# Authy2 Backend - Authentication & Authorization API Production-ready Flask/SQLAlchemy API for authentication and authorization services. ## Features - ๐Ÿ” **Multi-method Authentication**: Password, OAuth (Google, GitHub, Microsoft), SAML, OIDC - ๐Ÿ‘ฅ **Multi-tenancy**: Organization-based access control with roles - ๐Ÿ”‘ **Session Management**: Secure session handling with Redis - ๐Ÿ“ **Audit Logging**: Comprehensive activity tracking - ๐Ÿ›ก๏ธ **Security**: Bcrypt password hashing, CORS, security headers, rate limiting - ๐Ÿ“Š **API Response Envelope**: Consistent response format across all endpoints - โœ… **Validation**: Marshmallow schemas for request/response validation - ๐Ÿงช **Testing**: Comprehensive unit and integration tests - ๐Ÿ“š **Documentation**: OpenAPI/Swagger compatible ## Tech Stack - **Framework**: Flask 3.0 - **Database**: PostgreSQL with SQLAlchemy ORM - **Caching/Sessions**: Redis - **Validation**: Marshmallow - **Testing**: Pytest - **Security**: Flask-Bcrypt, Flask-CORS - **Migration**: Flask-Migrate (Alembic) ## Quick Start ### Prerequisites - Python 3.11+ - PostgreSQL 14+ - Redis 6+ ### Installation 1. **Clone the repository**: ```bash git clone cd authy2/backend ``` 2. **Create virtual environment**: ```bash python -m venv venv source venv/bin/activate # On Windows: venv\Scripts\activate ``` 3. **Install dependencies**: ```bash pip install -r requirements/development.txt ``` 4. **Set up environment variables**: ```bash cp .env.example .env # Edit .env with your configuration ``` 5. **Initialize database**: ```bash python scripts/init_db.py ``` 6. **Seed sample data** (optional): ```bash python scripts/seed_data.py ``` 7. **Run the application**: ```bash flask run # Or using the WSGI file python wsgi.py ``` The API will be available at `http://localhost:5000` ## Project Structure ``` backend/ โ”œโ”€โ”€ app/ โ”‚ โ”œโ”€โ”€ __init__.py # Application factory โ”‚ โ”œโ”€โ”€ api/ # API endpoints โ”‚ โ”‚ โ”œโ”€โ”€ __init__.py โ”‚ โ”‚ โ””โ”€โ”€ v1/ โ”‚ โ”‚ โ”œโ”€โ”€ auth.py # Authentication endpoints โ”‚ โ”‚ โ”œโ”€โ”€ users.py # User endpoints โ”‚ โ”‚ โ””โ”€โ”€ organizations.py โ”‚ โ”œโ”€โ”€ exceptions/ # Custom exceptions โ”‚ โ”œโ”€โ”€ middleware/ # Middleware components โ”‚ โ”œโ”€โ”€ models/ # Database models โ”‚ โ”œโ”€โ”€ schemas/ # Marshmallow schemas โ”‚ โ”œโ”€โ”€ services/ # Business logic layer โ”‚ โ””โ”€โ”€ utils/ # Utilities โ”œโ”€โ”€ config/ # Configuration files โ”œโ”€โ”€ docs/ # Documentation โ”œโ”€โ”€ migrations/ # Database migrations โ”œโ”€โ”€ scripts/ # Utility scripts โ”œโ”€โ”€ tests/ # Test suite โ”‚ โ”œโ”€โ”€ integration/ โ”‚ โ””โ”€โ”€ unit/ โ”œโ”€โ”€ requirements/ # Dependencies โ”œโ”€โ”€ .env.example # Environment variables template โ”œโ”€โ”€ pytest.ini # Pytest configuration โ”œโ”€โ”€ pyproject.toml # Project metadata โ””โ”€โ”€ wsgi.py # WSGI entry point ``` ## API Endpoints ### Authentication - `POST /api/v1/auth/register` - Register new user - `POST /api/v1/auth/login` - Login - `POST /api/v1/auth/logout` - Logout - `GET /api/v1/auth/me` - Get current user - `GET /api/v1/auth/sessions` - Get user sessions - `DELETE /api/v1/auth/sessions/:id` - Revoke session ### Users - `GET /api/v1/users/me` - Get current user profile - `PATCH /api/v1/users/me` - Update profile - `DELETE /api/v1/users/me` - Delete account - `POST /api/v1/users/me/password` - Change password - `GET /api/v1/users/me/organizations` - Get user organizations ### Organizations - `POST /api/v1/organizations` - Create organization - `GET /api/v1/organizations/:id` - Get organization - `PATCH /api/v1/organizations/:id` - Update organization - `DELETE /api/v1/organizations/:id` - Delete organization - `GET /api/v1/organizations/:id/members` - Get members - `POST /api/v1/organizations/:id/members` - Add member - `DELETE /api/v1/organizations/:id/members/:userId` - Remove member - `PATCH /api/v1/organizations/:id/members/:userId/role` - Update role ### Health - `GET /api/health` - Health check ## API Response Format All API responses follow the standardized envelope format: ```json { "version": "1.0", "success": true, "code": 200, "message": "Success message", "request_id": "uuid-v4", "data": {}, "meta": {} } ``` Error responses: ```json { "version": "1.0", "success": false, "code": 400, "message": "Error message", "request_id": "uuid-v4", "error": { "type": "VALIDATION_ERROR", "details": {} } } ``` ## Testing Run all tests: ```bash pytest ``` Run with coverage: ```bash pytest --cov=app --cov-report=html ``` Run specific test types: ```bash pytest -m unit # Unit tests only pytest -m integration # Integration tests only ``` ## Database Migrations Create a new migration: ```bash flask db migrate -m "Description of changes" ``` Apply migrations: ```bash flask db upgrade ``` Rollback: ```bash flask db downgrade ``` ## Development ### Code Quality Run linter: ```bash flake8 app/ tests/ ``` Format code: ```bash black app/ tests/ isort app/ tests/ ``` ### Environment Configuration - **Development**: `FLASK_ENV=development` - **Testing**: `FLASK_ENV=testing` - **Production**: `FLASK_ENV=production` ## Production Deployment ### Using Gunicorn ```bash pip install -r requirements/production.txt gunicorn -w 4 -b 0.0.0.0:8000 wsgi:app ``` ### Docker (example) ```dockerfile FROM python:3.11-slim WORKDIR /app COPY requirements/production.txt . RUN pip install -r production.txt COPY . . CMD ["gunicorn", "-w", "4", "-b", "0.0.0.0:8000", "wsgi:app"] ``` ### Environment Variables Required production environment variables: - `SECRET_KEY` - Flask secret key (must be random) - `DATABASE_URL` - PostgreSQL connection string - `REDIS_URL` - Redis connection string - `FLASK_ENV=production` ## Security Considerations - All passwords hashed with Bcrypt (12+ rounds in production) - CORS configured for allowed origins - Security headers enabled (CSP, HSTS, etc.) - Rate limiting on sensitive endpoints - SQL injection protection via SQLAlchemy ORM - Session management with secure cookies - Request ID tracking for audit trails ## License MIT ## Contributing 1. Fork the repository 2. Create a feature branch 3. Make your changes 4. Add tests 5. Run test suite 6. Submit a pull request ## Support For issues and questions: - GitHub Issues: [repository-url]/issues - Documentation: See `docs/` directory # Boostrap db python manage.py db upgrade python manage.py db migrate ## running seed python -m scripts.seed_data