# File Location: docs/notebooks/06_web_development.ipynb

# Web Development with Python - Interactive Learning Notebook

Welcome to Web Development with Python! This notebook covers building web applications using modern Python frameworks and tools.

## Learning Objectives

After completing this notebook, you will be able to:

- Build web applications with Flask and FastAPI
- Handle HTTP requests, responses, and routing
- Work with templates and static files
- Implement authentication and session management
- Create RESTful APIs with proper documentation
- Handle forms, file uploads, and validation
- Deploy web applications to production
- Implement security best practices

## Table of Contents

1. [Introduction to Web Development](#introduction)
2. [Flask Fundamentals](#flask-fundamentals)
3. [FastAPI Modern Framework](#fastapi-framework)
4. [Templates and Frontend](#templates-frontend)
5. [Database Integration](#database-integration)
6. [Authentication and Security](#authentication-security)
7. [RESTful APIs](#restful-apis)
8. [Testing Web Applications](#testing-web-apps)
9. [Deployment](#deployment)
10. [Practice Projects](#practice-projects)

---

## 1. Introduction to Web Development

### Web Development Concepts

```python
"""
Web Development Fundamentals:

1. HTTP Protocol:
   - Request/Response cycle
   - Methods: GET, POST, PUT, DELETE, PATCH
   - Status codes: 200, 404, 500, etc.
   - Headers and body

2. Web Frameworks:
   - Flask: Lightweight, flexible
   - FastAPI: Modern, async, auto-documentation
   - Django: Full-featured, batteries included

3. Architecture Patterns:
   - MVC (Model-View-Controller)
   - REST (Representational State Transfer)
   - Microservices

4. Frontend Integration:
   - Templates (Jinja2)
   - Static files (CSS, JS, images)
   - AJAX and APIs
   - Single Page Applications (SPA)
"""

# HTTP Request/Response simulation
class HTTPRequest:
    def __init__(self, method, path, headers=None, body=None):
        self.method = method
        self.path = path
        self.headers = headers or {}
        self.body = body
    
    def __repr__(self):
        return f"HTTPRequest({self.method} {self.path})"

class HTTPResponse:
    def __init__(self, status_code, headers=None, body=None):
        self.status_code = status_code
        self.headers = headers or {}
        self.body = body
    
    def __repr__(self):
        return f"HTTPResponse({self.status_code})"

def simulate_web_server():
    """Simulate basic web server behavior"""
    
    routes = {
        "GET /": "Welcome to our website!",
        "GET /about": "About our company",
        "GET /products": "Our products list",
        "POST /contact": "Thank you for contacting us!"
    }
    
    requests = [
        HTTPRequest("GET", "/"),
        HTTPRequest("GET", "/about"),
        HTTPRequest("GET", "/nonexistent"),
        HTTPRequest("POST", "/contact", body="name=John&email=john@example.com")
    ]
    
    print("Simulating web server requests:")
    for request in requests:
        route_key = f"{request.method} {request.path}"
        
        if route_key in routes:
            response = HTTPResponse(200, {"Content-Type": "text/html"}, routes[route_key])
            print(f"{request} → {response} | {response.body}")
        else:
            response = HTTPResponse(404, {"Content-Type": "text/html"}, "Page not found")
            print(f"{request} → {response} | {response.body}")

simulate_web_server()
```

---

## 2. Flask Fundamentals

### Basic Flask Application

```python
# Note: These are examples that would work in a real Flask environment
# In Jupyter, we'll simulate the concepts

"""
# app.py - Basic Flask Application
from flask import Flask, request, render_template, jsonify, redirect, url_for

app = Flask(__name__)
app.secret_key = 'your-secret-key-here'

@app.route('/')
def home():
    return '<h1>Welcome to Flask!</h1>'

@app.route('/hello/<name>')
def hello(name):
    return f'<h1>Hello, {name}!</h1>'

@app.route('/user/<int:user_id>')
def user_profile(user_id):
    return f'<h1>User Profile: {user_id}</h1>'

if __name__ == '__main__':
    app.run(debug=True)
"""

# Simulating Flask routing concepts
class FlaskSimulator:
    def __init__(self):
        self.routes = {}
    
    def route(self, path, methods=['GET']):
        def decorator(func):
            for method in methods:
                route_key = f"{method} {path}"
                self.routes[route_key] = func
            return func
        return decorator
    
    def simulate_request(self, method, path, **kwargs):
        route_key = f"{method} {path}"
        if route_key in self.routes:
            return self.routes[route_key](**kwargs)
        return f"404 Not Found: {method} {path}"

# Create Flask simulator
app = FlaskSimulator()

@app.route('/')
def home():
    return "Welcome to Flask Simulator!"

@app.route('/hello/<name>')
def hello(name):
    return f"Hello, {name}!"

@app.route('/user/<int:user_id>')
def user_profile(user_id):
    return f"User Profile: {user_id}"

@app.route('/api/data', methods=['GET', 'POST'])
def api_data():
    return {"message": "API endpoint", "status": "success"}

# Test the simulator
print("Flask Routing Simulation:")
print(app.simulate_request('GET', '/'))
print(app.simulate_request('GET', '/hello/<name>', name="Alice"))
print(app.simulate_request('GET', '/user/<int:user_id>', user_id=123))
print(app.simulate_request('POST', '/api/data'))
```

### Flask Forms and Templates

```python
"""
# forms.py - Flask-WTF Forms
from flask_wtf import FlaskForm
from wtforms import StringField, TextAreaField, SubmitField, EmailField
from wtforms.validators import DataRequired, Email, Length

class ContactForm(FlaskForm):
    name = StringField('Name', validators=[DataRequired(), Length(min=2, max=50)])
    email = EmailField('Email', validators=[DataRequired(), Email()])
    message = TextAreaField('Message', validators=[DataRequired(), Length(min=10)])
    submit = SubmitField('Send Message')

# app.py - Using forms
@app.route('/contact', methods=['GET', 'POST'])
def contact():
    form = ContactForm()
    
    if form.validate_on_submit():
        # Process form data
        name = form.name.data
        email = form.email.data
        message = form.message.data
        
        # Save to database or send email
        flash('Thank you for your message!', 'success')
        return redirect(url_for('contact'))
    
    return render_template('contact.html', form=form)
"""

# Simulating form handling
class FormValidator:
    def __init__(self, data):
        self.data = data
        self.errors = {}
    
    def validate_required(self, field, message="This field is required"):
        if not self.data.get(field) or not self.data[field].strip():
            self.errors[field] = message
    
    def validate_email(self, field, message="Invalid email address"):
        import re
        email = self.data.get(field, '')
        pattern = r'^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$'
        if email and not re.match(pattern, email):
            self.errors[field] = message
    
    def validate_length(self, field, min_len=0, max_len=None):
        value = self.data.get(field, '')
        if len(value) < min_len:
            self.errors[field] = f"Must be at least {min_len} characters"
        if max_len and len(value) > max_len:
            self.errors[field] = f"Must be at most {max_len} characters"
    
    def is_valid(self):
        return len(self.errors) == 0

def simulate_form_processing():
    """Simulate form validation and processing"""
    
    test_data = [
        {"name": "John Doe", "email": "john@example.com", "message": "Hello world!"},
        {"name": "", "email": "invalid-email", "message": "Hi"},
        {"name": "Jane", "email": "jane@example.com", "message": "This is a longer message that should pass validation"}
    ]
    
    print("Form Validation Simulation:")
    
    for i, data in enumerate(test_data, 1):
        print(f"\nTest case {i}: {data}")
        
        validator = FormValidator(data)
        validator.validate_required('name')
        validator.validate_required('email')
        validator.validate_required('message')
        validator.validate_email('email')
        validator.validate_length('name', min_len=2, max_len=50)
        validator.validate_length('message', min_len=10)
        
        if validator.is_valid():
            print("  ✓ Form is valid - would process submission")
        else:
            print("  ✗ Form has errors:")
            for field, error in validator.errors.items():
                print(f"    {field}: {error}")

simulate_form_processing()
```

