Add POST /books/{book_id}/reservations (JWT-protected) #15
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The decorator unit tests were failing with a because they created a minimal Flask app without any configuration. This commit creates a local, file-specific fixture that configures the test app with the required . To ensure perfect isolation, the dummy route used by the tests is now defined directly within this new fixture.
Replaced the previous payload-based check with the auth_token fixture, which generates a proper JWT in the Authorization header. This ensures tests now align with the current auth flow and avoids reliance on outdated payload logic.
There was a problem hiding this comment.
Pull Request Overview
This PR adds a new JWT-protected POST endpoint for creating book reservations, implementing the /books/{book_id}/reservations route with authentication and duplicate prevention logic.
Key Changes:
- New JWT-protected reservation creation endpoint with duplicate prevention
- JWT configuration separation from general Flask SECRET_KEY
- Updated OpenAPI specification to reflect JWT protection requirements
Reviewed Changes
Copilot reviewed 10 out of 10 changed files in this pull request and generated 8 comments.
Show a summary per file
| File | Description |
|---|---|
app/routes/reservation_routes.py |
New route handler for POST /books/{book_id}/reservations with JWT protection and business logic |
app/utils/decorators.py |
Updated JWT decorator to use dedicated JWT_SECRET_KEY instead of general SECRET_KEY |
app/config.py |
Added JWT_SECRET_KEY configuration separate from Flask's SECRET_KEY |
app/__init__.py |
Registered new reservations blueprint with the Flask app |
app/routes/auth_routes.py |
Updated login route to use JWT_SECRET_KEY for token generation |
tests/test_reservations.py |
Comprehensive test suite for the new reservation endpoint |
tests/conftest.py |
Added JWT_SECRET_KEY to test configuration and improved user fixture |
tests/test_decorators.py |
Updated decorator tests to align with new JWT configuration |
tests/test_auth.py |
Updated auth tests to use JWT_SECRET_KEY |
openapi.yml |
Updated API specification to reflect JWT protection and new response schemas |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
newmaldenite
approved these changes
Aug 26, 2025
codesungrape
deleted the
Add-/books/{book_id}/reservations-POST-endpoint
branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Summary:
Adds POST /books/{book_id}/reservations to allow authenticated users to create reservations. The route is protected by require_jwt and prevents duplicate reservations by the same user.
Key Changes:
Follow-up:
Type of change
Please delete options that are not relevant.
How Has This Been Tested?
Checklist: