FastAPI Blogging Platform This is a simple blogging platform built using FastAPI and SQLAlchemy. It provides APIs for managing blog posts and comments, as well as user authentication using JWT tokens.
This FastAPI application provides a robust set of features centered around blog management, user authentication, and comments handling. Below is a summary of the core functionalities exposed through the API endpoints.
- User Registration: Allows new users to register with a username, email, and password.
- User Authentication: Supports user login, returning JWT tokens for authenticated sessions.
- Create Posts: Authenticated users can create new blog posts.
- Read Posts: Supports fetching all posts with optional filtering by username, date, and tags. Individual posts can be fetched by their ID.
- Update Posts: Owners of posts can update their content.
- Delete Posts: Owners can delete their posts.
- Add Comments: Users can comment on posts after successful authentication.
- View Comments: Fetches all comments for a specific post.
- Delete Comments: Comment creators can delete their comments.
- Utilizes JWT for securing endpoints that require user authentication.
- Employs bcrypt hashing for secure password storage.
- Enforces access controls ensuring users can only modify or delete their own posts and comments.
- Modular Design: Features are encapsulated in separate modules (
users.py,posts.py, andcomments.py) for clarity and maintainability. - ORM Integration: Leverages SQLAlchemy for database operations, enhancing code readability and database management.
- Security Practices: Adheres to security best practices, including password hashing and token-based authentication.
To interact with the API, start by registering as a new user to obtain JWT tokens required for authenticated endpoints. Explore the /docs or /redoc routes for interactive API documentation and testing capabilities provided by FastAPI
Enhance your development experience with the FastAPI blogging platform, offering a suite of features for blog management. This guide will walk you through setting up and running the platform locally.
Ensure you have the following installed:
- Python 3.6+
- pip
- MySQL Server
Clone and navigate into the project directory:
git clone https://github.com/aidamzz/fastapi-blogging-platform.git
cd fastapi-blogging-platformTo properly set up and configure your database for use with the FastAPI blogging platform, follow these steps:
First, you need to create a new MySQL database that the application will use to store its data. Log into your MySQL server and run the following command:
CREATE DATABASE blogging;With the database configured and dependencies installed, you're now ready to run the FastAPI application. This section outlines the steps to start your server and access the application.
Use Uvicorn, an ASGI server, to run your FastAPI application. Execute the following command in the terminal from the root of your project directory:
uvicorn main:app --reloadThe --reload flag is particularly useful during development as it automatically reloads the server when code changes are detected, helping you to see updates in real-time without manually restarting the server.
Once the server is running, your FastAPI application is accessible at:
You can open this URL in your web browser to interact with your application. FastAPI also provides interactive API documentation that can be accessed at:
This documentation is generated automatically and offers a user-friendly interface to test the API endpoints directly from the browser.
The project includes a Postman collection (Blogging.postman_collection.json) which contains predefined requests for testing the API endpoints. To use this collection:
- Open Postman and click on the
Importbutton. - Choose
Fileand upload theBlogging.postman_collection.jsonfile from your project directory. - After importing, you'll see the collection in your Postman sidebar, ready for use.
By following these steps, you'll have your FastAPI blogging platform running locally and be ready to start testing and further development.
This documentation outlines the Users API of our FastAPI application, focusing on user management including registration, and authentication via JWT tokens.
The Users API allows for user registration and login, providing JWT tokens for authenticated access to protected endpoints.
Allows for the registration of a new user.
- Endpoint:
POST /users/ - Authorization: Not required
- Request Body:
{ "username": "newuser", "email": "newuser@example.com", "password": "password123" } - Response: The newly created User object, excluding the password.
{ "id": "Generated User ID", "username": "newuser", "email": "newuser@example.com" } - Status Codes:
200 OKon success400 Bad Requestif the username is already registered
Authenticates a user and returns a JWT token for accessing protected endpoints.
- Endpoint:
POST /token - Authorization: Not required
- Request Body:
- Use
application/x-www-form-urlencodedcontent type - Fields:
usernameandpassword
username=newuser&password=password123 - Use
- Response: A JWT access token.
{ "access_token": "jwt_token_here", "token_type": "bearer" } - Status Codes:
200 OKon successful authentication400 Bad Requestfor incorrect username or password
Common error responses include:
400 Bad Request: Indicates issues with the request, such as already existing username during registration or incorrect login credentials.422 Unprocessable Entity: Returned when request validation fails, often due to improperly formatted request bodies.
Protected endpoints require an Authorization header with a Bearer token obtained from the login endpoint:
Authorization: Bearer <your_jwt_token_here>
This section explains the authentication system implemented in the FastAPI application, focusing on user authentication, password hashing, and JWT token management as defined in auth.py.
The application uses JWT (JSON Web Tokens) for authenticating users and securing access to certain API endpoints. Passwords are securely hashed using the bcrypt algorithm, ensuring that plain-text passwords are never stored or transmitted.
- Mechanism: Utilizes
passliband itsbcryptcontext for hashing and verifying passwords. - Usage: Upon user registration, passwords are hashed before being stored in the database. For login, the submitted password is verified against the stored hash.