### Flask Database Integration

```python
"""
# models.py - SQLAlchemy Models
from flask_sqlalchemy import SQLAlchemy
from datetime import datetime

db = SQLAlchemy()

class User(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    username = db.Column(db.String(80), unique=True, nullable=False)
    email = db.Column(db.String(120), unique=True, nullable=False)
    password_hash = db.Column(db.String(128))
    created_at = db.Column(db.DateTime, default=datetime.utcnow)
    posts = db.relationship('Post', backref='author', lazy=True)

    def __repr__(self):
        return f'<User {self.username}>'

class Post(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    title = db.Column(db.String(100), nullable=False)
    content = db.Column(db.Text, nullable=False)
    created_at = db.Column(db.DateTime, default=datetime.utcnow)
    user_id = db.Column(db.Integer, db.ForeignKey('user.id'), nullable=False)

    def __repr__(self):
        return f'<Post {self.title}>'

# app.py - Database operations
@app.route('/users')
def list_users():
    users = User.query.all()
    return render_template('users.html', users=users)

@app.route('/user/<int:user_id>')
def user_detail(user_id):
    user = User.query.get_or_404(user_id)
    posts = Post.query.filter_by(user_id=user_id).all()
    return render_template('user_detail.html', user=user, posts=posts)

@app.route('/create_post', methods=['GET', 'POST'])
def create_post():
    if request.method == 'POST':
        post = Post(
            title=request.form['title'],
            content=request.form['content'],
            user_id=current_user.id
        )
        db.session.add(post)
        db.session.commit()
        flash('Post created successfully!', 'success')
        return redirect(url_for('home'))
    
    return render_template('create_post.html')
"""

# Simulating database operations
class InMemoryDatabase:
    def __init__(self):
        self.users = []
        self.posts = []
        self.next_user_id = 1
        self.next_post_id = 1
    
    def create_user(self, username, email):
        user = {
            'id': self.next_user_id,
            'username': username,
            'email': email,
            'created_at': '2024-01-01T00:00:00'
        }
        self.users.append(user)
        self.next_user_id += 1
        return user
    
    def create_post(self, title, content, user_id):
        post = {
            'id': self.next_post_id,
            'title': title,
            'content': content,
            'user_id': user_id,
            'created_at': '2024-01-01T00:00:00'
        }
        self.posts.append(post)
        self.next_post_id += 1
        return post
    
    def get_user(self, user_id):
        return next((u for u in self.users if u['id'] == user_id), None)
    
    def get_user_posts(self, user_id):
        return [p for p in self.posts if p['user_id'] == user_id]

# Simulate blog application
def simulate_blog_app():
    db = InMemoryDatabase()
    
    print("Blog Application Simulation:")
    
    # Create users
    user1 = db.create_user("alice", "alice@example.com")
    user2 = db.create_user("bob", "bob@example.com")
    
    print(f"Created users: {user1['username']}, {user2['username']}")
    
    # Create posts
    post1 = db.create_post("First Post", "This is my first blog post!", user1['id'])
    post2 = db.create_post("Python Tips", "Here are some Python tips...", user1['id'])
    post3 = db.create_post("Web Development", "Learning web development", user2['id'])
    
    print(f"Created {len(db.posts)} posts")
    
    # Query data
    print(f"\nUser {user1['username']}'s posts:")
    alice_posts = db.get_user_posts(user1['id'])
    for post in alice_posts:
        print(f"  - {post['title']}")
    
    print(f"\nUser {user2['username']}'s posts:")
    bob_posts = db.get_user_posts(user2['id'])
    for post in bob_posts:
        print(f"  - {post['title']}")

simulate_blog_app()
```

