- User Registration - create new users, hash passwords before saving.
- User login - check credentials, issude JWT token.
- JWT Verification - middleware/utility to decode and verify tokens.
- Protected Routes - require a valid JWT for creating, updating or deleting blog posts.
- Create Post - authenticated users can create blog posts.
- List Posts - anyone can view all blog posts (public route).
- Retrieve Post - anyone can view a single blog post by ID.
- Update Post - only the post's author can update their post.
- Delete Post - only the post's author can delete their post.
- Each
Post
must have anauthor
(ForiegnKey toUser
). - When querying posts, include the author's username in the reposnse.
- TImestamps - auto-add
created_at
andupdated_at
to posts. - Pagination - limit number of posts returned per page.
- Search/Filter - allow filtering posts by title/author.
- Comments - users can comment on posts (optional stretch feature).
[ User registers ] → [ User logs in → gets JWT ]
↓
[ User creates post (JWT required) ]
↓
[ Other users can read posts (no JWT required) ]
↓
[ Only author can edit/delete their posts ]
- Secure (JWT-based auth).
- Functional (CRUD posts).
- Owner-aware (only authors edit/delete).
- One app:
blog
- Models:
User
(if custom),Post
, maybeComment
. - Views: registration, login, post CRUD.
- Serializers: user + post serializers.
- Models:
accounts
➡ registration, login, JWTblog
➡ posts, comments
blog_api/
│
├── blog_api/ # project settings
│ ├── __init__.py
│ ├── settings.py
│ ├── urls.py
│ └── wsgi.py
│
├── accounts/ # user auth app
│ ├── models.py
│ ├── serializers.py
│ ├── views.py
│ ├── urls.py
│ └── ...
│
├── blog/ # posts + comments app
│ ├── models.py
│ ├── serializers.py
│ ├── views.py
│ ├── urls.py
│ └── ...
│
└── manage.py