This project contains a boilerplate backend Authentication module with Login, Logout and Refresh session capabilities base on JWT technology. For the JWT this project uses PyJWT.
It has been implemented using Flask-RESTful and has been rigourously tested using pytest.
This project also uses marshmallow as a Schema serializer to easily provide JSON-formatted output for all API endpoints. Data models use Flask-SQLAlchemy as the ORM. A custom decorator has been added to protect API routes that require authentication.
This project can be further customisable to attend to your individual project needs. It can be used in conjuction with any frontend framework like Vue.js to create full-stack applications.
Clone the repo, create a virtual environment and activate it. Install the dependencies necessary and run the tests.
git clone [email protected]:j-000/ezresbackend.git
cd ezresbackend
virtualenv venv
source venv/bin/activate
pip install -r requirements.txt
pytest -v
SECRET_KEY
and SECURITY_PASSWORD_SALT
Current API routes are:
Register a user.
POST /api/user
payload={'email':'[email protected]', 'name':'Joao', 'password':'test123'}
# response
{
"message": "User created.",
"success": true,
"user": {
"email": "[email protected]",
"id": 1,
"is_admin": false,
"name": "Joao"
}
}
Get total users registered.
GET /api/user
# response
{
"usersRegistered": 1
}
Login.
POST /api/auth
headers = {'content-type':'application/json'}
payload = {'email':'[email protected]', 'password':'test123'}
# response
{
"expires": 3600,
"success": true,
"token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1Ni...AC8z71WOuvMToh2IbqdqHDAX_mcJSnlWevKONqAJp4"
}
Refresh Token.
PUT /api/auth
headers = {'Authorization':f'Bearer {token}'}
# response
{
"success": "New token.",
"token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1...hZ4ptK5KdrdgqMLK-cx11f-Qc_E-yw-8WuNggvOF13rwg"
}
Logout.
DELETE /api/auth
headers = {'Authorization':f'Bearer {token}'}
# response
{
"success": "Logged out."
}
Licence MIT