---

## 3. FastAPI Modern Framework

### Basic FastAPI Application

```python
"""
# main.py - Basic FastAPI Application
from fastapi import FastAPI, HTTPException, Depends
from pydantic import BaseModel, EmailStr
from typing import List, Optional
import uvicorn

app = FastAPI(title="My API", description="A sample API", version="1.0.0")

class Item(BaseModel):
    name: str
    description: Optional[str] = None
    price: float
    tax: Optional[float] = None

class User(BaseModel):
    id: int
    name: str
    email: EmailStr

@app.get("/")
async def root():
    return {"message": "Hello World"}

@app.get("/items/{item_id}")
async def read_item(item_id: int, q: Optional[str] = None):
    return {"item_id": item_id, "q": q}

@app.post("/items/", response_model=Item)
async def create_item(item: Item):
    return item

@app.get("/users/", response_model=List[User])
async def read_users(skip: int = 0, limit: int = 100):
    # In real app, would query database
    return [
        {"id": 1, "name": "Alice", "email": "alice@example.com"},
        {"id": 2, "name": "Bob", "email": "bob@example.com"}
    ]

if __name__ == "__main__":
    uvicorn.run(app, host="0.0.0.0", port=8000)
"""

# Simulating FastAPI concepts
from typing import List, Optional, Dict, Any
import json

class PydanticModel:
    """Simplified Pydantic model simulation"""
    
    def __init__(self, **kwargs):
        for key, value in kwargs.items():
            setattr(self, key, value)
    
    def dict(self):
        return {k: v for k, v in self.__dict__.items() if not k.startswith('_')}
    
    def json(self):
        return json.dumps(self.dict())

class FastAPISimulator:
    def __init__(self, title="FastAPI", description="", version="1.0.0"):
        self.title = title
        self.description = description
        self.version = version
        self.routes = {}
    
    def get(self, path):
        def decorator(func):
            self.routes[f"GET {path}"] = func
            return func
        return decorator
    
    def post(self, path):
        def decorator(func):
            self.routes[f"POST {path}"] = func
            return func
        return decorator
    
    def simulate_request(self, method, path, **kwargs):
        route_key = f"{method} {path}"
        if route_key in self.routes:
            return self.routes[route_key](**kwargs)
        return {"error": "Not Found", "status_code": 404}

# Create FastAPI simulator
app = FastAPISimulator(
    title="E-commerce API",
    description="A simple e-commerce API",
    version="1.0.0"
)

# Define models
class Item(PydanticModel):
    def __init__(self, name: str, description: Optional[str] = None, 
                 price: float = 0.0, tax: Optional[float] = None):
        super().__init__(name=name, description=description, price=price, tax=tax)

class User(PydanticModel):
    def __init__(self, id: int, name: str, email: str):
        super().__init__(id=id, name=name, email=email)

# In-memory storage
items_db = []
users_db = [
    User(id=1, name="Alice", email="alice@example.com"),
    User(id=2, name="Bob", email="bob@example.com")
]

@app.get("/")
async def root():
    return {"message": "Welcome to FastAPI E-commerce"}

@app.get("/items/{item_id}")
async def read_item(item_id: int, q: Optional[str] = None):
    if item_id < len(items_db):
        item = items_db[item_id]
        result = item.dict()
        if q:
            result["query"] = q
        return result
    return {"error": "Item not found", "status_code": 404}

@app.post("/items/")
async def create_item(name: str, description: str = None, price: float = 0.0, tax: float = None):
    item = Item(name=name, description=description, price=price, tax=tax)
    items_db.append(item)
    return {"message": "Item created", "item": item.dict(), "id": len(items_db) - 1}

@app.get("/users/")
async def read_users(skip: int = 0, limit: int = 100):
    return [user.dict() for user in users_db[skip:skip + limit]]

# Test the FastAPI simulator
def test_fastapi_simulator():
    print("FastAPI Simulation:")
    
    # Test root endpoint
    response = app.simulate_request('GET', '/')
    print(f"GET / → {response}")
    
    # Create items
    item1_response = app.simulate_request('POST', '/items/', 
                                         name="Laptop", description="Gaming laptop", 
                                         price=999.99, tax=99.99)
    print(f"POST /items/ → {item1_response}")
    
    item2_response = app.simulate_request('POST', '/items/', 
                                         name="Mouse", description="Wireless mouse", 
                                         price=29.99)
    print(f"POST /items/ → {item2_response}")
    
    # Read item
    item_response = app.simulate_request('GET', '/items/{item_id}', item_id=0, q="details")
    print(f"GET /items/0 → {item_response}")
    
    # Read users
    users_response = app.simulate_request('GET', '/users/', skip=0, limit=10)
    print(f"GET /users/ → {users_response}")

test_fastapi_simulator()
```

### FastAPI Advanced Features

```python
"""
# Advanced FastAPI features simulation

# Dependency Injection
from fastapi import Depends, HTTPException, status
from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials

security = HTTPBearer()

def get_current_user(credentials: HTTPAuthorizationCredentials = Depends(security)):
    # In real app, would verify JWT token
    if credentials.credentials != "valid-token":
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Invalid authentication credentials"
        )
    return {"user_id": 1, "username": "alice"}

@app.get("/protected")
async def protected_route(current_user: dict = Depends(get_current_user)):
    return {"message": f"Hello {current_user['username']}", "user": current_user}

# Background Tasks
from fastapi import BackgroundTasks

def send_email(email: str, message: str):
    # Simulate sending email
    print(f"Sending email to {email}: {message}")

@app.post("/send-notification/")
async def send_notification(email: str, background_tasks: BackgroundTasks):
    background_tasks.add_task(send_email, email, "Welcome to our service!")
    return {"message": "Notification will be sent"}

# File Upload
from fastapi import File, UploadFile

@app.post("/upload/")
async def upload_file(file: UploadFile = File(...)):
    return {
        "filename": file.filename,
        "content_type": file.content_type,
        "size": len(await file.read())
    }

# Request/Response Models
class UserCreate(BaseModel):
    username: str
    email: EmailStr
    password: str

class UserResponse(BaseModel):
    id: int
    username: str
    email: EmailStr
    is_active: bool

@app.post("/users/", response_model=UserResponse)
async def create_user(user: UserCreate):
    # In real app, would hash password and save to database
    return UserResponse(
        id=len(users_db) + 1,
        username=user.username,
        email=user.email,
        is_active=True
    )
"""

# Simulating advanced FastAPI features
class DependencySimulator:
    @staticmethod
    def get_current_user(token: str = None):
        if token != "valid-token":
            raise Exception("Unauthorized")
        return {"user_id": 1, "username": "alice", "role": "admin"}

class BackgroundTaskSimulator:
    def __init__(self):
        self.tasks = []
    
    def add_task(self, func, *args, **kwargs):
        self.tasks.append((func, args, kwargs))
        print(f"Added background task: {func.__name__}")
    
    def process_tasks(self):
        print("Processing background tasks:")
        for func, args, kwargs in self.tasks:
            func(*args, **kwargs)
        self.tasks.clear()

def simulate_advanced_features():
    print("\nAdvanced FastAPI Features Simulation:")
    
    # Dependency injection
    print("\n1. Dependency Injection:")
    try:
        user = DependencySimulator.get_current_user("valid-token")
        print(f"  Authenticated user: {user}")
        
        user = DependencySimulator.get_current_user("invalid-token")
    except Exception as e:
        print(f"  Authentication failed: {e}")
    
    # Background tasks
    print("\n2. Background Tasks:")
    background_tasks = BackgroundTaskSimulator()
    
    def send_welcome_email(email):
        print(f"  Sending welcome email to {email}")
    
    def update_analytics(user_id):
        print(f"  Updating analytics for user {user_id}")
    
    background_tasks.add_task(send_welcome_email, "newuser@example.com")
    background_tasks.add_task(update_analytics, 123)
    background_tasks.process_tasks()
    
    # Request validation
    print("\n3. Request Validation:")
    
    class UserValidator:
        @staticmethod
        def validate_user_creation(data):
            errors = []
            
            if not data.get('username') or len(data['username']) < 3:
                errors.append("Username must be at least 3 characters")
            
            if not data.get('email') or '@' not in data['email']:
                errors.append("Valid email is required")
            
            if not data.get('password') or len(data['password']) < 8:
                errors.append("Password must be at least 8 characters")
            
            return len(errors) == 0, errors
    
    test_data = [
        {"username": "alice123", "email": "alice@example.com", "password": "securepass123"},
        {"username": "ab", "email": "invalid-email", "password": "123"},
    ]
    
    for data in test_data:
        is_valid, errors = UserValidator.validate_user_creation(data)
        if is_valid:
            print(f"  ✓ Valid user data: {data['username']}")
        else:
            print(f"  ✗ Invalid user data: {errors}")

simulate_advanced_features()
```

