API
This service is the BackEnd. It is the brain of the application, responsible for managing user access and actions.
We choose to use JWT (Json Web Token) for the authentification. When the user successfully logs in using their credentials, a JWT will be returned. The returned token is signed using a private secret.
We have chosen to use bcrypt to store passwords. It is a password hashing function based on blowfish cipher. It incorporate a salt to protect against rainbow table attacks. It is resistant to brute-force search attacks even with increasing computation power.
Techonologies
We use Flask web framework, it is a micro framework written in Python. It is classified as a micro framework because it does not require specific tools or libraries. It has no database abstraction layer, form validation, or any other components where pre-existing third-party libraries provide common functions.
However, Flask supports extensions that can add application features as if they were implemented in Flask itself.
Used Flask Extensions
Note
Here you can find a description of each flask extension we use.
Flask Restx
The official documentation can be found at flask-restx.
Flask-Restx is an extension for Flask that adds support for quickly building REST APIs.
It encourages best practices with minimal setup. Flask-Restx expose a swagger documentation properly.
Flask SQLAlchemy
The official documentation can be found at flask-sqlachemy.
Flask-SQLAlchemy is an extension that adds support for SQLAlchemy to our application. It aims to simplify using SQLAlchemy with Flask.
SQLALchemy is an object relational mapper (ORM), See flask-sqlalchemy documentation to see how to work with the ORM in depth.
Flask Marshmallow
The official documentation can be found at flask-marshmallow.
Flask-Marshmallow is a thin integration layer for Flask and marshmallow (an object serialization/deserialization library).
It also integrates with Flask-SQLAlchemy.
Here a link to the official Marshmallow documentation.
Flask Bcrypt
The official documentation can be found at flask-brcypt.
Flask-Bcrypt is a Flask extension that provides bcrypt hashing utilities for your application.
You will find more information about Bcrypt here
Flask Cors
The official documentation can be found at flask-cors.
Flask cors is a Flask extension for handling Cross Origin Resource Sharing (CORS), making cross-origin AJAX possible.
You will find more information about CORS in Mozilla developer doc.
Flask JWT extended
The official documentation can be found at flask-jwt-extende.
Flask JWT extended is an open source Flask extension that provides JWT support.
You will find more information about JWT in official JWT website.
Api Architecture Schema
Info
We use external services to send mail and to link user accounts, more information here.
Event sourcing
With the objective of improving our recommendation engine, we had the idea to launch only what is needed. And to know what is necessary, it is necessary to have a history of the different actions that have been performed between two launches of a recommendation algorithm. That's why we have implemented the "event sourcing" pattern in our api.
We store media additions, modifications and deletions. And we store the additions and modifications of interactions between content and users.
We have several types of events, but they all have the same basis :
| Name | Type | Description |
|---|---|---|
| id | Integer | Unique identifier |
| occured_at | DateTime | date of the event |
| occured_by | Integer | id or null |
| object_id | Integer | event is related to this object |
A DeletionEvent has the same base, and moreover :
| Name | Type | Description |
|---|---|---|
| ... | ... | ... |
| model_name | String | name of the model where the event occured |
A ChangedEvent has the same base, and moreover :
| Name | Type | Description |
|---|---|---|
| ... | ... | ... |
| model_name | String | name of the model where the event occured |
| attribute_name | String | name of the attribute of the model |
| new_value | String | name value for this attribute |
A ApplicationAddedEvent has the same base, and moreover :
| Name | Type | Description |
|---|---|---|
| ... | ... | ... |
| name | String | app name |
| size | String | |
| installs | String | |
| type | String | |
| price | String | |
| content_rating | String | |
| last_updated | String | |
| current_version | String | |
| android_version | String | |
| cover | String |
Important
All ApplicationAddedEvent, BookAddedEvent, EpisodeAddedEvent, GameAddedEvent, MovieAddedEvent, SerieAddedEvent, TrackAddedEvent, MetaAddedEvent have the same base, plus there own atributes that you can find in Database page.