Final project of Udacity full stack web developer nanodegree program. This project objective is to build a REST API including an authentication & authorization in Flask, role-based control design patterns using Auth0, hosted and in Heroku.
API URL: https://fsnd-capstone-bvf.herokuapp.com/.
List of contents taught by the Nanodegree course within its 5 modules/projects:
- Python 3
- Relational Database Architecture
- Modeling Data Objects with SQLAlchemy
- Internet protocols and communication
- Developing a Flask API
- Authentication and Access
- Authentication with Auth0
- Authentication in Flask
- Role-Based Access Control (RBAC)
- Testing Flask Applications
- Deploying applications using AWS and Heroku
- virtualenv as a tool to create isolated Python environments
- Python 3.6
- Flask
- SQLAlchemy and Flask-SQLAlchemy
- Python-jose
- Clone this Repository
- Initialize and activate a virtualenv:
pip3 install virtualenv
python -m virtualenv env
- Install all dependencies:
pip3 install requirements.txt
- Start server by running:
On Linux:
export FLASK_APP=app.py
export FLASK_ENV=development
flask run
On Windows:
set FLASK_APP=app.py
set FLASK_ENV=development
flask run
- Deploy the App locally
- Install Heroku CLI
- Create Heroku app
heroku create name_of_your_application
- Add git remote for Heroku to local repository
git remote add heroku heroku_git_url
- Add Postgresql add on for our database
heroku addons:create heroku-postgresql:hobby-dev --app name_of_your_application
heroku config --app name_of_your_application
- Push application to Heroku
git push heroku master
- Run migrations
heroku run python manage.py db upgrade --app name_of_your_application
The Casting Agency models a company that is responsible for creating movies and managing and assigning actors to those movies. You are an Executive Producer within the company and are creating a system to simplify and streamline your process.
The authentication is made using Auth0. Three different Roles are provided:
- Casting Assistant
- Can view actors and movies
Login info:
email: [email protected]
password: Assistant123
- Casting Director
- All permissions a Casting Assistant has and…
- Add or delete an actor from the database
- Modify actors or movies
Login info:
email: [email protected]
password: Director123
- Executive Producer
- All permissions a Casting Director has and…
- Add or delete a movie from the database
Login info:
email: [email protected]
password: Producer123
To generate a new token for testing purposes (in case its already expired):
https://fsnd-learning.eu.auth0.com/authorize?
audience=castingagency&
response_type=token&
client_id=k45gdNHT8UN58n5grMnUnOnd4WBJZLEL&
redirect_uri=https://fsnd-capstone-bvf.herokuapp.com/
- Movies with attributes title and release date
- Actors with attributes name, age and gender
- Returns a simple message to confirm server is running.
Sample:
{
"message": "Healthy!",
"success": true
}
- Returns a list of all actors from the database
Sample:
{
"actors": [
{
"age": 68,
"gender": "Fem",
"id": 1,
"name": "Fernanda Montenegro"
}
],
"success": true
}
- Returns a list of all movies from the database. Requires access authorization (Casting assistant, Casting director or Executive Producer)
Sample:
{
"movies": [
{
"id": 1,
"release_date": "1994",
"title": "Pulp Fiction"
}
],
"success": true
}
- Deletes a specific actor from the database. Requires specific access (Casting director or Executive Producer)
- Returns the deleted actor information (id, name, age, gender)
Sample:
{
"deleted": {
"age": 78,
"gender": "Masc",
"id": 2,
"name": "Morgan Freeman"
},
"success": true
}
- Deletes a specific movie from the database. Requires specific access (Executive Producer only)
- Returns the deleted movie information (id, title, release date)
Sample:
{
"deleted": {
"id": 2,
"release_date": "1997",
"title": "Titanic"
},
"success": true
}
- Create a new actor. Requires specific access (Casting director or Executive Producer)
- Returns the created actor information (id, name, age, gender)
Sample:
{
"created actor": {
"age": 78,
"gender": "Masc",
"id": 2,
"name": "Morgan Freeman"
},
"success": true
}
- Creates a new movie. Requires specific access (Executive Producer only)
- Returns the created movie information (id, title, release date)
Sample:
{
"created movie": {
"id": 2,
"release_date": "1997",
"title": "Titanic"
},
"success": true
}
- Updates the values from a specific actor register. Requires specific access (Casting director or Executive Producer)
- Returns the modified actor information (id, name, age, gender)
Sample:
{
"actor": {
"age": 69,
"gender": "Fem",
"id": 1,
"name": "Fernanda Montenegro"
},
"success": true
}
- Updates the values from a specific movie register. Requires specific access (Casting director or Executive Producer)
- Returns the modified actor information (id, title, release date)
Sample:
{
"movie": {
"id": 1,
"release_date": "1995",
"title": "Pulp Fiction"
},
"success": true
}
- One test for success behavior of each endpoint
- One test for error behavior of each endpoint
- At least two tests of RBAC for each role
How to run the tests:
python test_app.py