---

## 4. Templates and Frontend

### Jinja2 Templates

```python
"""
# templates/base.html
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>{% block title %}My Website{% endblock %}</title>
    <link rel="stylesheet" href="{{ url_for('static', filename='css/style.css') }}">
</head>
<body>
    <nav>
        <ul>
            <li><a href="{{ url_for('home') }}">Home</a></li>
            <li><a href="{{ url_for('about') }}">About</a></li>
            {% if current_user.is_authenticated %}
                <li><a href="{{ url_for('profile') }}">Profile</a></li>
                <li><a href="{{ url_for('logout') }}">Logout</a></li>
            {% else %}
                <li><a href="{{ url_for('login') }}">Login</a></li>
            {% endif %}
        </ul>
    </nav>
    
    <main>
        {% with messages = get_flashed_messages(with_categories=true) %}
            {% if messages %}
                {% for category, message in messages %}
                    <div class="alert alert-{{ category }}">{{ message }}</div>
                {% endfor %}
            {% endif %}
        {% endwith %}
        
        {% block content %}{% endblock %}
    </main>
    
    <footer>
        <p>&copy; 2024 My Website. All rights reserved.</p>
    </footer>
</body>
</html>

# templates/home.html
{% extends "base.html" %}

{% block title %}Home - My Website{% endblock %}

{% block content %}
<h1>Welcome to Our Website</h1>

{% if user %}
    <h2>Hello, {{ user.name }}!</h2>
    <p>Last login: {{ user.last_login.strftime('%Y-%m-%d %H:%M') }}</p>
{% endif %}

<div class="featured-posts">
    <h3>Recent Posts</h3>
    {% for post in posts %}
        <article>
            <h4><a href="{{ url_for('post_detail', id=post.id) }}">{{ post.title }}</a></h4>
            <p>{{ post.excerpt }}</p>
            <small>By {{ post.author.name }} on {{ post.created_at.strftime('%B %d, %Y') }}</small>
        </article>
    {% else %}
        <p>No posts available.</p>
    {% endfor %}
</div>

{% if posts|length > 0 %}
    <p>Total posts: {{ posts|length }}</p>
{% endif %}
{% endblock %}

# templates/macros.html
{% macro render_field(field) %}
    <div class="form-group">
        {{ field.label(class="form-label") }}
        {{ field(class="form-control") }}
        {% if field.errors %}
            <div class="form-errors">
                {% for error in field.errors %}
                    <span class="error">{{ error }}</span>
                {% endfor %}
            </div>
        {% endif %}
    </div>
{% endmacro %}

{% macro pagination(pagination) %}
    {% if pagination.pages > 1 %}
        <nav class="pagination">
            {% if pagination.has_prev %}
                <a href="{{ url_for(request.endpoint, page=pagination.prev_num) }}">&laquo; Previous</a>
            {% endif %}
            
            {% for page in pagination.iter_pages() %}
                {% if page %}
                    {% if page != pagination.page %}
                        <a href="{{ url_for(request.endpoint, page=page) }}">{{ page }}</a>
                    {% else %}
                        <strong>{{ page }}</strong>
                    {% endif %}
                {% else %}
                    <span>...</span>
                {% endif %}
            {% endfor %}
            
            {% if pagination.has_next %}
                <a href="{{ url_for(request.endpoint, page=pagination.next_num) }}">Next &raquo;</a>
            {% endif %}
        </nav>
    {% endif %}
{% endmacro %}
"""

# Simulating template rendering
class TemplateRenderer:
    def __init__(self):
        self.globals = {
            'url_for': self.url_for,
            'get_flashed_messages': self.get_flashed_messages,
            'current_user': {'is_authenticated': True, 'name': 'Alice'}
        }
        self.filters = {
            'length': len,
            'strftime': lambda dt, fmt: dt.strftime(fmt) if hasattr(dt, 'strftime') else str(dt)
        }
    
    def url_for(self, endpoint, **kwargs):
        if endpoint == 'home':
            return '/'
        elif endpoint == 'profile':
            return '/profile'
        elif endpoint == 'post_detail':
            return f"/post/{kwargs.get('id', 1)}"
        return f"/{endpoint}"
    
    def get_flashed_messages(self, with_categories=False):
        messages = [("success", "Welcome back!"), ("info", "Check out our new features")]
        if with_categories:
            return messages
        return [msg for cat, msg in messages]
    
    def render_template(self, template_name, **context):
        # Simplified template rendering
        if template_name == 'home.html':
            return self.render_home_template(context)
        elif template_name == 'post_list.html':
            return self.render_post_list_template(context)
        return f"Template: {template_name} with context: {context}"
    
    def render_home_template(self, context):
        user = context.get('user')
        posts = context.get('posts', [])
        
        html = "<html><body>"
        html += "<h1>Welcome to Our Website</h1>"
        
        if user:
            html += f"<h2>Hello, {user['name']}!</h2>"
        
        html += "<div class='featured-posts'><h3>Recent Posts</h3>"
        
        if posts:
            for post in posts:
                html += f"<article><h4>{post['title']}</h4>"
                html += f"<p>{post['excerpt']}</p>"
                html += f"<small>By {post['author']} on {post['date']}</small></article>"
        else:
            html += "<p>No posts available.</p>"
        
        html += "</div></body></html>"
        return html
    
    def render_post_list_template(self, context):
        posts = context.get('posts', [])
        pagination = context.get('pagination', {})
        
        html = "<html><body><h1>All Posts</h1>"
        
        for post in posts:
            html += f"<div class='post'>"
            html += f"<h3>{post['title']}</h3>"
            html += f"<p>{post['content'][:100]}...</p>"
            html += f"<a href='/post/{post['id']}'>Read more</a>"
            html += "</div>"
        
        # Pagination
        if pagination.get('pages', 1) > 1:
            html += "<nav class='pagination'>"
            current_page = pagination.get('page', 1)
            total_pages = pagination.get('pages', 1)
            
            if current_page > 1:
                html += f"<a href='?page={current_page-1}'>&laquo; Previous</a>"
            
            for page in range(1, min(total_pages + 1, 6)):  # Show first 5 pages
                if page == current_page:
                    html += f"<strong>{page}</strong>"
                else:
                    html += f"<a href='?page={page}'>{page}</a>"
            
            if current_page < total_pages:
                html += f"<a href='?page={current_page+1}'>Next &raquo;</a>"
            
            html += "</nav>"
        
        html += "</body></html>"
        return html

def simulate_template_rendering():
    print("Template Rendering Simulation:")
    
    renderer = TemplateRenderer()
    
    # Sample data
    user = {"name": "Alice", "last_login": "2024-01-01 10:30"}
    posts = [
        {"id": 1, "title": "Getting Started with Python", "excerpt": "Learn Python basics...", "author": "John", "date": "2024-01-01"},
        {"id": 2, "title": "Web Development Tips", "excerpt": "Best practices for web dev...", "author": "Jane", "date": "2024-01-02"},
    ]
    
    # Render home template
    home_html = renderer.render_template('home.html', user=user, posts=posts)
    print("Home template rendered:")
    print(home_html[:200] + "..." if len(home_html) > 200 else home_html)
    
    # Render post list with pagination
    all_posts = [
        {"id": i, "title": f"Post {i}", "content": f"Content for post {i}"} 
        for i in range(1, 26)  # 25 posts
    ]
    
    page = 1
    per_page = 5
    start_idx = (page - 1) * per_page
    end_idx = start_idx + per_page
    page_posts = all_posts[start_idx:end_idx]
    
    pagination_info = {
        "page": page,
        "pages": (len(all_posts) + per_page - 1) // per_page,
        "total": len(all_posts)
    }
    
    post_list_html = renderer.render_template('post_list.html', 
                                            posts=page_posts, 
                                            pagination=pagination_info)
    print(f"\nPost list template rendered (page {page}):")
    print(post_list_html[:300] + "..." if len(post_list_html) > 300 else post_list_html)

simulate_template_rendering()
```

