Professional Flask API with modular architecture | Capstone project for Bottega Code School
Modern Flask application with clean architecture and separation of concerns:
- π REST API for React frontend (
/api/*) - π¨βπΌ Admin Panel for user management (
/manager) - π JWT Authentication with role-based access control
- βοΈ Cloudinary Integration for optimized image management
- π¦ Modular Structure with blueprints and services
- Python 3.9 - Core language
- Flask - Web framework with Factory Pattern
- Flask-JWT-Extended - JWT authentication
- Flask-WTF - Forms and validation
- Flask-CORS - Cross-origin requests
- MongoDB Atlas - Cloud database
- PyMongo - MongoDB driver
- Cloudinary - Image storage and optimization
- Pipenv - Dependency management
- Render - Cloud deployment
- GitHub - Version control
- Postman - API testing
cd marina-back-end
pipenv installCreate .env file with:
SECRET_KEY=your-secret-key
ATLAS_URI=your-mongodb-connection
JWT_SECRET=your-jwt-secret
CLOUDINARY_CLOUD_NAME=your-cloud-name
CLOUDINARY_API_KEY=your-api-key
CLOUDINARY_API_SECRET=your-api-secret
ADMIN_CREATION_KEY=your-bootstrap-keyRecommended (New Architecture):
pipenv run python run.pyAlternative (Legacy Compatible):
pipenv run python app.pyOr with Flask CLI:
export FLASK_APP="app:create_app('development')"
pipenv run flask runmarina-back-end/
βββ app/ # π Main application
β βββ __init__.py # Factory pattern
β βββ config.py # Configuration management
β β
β βββ api/ # π REST API (React frontend)
β β βββ auth.py # JWT authentication
β β βββ portfolio.py # Portfolio CRUD
β β βββ store.py # Store management
β β
β βββ admin/ # π¨βπΌ Admin interface (Flask templates)
β β βββ routes.py # User management
β β βββ forms.py # WTForms
β β
β βββ models/ # π Data models
β β βββ user.py # User model + CRUD
β β
β βββ services/ # π§ Business logic
β β βββ auth_service.py # Authentication logic
β β βββ cloudinary_service.py # Image management
β β
β βββ utils/ # π οΈ Utilities
β β βββ decorators.py # Auth decorators
β β βββ validators.py # Input validation
β β
β βββ templates/ # π Flask templates
β
βββ run.py # π― Application entry point
βββ app.py # π Legacy compatibility
βββ ARCHITECTURE.md # π Detailed architecture docs
POST /api/token- Login & get JWT tokenPOST /api/create-admin- Create admin user (protected)
GET /api/portfolio- List all portfolios (public)GET /api/portfolio/<id>- Get single portfolio (public)POST /api/portfolio- Create portfolio (admin only)DELETE /api/portfolio/<id>- Delete portfolio (admin only)
GET /api/store- List all products (public)GET /api/store/<id>- Get single product (public)POST /api/store- Create product (admin only)DELETE /api/store/<id>- Delete product (admin only)
GET /- Login pageGET /manager- User management dashboard (super admin)POST /manager- Create new users (super admin)GET /update/<id>- Edit user form (super admin)
-
super_admin(You):- β Full Flask admin panel access
- β Create/manage React app users
- β Create other super admins
- β Access all API endpoints
-
admin(React App Users):- β Manage portfolio content via API
- β Manage store products via API
- β No Flask admin panel access
- β Cannot create users
-
user(Public):- β Read-only access to public content
- Production API: Render Flask App
- Health Check:
GET /api/portfolio
# Test API endpoints
curl http://localhost:8080/api/portfolio
# Test authentication
curl -X POST http://localhost:8080/api/token \
-H "Content-Type: application/json" \
-d '{"email":"[email protected]","password":"password123"}'- β Scalable: Modular design supports growth
- β Maintainable: Clear separation of concerns
- β Testable: Independent components
- β Professional: Industry-standard patterns
- β Secure: Role-based authentication
- β Flexible: Multiple deployment configurations
- .env:
- SECRET_KEY=...
- ATLAS_URI=...
- JWT_SECRET=...
- ADMIN_CREATION_KEY=<tu_clave_segura>
-
Arrancar: pipenv run python run.py
-
Crear super_admin: curl -s -X POST http://127.0.0.1:8080/api/create-admin
-H 'Content-Type: application/json'
-H 'X-Admin-Creation-Key: TU_CLAVE'
-d '{"email":"[email protected]","password":"Marina123","username":"SuperAdmin"}' -
PolΓtica de contraseΓ±as:
- MΓnimo 8 caracteres
- Debe contener al menos 1 letra y 1 nΓΊmero
- A partir del segundo admin (cuando ya existe un
super_admin):
- Debes autenticarte como
super_adminy usar su JWT en el headerAuthorization - ObtΓ©n token:
curl -s -X POST http://127.0.0.1:8080/api/token \
-H 'Content-Type: application/json' \
-d '{"email":"[email protected]","password":"Marina123"}'- Usa el
access_tokenresultante para crear otro admin:
TOKEN=PEGA_AQUI_EL_ACCESS_TOKEN
curl -s -X POST http://127.0.0.1:8080/api/create-admin \
-H 'Content-Type: application/json' \
-H "Authorization: Bearer $TOKEN" \
-d '{"email":"[email protected]","password":"Marina123","username":"Editor"}'Para probar webhooks de Stripe en local necesitas el Stripe CLI. El flujo es:
Inicias sesiΓ³n con tu cuenta:
stripe loginTe suscribes a los eventos que quieres escuchar y los reenvΓas a tu backend local (ejemplo Flask en localhost:5000/webhook):
stripe listen --forward-to localhost:5000/webhookBuilt with β€οΈ using modern Flask best practices