items", secondary="items_tags")

docs/docs/08_flask_jwt_extended/03_flask_jwt_extended_setup/end/app.py

@@ -0,0 +1,9 @@
+from db import db
+
+
+class ItemsTags(db.Model):
+    __tablename__ = "items_tags"
+
+    id = db.Column(db.Integer, primary_key=True)
+    item_id = db.Column(db.Integer, db.ForeignKey("items.id"))
+    tag_id = db.Column(db.Integer, db.ForeignKey("tags.id"))

docs/docs/08_flask_jwt_extended/03_flask_jwt_extended_setup/end/conftest.py

@@ -0,0 +1,11 @@
+from db import db
+
+
+class StoreModel(db.Model):
+    __tablename__ = "stores"
+
+    id = db.Column(db.Integer, primary_key=True)
+    name = db.Column(db.String(80), unique=True, nullable=False)
+
+    tags = db.relationship("TagModel", back_populates="store", lazy="dynamic")
+    items = db.relationship("ItemModel", back_populates="store", lazy="dynamic")

docs/docs/08_flask_jwt_extended/03_flask_jwt_extended_setup/end/db.py

@@ -0,0 +1,12 @@
+from db import db
+
+
+class TagModel(db.Model):
+    __tablename__ = "tags"
+
+    id = db.Column(db.Integer, primary_key=True)
+    name = db.Column(db.String(80), unique=True, nullable=False)
+    store_id = db.Column(db.String(), db.ForeignKey("stores.id"), nullable=False)
+
+    store = db.relationship("StoreModel", back_populates="tags")
+    items = db.relationship("ItemModel", back_populates="tags", secondary="items_tags")

docs/docs/08_flask_jwt_extended/03_flask_jwt_extended_setup/end/models/__init__.py

@@ -0,0 +1,3 @@
+pytest
+black
+flake8

docs/docs/08_flask_jwt_extended/03_flask_jwt_extended_setup/end/models/item.py

@@ -0,0 +1,7 @@
+Flask-JWT-Extended
+Flask-Smorest
+Flask-SQLAlchemy
+passlib
+marshmallow
+python-dotenv
+gunicorn

docs/docs/08_flask_jwt_extended/03_flask_jwt_extended_setup/end/models/item_tags.py

@@ -0,0 +1,31 @@
+import pytest
+
+
+@pytest.fixture()
+def created_store_id(client):
+    response = client.post(
+        "/stores",
+        json={"name": "Test Store"},
+    )
+
+    return response.json["id"]
+
+
+@pytest.fixture()
+def created_item_id(client, created_store_id):
+    response = client.post(
+        "/items",
+        json={"name": "Test Item", "price": 10.5, "store_id": created_store_id},
+    )
+
+    return response.json["id"]
+
+
+@pytest.fixture()
+def created_tag_id(client, created_store_id):
+    response = client.post(
+        f"/stores/{created_store_id}/tags",
+        json={"name": "Test Tag"},
+    )
+
+    return response.json["id"]