---

## 5. Database Integration

### SQLAlchemy with Flask/FastAPI

```python
"""
# models.py - Database Models
from sqlalchemy import Column, Integer, String, Text, DateTime, ForeignKey, Boolean
from sqlalchemy.ext.declarative import declarative_base
from sqlalchemy.orm import relationship
from datetime import datetime

Base = declarative_base()

class User(Base):
    __tablename__ = 'users'
    
    id = Column(Integer, primary_key=True)
    username = Column(String(80), unique=True, nullable=False)
    email = Column(String(120), unique=True, nullable=False)
    password_hash = Column(String(128), nullable=False)
    is_active = Column(Boolean, default=True)
    created_at = Column(DateTime, default=datetime.utcnow)
    
    # Relationships
    posts = relationship("Post", back_populates="author")
    comments = relationship("Comment", back_populates="user")

class Post(Base):
    __tablename__ = 'posts'
    
    id = Column(Integer, primary_key=True)
    title = Column(String(200), nullable=False)
    content = Column(Text, nullable=False)
    slug = Column(String(200), unique=True, nullable=False)
    is_published = Column(Boolean, default=False)
    created_at = Column(DateTime, default=datetime.utcnow)
    updated_at = Column(DateTime, default=datetime.utcnow, onupdate=datetime.utcnow)
    
    # Foreign keys
    author_id = Column(Integer, ForeignKey('users.id'), nullable=False)
    category_id = Column(Integer, ForeignKey('categories.id'))
    
    # Relationships
    author = relationship("User", back_populates="posts")
    category = relationship("Category", back_populates="posts")
    comments = relationship("Comment", back_populates="post")

class Category(Base):
    __tablename__ = 'categories'
    
    id = Column(Integer, primary_key=True)
    name = Column(String(100), unique=True, nullable=False)
    description = Column(Text)
    
    # Relationships
    posts = relationship("Post", back_populates="category")

class Comment(Base):
    __tablename__ = 'comments'
    
    id = Column(Integer, primary_key=True)
    content = Column(Text, nullable=False)
    created_at = Column(DateTime, default=datetime.utcnow)
    
    # Foreign keys
    post_id = Column(Integer, ForeignKey('posts.id'), nullable=False)
    user_id = Column(Integer, ForeignKey('users.id'), nullable=False)
    
    # Relationships
    post = relationship("Post", back_populates="comments")
    user = relationship("User", back_populates="comments")
"""

# Simulating database operations
class DatabaseSimulator:
    def __init__(self):
        self.users = []
        self.posts = []
        self.categories = []
        self.comments = []
        self.next_ids = {'user': 1, 'post': 1, 'category': 1, 'comment': 1}
    
    def create_user(self, username, email, password_hash):
        user = {
            'id': self.next_ids['user'],
            'username': username,
            'email': email,
            'password_hash': password_hash,
            'is_active': True,
            'created_at': '2024-01-01T00:00:00'
        }
        self.users.append(user)
        self.next_ids['user'] += 1
        return user
    
    def create_category(self, name, description=None):
        category = {
            'id': self.next_ids['category'],
            'name': name,
            'description': description
        }
        self.categories.append(category)
        self.next_ids['category'] += 1
        return category
    
    def create_post(self, title, content, author_id, category_id=None):
        slug = title.lower().replace(' ', '-').replace(',', '').replace('.', '')
        post = {
            'id': self.next_ids['post'],
            'title': title,
            'content': content,
            'slug': slug,
            'author_id': author_id,
            'category_id': category_id,
            'is_published': False,
            'created_at': '2024-01-01T00:00:00'
        }
        self.posts.append(post)
        self.next_ids['post'] += 1
        return post
    
    def create_comment(self, content, post_id, user_id):
        comment = {
            'id': self.next_ids['comment'],
            'content': content,
            'post_id': post_id,
            'user_id': user_id,
            'created_at': '2024-01-01T00:00:00'
        }
        self.comments.append(comment)
        self.next_ids['comment'] += 1
        return comment
    
    def get_post_with_author_and_comments(self, post_id):
        post = next((p for p in self.posts if p['id'] == post_id), None)
        if not post:
            return None
        
        # Get author
        author = next((u for u in self.users if u['id'] == post['author_id']), None)
        
        # Get category
        category = None
        if post['category_id']:
            category = next((c for c in self.categories if c['id'] == post['category_id']), None)
        
        # Get comments with user info
        post_comments = []
        for comment in self.comments:
            if comment['post_id'] == post_id:
                comment_user = next((u for u in self.users if u['id'] == comment['user_id']), None)
                post_comments.append({
                    **comment,
                    'user': comment_user
                })
        
        return {
            **post,
            'author': author,
            'category': category,
            'comments': post_comments
        }
    
    def get_user_posts(self, user_id, published_only=False):
        user_posts = []
        for post in self.posts:
            if post['author_id'] == user_id:
                if not published_only or post['is_published']:
                    # Get category info
                    category = None
                    if post['category_id']:
                        category = next((c for c in self.categories if c['id'] == post['category_id']), None)
                    
                    user_posts.append({
                        **post,
                        'category': category
                    })
        
        return user_posts
    
    def search_posts(self, query):
        results = []
        query_lower = query.lower()
        
        for post in self.posts:
            if (query_lower in post['title'].lower() or 
                query_lower in post['content'].lower()):
                
                author = next((u for u in self.users if u['id'] == post['author_id']), None)
                results.append({
                    **post,
                    'author': author
                })
        
        return results

def simulate_blog_database():
    print("Blog Database Simulation:")
    
    db = DatabaseSimulator()
    
    # Create categories
    tech_category = db.create_category("Technology", "Tech-related posts")
    lifestyle_category = db.create_category("Lifestyle", "Lifestyle and personal posts")
    
    print(f"Created categories: {tech_category['name']}, {lifestyle_category['name']}")
    
    # Create users
    alice = db.create_user("alice", "alice@example.com", "hashed_password_1")
    bob = db.create_user("bob", "bob@example.com", "hashed_password_2")
    
    print(f"Created users: {alice['username']}, {bob['username']}")
    
    # Create posts
    post1 = db.create_post("Python Web Development", 
                          "Learn how to build web apps with Python...", 
                          alice['id'], tech_category['id'])
    
    post2 = db.create_post("My Morning Routine", 
                          "How I start my day for maximum productivity...", 
                          bob['id'], lifestyle_category['id'])
    
    post3 = db.create_post("Advanced Python Tips", 
                          "Pro tips for Python developers...", 
                          alice['id'], tech_category['id'])
    
    print(f"Created {len(db.posts)} posts")
    
    # Create comments
    comment1 = db.create_comment("Great article! Very helpful.", post1['id'], bob['id'])
    comment2 = db.create_comment("Thanks for sharing these tips.", post3['id'], bob['id'])
    
    print(f"Created {len(db.comments)} comments")
    
    # Query operations
    print(f"\nAlice's posts:")
    alice_posts = db.get_user_posts(alice['id'])
    for post in alice_posts:
        print(f"  - {post['title']} (Category: {post['category']['name'] if post['category'] else 'None'})")
    
    print(f"\nPost with comments:")
    post_detail = db.get_post_with_author_and_comments(post1['id'])
    if post_detail:
        print(f"  Title: {post_detail['title']}")
        print(f"  Author: {post_detail['author']['username']}")
        print(f"  Comments: {len(post_detail['comments'])}")
        for comment in post_detail['comments']:
            print(f"    - {comment['user']['username']}: {comment['content']}")
    
    print(f"\nSearch results for 'Python':")
    search_results = db.search_posts("Python")
    for post in search_results:
        print(f"  - {post['title']} by {post['author']['username']}")

simulate_blog_database()
```

