feat: Add curriculum/lesson APIs and harden authentication#15
Open
atharva-nagane wants to merge 1 commit into
Open
feat: Add curriculum/lesson APIs and harden authentication#15atharva-nagane wants to merge 1 commit into
atharva-nagane wants to merge 1 commit into
Conversation
Author
|
Hi team, What this PR does:
Background: Looking forward to your review. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Changes
Curriculum/Lesson CRUD APIs: Add user-scoped REST endpoints for creating, reading, updating, and deleting curriculums and lessons. Uses new Pydantic schemas (
CurriculumCreate,CurriculumUpdate,LessonCreate,LessonUpdate,CurriculumResponse,LessonResponse) for validation.GET /curriculums— List user's curriculumsPOST /curriculums— Create curriculumPUT /curriculums/{id}— Update curriculumDELETE /curriculums/{id}— Delete curriculumGET /curriculums/{curriculum_id}/lessons— List lessons in curriculumPOST /curriculums/{curriculum_id}/lessons— Create lessonPUT /curriculums/{curriculum_id}/lessons/{lesson_id}— Update lessonDELETE /curriculums/{curriculum_id}/lessons/{lesson_id}— Delete lessonAuthentication Hardening:
/tokennow rejects non-activated users (401)ACCESS_TOKEN_EXPIRE_MINUTESenv var)POST /users/verify-emailflipsactivatedflag/users/me/passwordnow requires current password and correctly hashes the new oneFiles Changed
back-end/models/models.py: UpdatedUpdateUserPasswordRequest(addcurrent_password, renamepasswordtonew_password); added Curriculum/Lesson schemasback-end/utils/utils_jwt.py: Addedexpclaim, madeACCESS_TOKEN_EXPIRE_MINUTESconfigurableback-end/main.py:/token: Added activation check/users/me/password: Added old-password verification, fixed hashing/users/verify-email: New endpoint for activation/curriculums*: 4 new endpoints for curriculum CRUD/curriculums/{curriculum_id}/lessons*: 4 new endpoints for lesson CRUD_get_owned_curriculum,_get_owned_lessonfor ownership checksSecurity & Ownership
/users/{user_id}/role,/users/{user_id}/beta_tester,/users/{user_id}/activated) remain unchanged and admin-onlyTesting
cd back-end pip install -r requirements.txt pytest tests/test_main.py -v