Skip to content

Masterschool-SWE/Events-API

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
routes
routes
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
app.py
app.py
 
 
config.py
config.py
 
 
models.py
models.py
 
 
openapi.yaml
openapi.yaml
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Evently API

A Flask-based REST API for managing events and RSVPs with different access levels. This API is designed to teach web security best practices through incremental improvements.

Features

  • Public Events: Anyone can RSVP without authentication
  • Protected Events: Requires user authentication to RSVP
  • Admin Events: Requires admin role to RSVP

Tech Stack

  • Flask 3.0.0
  • Flask-SQLAlchemy (SQLite database)
  • Flask-CORS
  • Flask-JWT-Extended (JWT authentication)

Setup

  1. Create and activate a virtual environment:

    Windows:

    python -m venv venv
venv\Scripts\activate

    Linux/Mac:

    python -m venv venv
source venv/bin/activate

  2. Install dependencies:

pip install -r requirements.txt
  1. Run the application:
python app.py

The API will be available at http://localhost:5000

Swagger UI Documentation

The API includes interactive Swagger UI documentation. After starting the server:

  1. Open your browser and navigate to: http://localhost:5000/apidocs

  2. You'll see an interactive API documentation interface where you can:

    • Browse all available endpoints
    • See request/response schemas
    • Test endpoints directly from the browser
    • Authenticate using the "Authorize" button (enter your JWT token)

  3. To use the "Authorize" button:

    • First, login via /api/auth/login to get your JWT token
    • Click the "Authorize" button at the top of the Swagger UI
    • Enter: Bearer <your_jwt_token> (replace <your_jwt_token> with your actual token)
    • Now you can test protected endpoints directly from Swagger UI

Alternative: You can also view the OpenAPI specification directly at http://localhost:5000/apispec_1.json

API Endpoints

Authentication

  • POST /api/auth/register - Register a new user

    {
  "username": "user123",
  "password": "password123"
}

  • POST /api/auth/login - Login and get JWT token

    {
  "username": "user123",
  "password": "password123"
}

Events

  • GET /api/events - Get all events
  • GET /api/events/<id> - Get a specific event
  • POST /api/events - Create a new event (requires authentication) 
    {
  "title": "Python Meetup",
  "description": "Monthly Python developer meetup",
  "date": "2026-01-15T18:00:00",
  "location": "Tech Hub, Room 101",
  "capacity": 50,
  "is_public": true,
  "requires_admin": false
}

RSVPs

  • POST /api/rsvps/event/<event_id> - RSVP to an event

    {
  "attending": true
}

  • GET /api/rsvps/event/<event_id> - Get all RSVPs for an event

Authentication

For protected endpoints, include the JWT token in the Authorization header:

Authorization: Bearer <your_jwt_token>

Security Notes

This is a basic implementation designed for educational purposes. The following security considerations are intentionally simplified and can be improved in subsequent lessons:

  • Password storage (currently using werkzeug, but can be improved)
  • JWT token handling
  • Input validation
  • SQL injection prevention (SQLAlchemy helps, but can be improved)
  • Rate limiting
  • CORS configuration
  • Error handling and information disclosure

Database

The application uses SQLite by default. The database file (events.db) will be created automatically on first run.

Note: The first user registered automatically becomes an admin for demo purposes.

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

17 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages