Flask Customers API
Stack and Libraries
- Docker
- Nginx
- Gunicorn
- Flask
- Flask-restx
- Flask-marshmallow
- Flask-SQLAlchemy
- Flask-JWT-Extended
- PostgreSQL
Requirements:
- Create a simple customer data model,
- Implement an API that will perform CRUD operations on the customer data model, and
- Prepare documentation to guide a user on how to get the above running, and how to use it
- List Action - Youngest N Customers
- JWT Authentication
Optional Requirements
- Design against Replay Attack
- Dockerize
Specifications
Model
CUSTOMER : Customers ( id, name, dob, updated_at )
API
Create RESTful API endpoints returning JSON so that a user can perform CRUD (create, read, update, delete) actions to the customers table. In addition, also implement a list action. List should take in a number n as a GET parameter that returns n youngest customers ordered by date of birth.
Authentication
The API endpoints should not be publicly accessible, use JWT to implement authentication.
Additional Bonus requirements
Authentication
Replay attacks are possible with JWT since the auth data is stored client-side. Implement a simple method to block the recycling (replays) of old sessions. This process need not be comprehensive, just share an explanation of the potential pitfalls of what you’ve designed.
Solution :
To prevent replay attacks, we have taken the following steps
- Short expiration time for each access token, currently set to 10 minutes
- Use of Refresh Token to refresh the access token, this reduces the chances of continuation fo the replay attack
- Blacklist Token once Logout is performed
Deployment or packaging
Prepare a docker image or docker-compose file that provides a means of easy deployment. The build process should include the necessary initialization of Postgres and any misc. configuration.
Docker Demo Process
Clone the repo
git clone https://github.com/aswincsekar/flask-customers.git
Change working dir
cd flask-customers
Building Images
docker-compose -f docker-compose.yml build
Starting Docker Services
docker-compose -f docker-compose.yml up -d
Testing API
- Open Browser
- Go to localhost
- Test APIs on the swagger interface
Workflow
Login
User should get the JWT token at
http://localhost/api/v1/authentication/login
METHOD : POST
Access Credentials
username : test
password : test
RESPONSE :
{
access_token : {token},
refresh_token : {token}
}
Refresh Token
User should get the JWT token at
http://localhost/api/v1/authentication/refresh
METHOD : POST
AUTHORIZATION : Bearer Token
RESPONSE :
{
access_token : {token},
refresh_token : {token}
}
Get Customers
http://localhost/api/v1/customers/customers
METHOD : GET
AUTHORIZATION : Bearer Token
Create Customers
http://localhost/api/v1/customers/customers
METHOD : POST
AUTHORIZATION : Bearer Token
BODY :
{
"updated_at": "2020-07-08T12:55:49.930Z",
"name": "string",
"dob": "2020-07-08"
}
Get N Youngest
http://localhost/api/v1/customers/nyoungest?n=1
METHOD : GET
PARAMS : n -> int
AUTHORIZATION : Bearer Token
Update Customer
http://localhost/api/v1/customers/customers/{customer_id}
METHOD : PUT
AUTHORIZATION : Bearer Token
BODY :
{
"updated_at": "2020-07-08T12:55:49.930Z",
"name": "string",
"dob": "2020-07-08"
}
Delete Customer
http://localhost/api/v1/customers/customers/{customer_id}
METHOD : DELETE
AUTHORIZATION : Bearer Token
Postman Collection
Use the following postman collection to test the API. All the requests are given the pre-request scripts to fetch the access token
Postman Collection Link : https://documenter.getpostman.com/view/892323/T17Kbkus