---

## 6. Authentication and Security

### User Authentication

```python
"""
# auth.py - Authentication implementation
from werkzeug.security import generate_password_hash, check_password_hash
from flask_login import UserMixin, login_user, logout_user, login_required
from itsdangerous import URLSafeTimedSerializer
import jwt
from datetime import datetime, timedelta

class User(UserMixin):
    def __init__(self, id, username, email, password_hash, is_active=True):
        self.id = id
        self.username = username
        self.email = email
        self.password_hash = password_hash
        self.is_active = is_active
    
    def check_password(self, password):
        return check_password_hash(self.password_hash, password)
    
    @staticmethod
    def create_user(username, email, password):
        password_hash = generate_password_hash(password)
        return User(None, username, email, password_hash)

# JWT Token handling
class JWTManager:
    def __init__(self, secret_key):
        self.secret_key = secret_key
    
    def generate_token(self, user_id, expires_in=3600):
        payload = {
            'user_id': user_id,
            'exp': datetime.utcnow() + timedelta(seconds=expires_in),
            'iat': datetime.utcnow()
        }
        return jwt.encode(payload, self.secret_key, algorithm='HS256')
    
    def verify_token(self, token):
        try:
            payload = jwt.decode(token, self.secret_key, algorithms=['HS256'])
            return payload['user_id']
        except jwt.ExpiredSignatureError:
            return None
        except jwt.InvalidTokenError:
            return None

# Session management
class SessionManager:
    def __init__(self):
        self.sessions = {}
    
    def create_session(self, user_id):
        import uuid
        session_id = str(uuid.uuid4())
        self.sessions[session_id] = {
            'user_id': user_id,
            'created_at': datetime.utcnow(),
            'last_accessed': datetime.utcnow()
        }
        return session_id
    
    def get_session(self, session_id):
        session = self.sessions.get(session_id)
        if session:
            session['last_accessed'] = datetime.utcnow()
        return session
    
    def destroy_session(self, session_id):
        self.sessions.pop(session_id, None)
"""

# Simulating authentication system
import hashlib
import secrets
import time

class PasswordManager:
    @staticmethod
    def hash_password(password, salt=None):
        if salt is None:
            salt = secrets.token_hex(16)
        
        # Simulate bcrypt-like hashing
        password_bytes = password.encode('utf-8')
        salt_bytes = salt.encode('utf-8')
        hash_obj = hashlib.pbkdf2_hmac('sha256', password_bytes, salt_bytes, 100000)
        return f"{salt}${hash_obj.hex()}"
    
    @staticmethod
    def verify_password(password, password_hash):
        try:
            salt, hash_value = password_hash.split('$')
            new_hash = PasswordManager.hash_password(password, salt)
            return new_hash == password_hash
        except:
            return False

class AuthenticationSystem:
    def __init__(self):
        self.users = {}
        self.sessions = {}
        self.failed_attempts = {}
        self.secret_key = "demo-secret-key"
    
    def register_user(self, username, email, password):
        # Check if user exists
        if any(u['username'] == username or u['email'] == email for u in self.users.values()):
            return None, "User already exists"
        
        # Validate password strength
        if len(password) < 8:
            return None, "Password must be at least 8 characters"
        
        # Create user
        user_id = len(self.users) + 1
        password_hash = PasswordManager.hash_password(password)
        
        user = {
            'id': user_id,
            'username': username,
            'email': email,
            'password_hash': password_hash,
            'is_active': True,
            'created_at': time.time(),
            'email_verified': False
        }
        
        self.users[user_id] = user
        return user, "User registered successfully"
    
    def authenticate_user(self, username_or_email, password):
        # Find user
        user = None
        for u in self.users.values():
            if u['username'] == username_or_email or u['email'] == username_or_email:
                user = u
                break
        
        if not user:
            return None, "User not found"
        
        # Check failed attempts (rate limiting)
        user_id = user['id']
        if self.failed_attempts.get(user_id, 0) >= 5:
            return None, "Account temporarily locked due to failed attempts"
        
        # Verify password
        if PasswordManager.verify_password(password, user['password_hash']):
            # Reset failed attempts on successful login
            self.failed_attempts.pop(user_id, None)
            return user, "Authentication successful"
        else:
            # Increment failed attempts
            self.failed_attempts[user_id] = self.failed_attempts.get(user_id, 0) + 1
            return None, "Invalid password"
    
    def create_session(self, user_id):
        session_id = secrets.token_urlsafe(32)
        self.sessions[session_id] = {
            'user_id': user_id,
            'created_at': time.time(),
            'last_accessed': time.time()
        }
        return session_id
    
    def validate_session(self, session_id):
        session = self.sessions.get(session_id)
        if not session:
            return None
        
        # Check session expiry (24 hours)
        if time.time() - session['created_at'] > 86400:
            del self.sessions[session_id]
            return None
        
        # Update last accessed
        session['last_accessed'] = time.time()
        return session['user_id']
    
    def logout_user(self, session_id):
        self.sessions.pop(session_id, None)
    
    def generate_jwt_token(self, user_id):
        import json
        import base64
        
        # Simplified JWT generation (in production, use PyJWT)
        header = {"alg": "HS256", "typ": "JWT"}
        payload = {
            "user_id": user_id,
            "exp": int(time.time()) + 3600,  # 1 hour
            "iat": int(time.time())
        }
        
        header_b64 = base64.urlsafe_b64encode(json.dumps(header).encode()).decode().rstrip('=')
        payload_b64 = base64.urlsafe_b64encode(json.dumps(payload).encode()).decode().rstrip('=')
        
        # In real implementation, would use proper HMAC signing
        signature = hashlib.sha256(f"{header_b64}.{payload_b64}.{self.secret_key}".encode()).hexdigest()[:32]
        
        return f"{header_b64}.{payload_b64}.{signature}"

def simulate_authentication():
    print("Authentication System Simulation:")
    
    auth = AuthenticationSystem()
    
    # Register users
    print("\n1. User Registration:")
    user1, msg1 = auth.register_user("alice", "alice@example.com", "securepassword123")
    print(f"  Alice: {msg1}")
    
    user2, msg2 = auth.register_user("bob", "bob@example.com", "weak")
    print(f"  Bob (weak password): {msg2}")
    
    user2, msg2 = auth.register_user("bob", "bob@example.com", "strongpassword456")
    print(f"  Bob (strong password): {msg2}")
    
    # Attempt duplicate registration
    user3, msg3 = auth.register_user("alice", "alice2@example.com", "anotherpassword")
    print(f"  Alice duplicate: {msg3}")
    
    # Authentication attempts
    print("\n2. Authentication:")
    
    # Successful login
    user, msg = auth.authenticate_user("alice", "securepassword123")
    if user:
        session_id = auth.create_session(user['id'])
        token = auth.generate_jwt_token(user['id'])
        print(f"  ✓ Alice login successful. Session: {session_id[:8]}... Token: {token[:20]}...")
    
    # Failed login
    user, msg = auth.authenticate_user("alice", "wrongpassword")
    print(f"  ✗ Alice wrong password: {msg}")
    
    # Multiple failed attempts
    print("\n3. Rate Limiting (Multiple Failed Attempts):")
    for i in range(6):
        user, msg = auth.authenticate_user("bob", "wrongpassword")
        print(f"  Attempt {i+1}: {msg}")
    
    # Session validation
    print("\n4. Session Management:")
    if session_id:
        user_id = auth.validate_session(session_id)
        print(f"  Session validation: User ID {user_id}")
        
        auth.logout_user(session_id)
        user_id = auth.validate_session(session_id)
        print(f"  After logout: {user_id}")

simulate_authentication()
```

