- Use Flask
- Minimalist Framework
- Easy to Deploy
- Use SQLite for database, HTTPAuth for authentication
- Lightweight
- Easy to work with Flask
- Create a simple Flask application
- A "Hello world" is always needed for testing development environment
- Also setup a test suite
- Design APIs for posts
- Basic CRUD APIs
- create_post(), get_posts(), get_post(id), update_post(id), delete_post(id)
- Create model for posts
- title: string, body: text, id: auto-incremented integer
- Create routes for posts with model and API design
- also create tests for those APIs
- Test Post's APIs with Postman
- setup requests
- create posts, then get/getAll/update/delete
- Design and create APIs for Users
- add User model
- create routes for signup() and signin()
- also create tests for those APIs
- Test User's APIs with Postman
- Update Post's APIs with autentication
- also update tests for those APIs
- Test the updated Post's APIs in Postman
- add Username and Password as Basic Auth in requests' headers
- While Flask provides simplicity and flexibility, larger applications may require more features and structure provided by full-stack frameworks like Django.
- Similar trade-off for choosing SQLite, if need more scale database we will use PostgreSQL or MySQL
- Similar trade-off for choosing Flask-HTTPAuth
- Use
config.pyto store environments variables is not safe as deploying with CI/CD tools like Docker
- Implement OAuth for third-party authentication and token-based authentication for improved security and usability.
- Implement robust validation for input data, prevent web security problems (like SQL injection, xss, etc.), better error handling, and informative error responses for API consumers.
- Expand test coverage to include edge cases, integration tests, and performance tests to ensure application reliability.
- Setup automation deployment
- Add signout api
- Add timestamp for create/delete/update posts and signup/signin/signout users