- Library Used:
python-josefor handling JWT operations. - Key Features:
- Token Creation: Upon successful login, a JWT token is generated, containing the
subclaim with the username and an expiry time defined byACCESS_TOKEN_EXPIRE_MINUTES. - Token Verification: Each request to a protected endpoint must include this token in the Authorization header. The token is validated for integrity and expiry.
- Token Creation: Upon successful login, a JWT token is generated, containing the
- Secret Key and Algorithm:
SECRET_KEY: Used to sign JWT tokens. It's crucial to keep this key secret and secure.ALGORITHM: Specifies the algorithm used for JWT encoding and decoding, set toHS256by default.ACCESS_TOKEN_EXPIRE_MINUTES: Defines the lifespan of each access token.
Ensure the following dependencies are installed in your environment for the authentication system to function correctly:
passlibpython-josefastapisqlalchemyfor database interactions
hashed_password = get_password_hash("your_password")
access_token = create_access_token(data={"sub": "username"})
is_valid = verify_password("plain_password", "hashed_password")
This document outlines the Posts API of our FastAPI application, enabling users to manage blog posts including creating new posts, reading existing ones, updating, and deleting them. Operations on posts require user authentication.
Interaction with the Posts API requires a valid JWT token for authentication. Make sure to include this token in the Authorization header as a Bearer token for endpoints that require authentication.
Creates a new blog post.
- Endpoint:
POST / - Authorization: Required
- Request Body:
{ "title": "Post Title", "content": "Post content", "author_id": "Author's User ID", "tags": "Optional tags separated by commas" } - Response: The created Post object.
{ "id": "Generated Post ID", "title": "Post Title", "content": "Post content", "created_at": "Creation timestamp", "author_id": "Author's User ID", "tags": "Optional tags" }
Retrieves a list of posts, with optional filters.
- Endpoint:
GET / - Authorization: Not required
- Optional Query Parameters:
username,date,tags - Response: An array of Post objects.
[ { "id": "Post ID", "title": "Post Title", "content": "Post content", "created_at": "Creation timestamp", "author_id": "Author's User ID", "tags": "Optional tags" }, ]
Retrieves a specific post by ID.
- Endpoint:
GET /{post_id} - Authorization: Not required
- Response: A single Post object.
{ "id": "Post ID", "title": "Post Title", "content": "Post content", "created_at": "Creation timestamp", "author_id": "Author's User ID", "tags": "Optional tags" }
Updates an existing post.
- Endpoint:
PUT /{post_id} - Authorization: Required (users can only update their own posts)
- Request Body:
{ "title": "Optional new title", "content": "Optional new content", "tags": "Optional new tags" } - Response: The updated Post object.
Deletes a specific post by ID.
- Endpoint:
DELETE /{post_id} - Authorization: Required (users can only delete their own posts)
- Response: A confirmation message.
{ "message": "Post successfully deleted" }
You might encounter the following errors:
404 Not Found: The specified post does not exist.401 Unauthorized: The request lacks valid authentication credentials.422 Unprocessable Entity: Validation of the request body failed.
To access endpoints that require authentication, include an Authorization header with your Bearer token:
Authorization: Bearer YOUR_JWT_TOKEN_HERE
- Date filtering format should comply with ISO 8601 standards.
- Ensure your requests adhere to the specified formats for successful API interaction.
This document provides an overview and documentation for the Comments API endpoints of our FastAPI application. The Comments API allows for the creation, retrieval, and deletion of comments on blog posts by authenticated users.
To interact with the Comments API, users must be authenticated and authorized. Authentication is handled through JWT tokens provided upon login. Ensure you have obtained a valid token and include it in the Authorization header as a Bearer token for endpoints that require authentication.
Creates a new comment on a specified post.
- Endpoint:
POST /posts/{post_id}/comments/ - Authorization: Required
- Request Body:
{ "text": "Your comment here", "author_id": "Your author ID here" } - Response: A JSON representation of the created comment.
{ "id": "Generated comment ID", "text": "Your comment here", "author_id": "Your author ID here", "post_id": "The post ID this comment is associated with", "created_at": "Timestamp" }
Retrieves all comments associated with a specific post.
- Endpoint:
GET /posts/{post_id}/comments/ - Authorization: Not required
- Response: An array of comments for the specified post.
[ { "id": "Comment ID", "text": "Comment text", "author_id": "Author ID", "post_id": "Associated post ID", "created_at": "Timestamp" }, ... ]
Deletes a specific comment by ID. Users can only delete their own comments.
- Endpoint:
DELETE /comments/{comment_id} - Authorization: Required
- Response: A confirmation message indicating successful deletion.
{ "message": "Comment successfully deleted" }
Common error responses include:
404 Not Found: Returned when a specified post or comment does not exist.401 Unauthorized: Returned when the request lacks a valid authentication token or does not have permission to perform the requested operation.422 Unprocessable Entity: Returned when request validation fails.
Endpoints requiring authorization expect an Authorization header with a Bearer token obtained after successful login.
Bearer YOUR_JWT_TOKEN_HERE