### Security Best Practices

```python
def security_best_practices():
    """Demonstrate web security best practices"""
    
    print("Web Security Best Practices:")
    
    # 1. Input Validation and Sanitization
    print("\n1. Input Validation:")
    
    import re
    import html
    
    class InputValidator:
        @staticmethod
        def sanitize_html(input_text):
            # Remove potentially dangerous HTML tags
            return html.escape(input_text)
        
        @staticmethod
        def validate_email(email):
            pattern = r'^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}
            return re.match(pattern, email) is not None
        
        @staticmethod
        def validate_url(url):
            pattern = r'^https?://[^\s/$.?#].[^\s]*
            return re.match(pattern, url) is not None
        
        @staticmethod
        def prevent_sql_injection(query_input):
            # In real applications, use parameterized queries
            dangerous_patterns = ["'", "\"", ";", "--", "/*", "*/", "xp_", "sp_"]
            for pattern in dangerous_patterns:
                if pattern in query_input.lower():
                    return False, f"Potentially dangerous pattern detected: {pattern}"
            return True, "Input appears safe"
    
    # Test input validation
    test_inputs = [
        "<script>alert('xss')</script>",
        "user@example.com",
        "https://example.com",
        "'; DROP TABLE users; --"
    ]
    
    for input_text in test_inputs:
        print(f"  Input: {input_text}")
        print(f"    Sanitized: {InputValidator.sanitize_html(input_text)}")
        print(f"    Email valid: {InputValidator.validate_email(input_text)}")
        print(f"    URL valid: {InputValidator.validate_url(input_text)}")
        safe, msg = InputValidator.prevent_sql_injection(input_text)
        print(f"    SQL injection check: {msg}")
    
    # 2. CSRF Protection
    print("\n2. CSRF Protection:")
    
    class CSRFProtection:
        @staticmethod
        def generate_csrf_token():
            return secrets.token_urlsafe(32)
        
        @staticmethod
        def validate_csrf_token(session_token, form_token):
            return session_token == form_token
    
    # Simulate CSRF protection
    csrf_token = CSRFProtection.generate_csrf_token()
    print(f"  Generated CSRF token: {csrf_token[:16]}...")
    
    # Valid request
    is_valid = CSRFProtection.validate_csrf_token(csrf_token, csrf_token)
    print(f"  Valid CSRF token: {is_valid}")
    
    # Invalid request
    is_valid = CSRFProtection.validate_csrf_token(csrf_token, "fake_token")
    print(f"  Invalid CSRF token: {is_valid}")
    
    # 3. Security Headers
    print("\n3. Security Headers:")
    
    class SecurityHeaders:
        @staticmethod
        def get_security_headers():
            return {
                "X-Content-Type-Options": "nosniff",
                "X-Frame-Options": "DENY",
                "X-XSS-Protection": "1; mode=block",
                "Strict-Transport-Security": "max-age=31536000; includeSubDomains",
                "Content-Security-Policy": "default-src 'self'; script-src 'self' 'unsafe-inline'",
                "Referrer-Policy": "strict-origin-when-cross-origin",
                "Permissions-Policy": "geolocation=(), microphone=(), camera=()"
            }
    
    security_headers = SecurityHeaders.get_security_headers()
    for header, value in security_headers.items():
        print(f"  {header}: {value}")

security_best_practices()
```

---

## 7. RESTful APIs

### API Design and Implementation

```python
"""
# api.py - RESTful API implementation
from fastapi import FastAPI, HTTPException, Depends, status
from pydantic import BaseModel
from typing import List, Optional
import uvicorn

# Pydantic models for request/response
class UserCreate(BaseModel):
    username: str
    email: str
    password: str

class UserResponse(BaseModel):
    id: int
    username: str
    email: str
    is_active: bool

class PostCreate(BaseModel):
    title: str
    content: str
    category_id: Optional[int] = None

class PostResponse(BaseModel):
    id: int
    title: str
    content: str
    author_id: int
    category_id: Optional[int]
    is_published: bool

class PostUpdate(BaseModel):
    title: Optional[str] = None
    content: Optional[str] = None
    is_published: Optional[bool] = None

# API Routes
@app.get("/api/users", response_model=List[UserResponse])
async def get_users(skip: int = 0, limit: int = 100):
    # Return paginated users
    return users[skip:skip + limit]

@app.post("/api/users", response_model=UserResponse, status_code=status.HTTP_201_CREATED)
async def create_user(user: UserCreate):
    # Create new user
    return created_user

@app.get("/api/users/{user_id}", response_model=UserResponse)
async def get_user(user_id: int):
    user = find_user(user_id)
    if not user:
        raise HTTPException(status_code=404, detail="User not found")
    return user

@app.put("/api/users/{user_id}", response_model=UserResponse)
async def update_user(user_id: int, user_update: UserUpdate):
    user = find_user(user_id)
    if not user:
        raise HTTPException(status_code=404, detail="User not found")
    # Update user
    return updated_user

@app.delete("/api/users/{user_id}", status_code=status.HTTP_204_NO_CONTENT)
async def delete_user(user_id: int):
    user = find_user(user_id)
    if not user:
        raise HTTPException(status_code=404, detail="User not found")
    # Delete user
    return

# Posts API
@app.get("/api/posts", response_model=List[PostResponse])
async def get_posts(
    skip: int = 0, 
    limit: int = 100,
    category_id: Optional[int] = None,
    author_id: Optional[int] = None
):
    # Return filtered and paginated posts
    return filtered_posts

@app.post("/api/posts", response_model=PostResponse, status_code=status.HTTP_201_CREATED)
async def create_post(
    post: PostCreate,
    current_user: User = Depends(get_current_user)
):
    # Create new post
    return created_post
"""

# Simulating RESTful API
class RESTAPISimulator:
    def __init__(self):
        self.users = []
        self.posts = []
        self.categories = []
        self.next_ids = {'user': 1, 'post': 1, 'category': 1}
    
    # User endpoints
    def get_users(self, skip=0, limit=100, filters=None):
        """GET /api/users"""
        filtered_users = self.users
        
        if filters:
            if 'is_active' in filters:
                filtered_users = [u for u in filtered_users if u['is_active'] == filters['is_active']]
        
        return {
            "status_code": 200,
            "data": filtered_users[skip:skip + limit],
            "total": len(filtered_users),
            "skip": skip,
            "limit": limit
        }
    
    def create_user(self, user_data):
        """POST /api/users"""
        # Validate required fields
        if not all(key in user_data for key in ['username', 'email', 'password']):
            return {"status_code": 400, "error": "Missing required fields"}
        
        # Check for duplicate username/email
        if any(u['username'] == user_data['username'] or u['email'] == user_data['email'] 
               for u in self.users):
            return {"status_code": 409, "error": "User already exists"}
        
        user = {
            'id': self.next_ids['user'],
            'username': user_data['username'],
            'email': user_data['email'],
            'password_hash': f"hashed_{user_data['password']}",
            'is_active': True,
            'created_at': '2024-01-01T00:00:00Z'
        }
        
        self.users.append(user)
        self.next_ids['user'] += 1
        
        # Don't return password in response
        response_user = {k: v for k, v in user.items() if k != 'password_hash'}
        
        return {"status_code": 201, "data": response_user}
    
    def get_user(self, user_id):
        """GET /api/users/{user_id}"""
        user = next((u for u in self.users if u['id'] == user_id), None)
        
        if not user:
            return {"status_code": 404, "error": "User not found"}
        
        response_user = {k: v for k, v in user.items() if k != 'password_hash'}
        return {"status_code": 200, "data": response_user}
    
    def update_user(self, user_id, update_data):
        """PUT /api/users/{user_id}"""
        user = next((u for u in self.users if u['id'] == user_id), None)
        
        if not user:
            return {"status_code": 404, "error": "User not found"}
        
        # Update allowed fields
        allowed_fields = ['username', 'email', 'is_active']
        for field in allowed_fields:
            if field in update_data:
                user[field] = update_data[field]
        
        response_user = {k: v for k, v in user.items() if k != 'password_hash'}
        return {"status_code": 200, "data": response_user}
    
    def delete_user(self, user_id):
        """DELETE /api/users/{user_id}"""
        user_index = next((i for i, u in enumerate(self.users) if u['id'] == user_id), None)
        
        if user_index is None:
            return {"status_code": 404, "error": "User not found"}
        
        del self.users[user_index]
        return {"status_code": 204, "data": None}
    
    # Post endpoints
    def get_posts(self, skip=0, limit=100, filters=None):
        """GET /api/posts"""
        filtered_posts = self.posts
        
        if filters:
            if 'author_id' in filters:
                filtered_posts = [p for p in filtered_posts if p['author_id'] == filters['author_id']]
            if 'category_id' in filters:
                filtered_posts = [p for p in filtered_posts if p['category_id'] == filters['category_id']]
            if 'is_published' in filters:
                filtered_posts = [p for p in filtered_posts if p['is_published'] == filters['is_published']]
        
        # Add author information
        enriched_posts = []
        for post in filtered_posts[skip:skip + limit]:
            author = next((u for u in self.users if u['id'] == post['author_id']), None)
            enriched_post = {
                **post,
                'author': {'id': author['id'], 'username': author['username']} if author else None
            }
            enriched_posts.append(enriched_post)
        
        return {
            "status_code": 200,
            "data": enriched_posts,
            "total": len(filtered_posts),
            "skip": skip,
            "limit": limit
        }
    
    def create_post(self, post_data, author_id):
        """POST /api/posts"""
        if not all(key in post_data for key in ['title', 'content']):
            return {"status_code": 400, "error": "Missing required fields"}
        
        post = {
            'id': self.next_ids['post'],
            'title': post_data['title'],
            'content': post_data['content'],
            'author_id': author_id,
            'category_id': post_data.get('category_id'),
            'is_published': post_data.get('is_published', False),
            'created_at': '2024-01-01T00:00:00Z',
            'updated_at': '2024-01-01T00:00:00Z'
        }
        
        self.posts.append(post)
        self.next_ids['post'] += 1
        
        return {"status_code": 201, "data": post}

def simulate_rest_api():
    print("RESTful API Simulation:")
    
    api = RESTAPISimulator()
    
    # Test user operations
    print("\n1. User CRUD Operations:")
    
    # Create users
    user1_response = api.create_user({
        "username": "alice",
        "email": "alice@example.com",
        "password": "securepass123"
    })
    print(f"  POST /api/users: {user1_response['status_code']} - {user1_response.get('data', {}).get('username', 'Error')}")
    
    user2_response = api.create_user({
        "username": "bob",
        "email": "bob@example.com",
        "password": "anotherpass456"
    })
    print(f"  POST /api/users: {user2_response['status_code']} - {user2_response.get('data', {}).get('username', 'Error')}")
    
    # Get all users
    users_response = api.get_users()
    print(f"  GET /api/users: {users_response['status_code']} - {users_response['total']} users")
    
    # Get specific user
    user_response = api.get_user(1)
    print(f"  GET /api/users/1: {user_response['status_code']} - {user_response.get('data', {}).get('username', 'Error')}")
    
    # Update user
    update_response = api.update_user(1, {"is_active": False})
    print(f"  PUT /api/users/1: {update_response['status_code']} - Active: {update_response.get('data', {}).get('is_active')}")
    
    # Test post operations
    print("\n2. Post CRUD Operations:")
    
    # Create posts
    post1_response = api.create_post({
        "title": "Introduction to Python",
        "content": "Python is a versatile programming language...",
        "is_published": True
    }, author_id=1)
    print(f"  POST /api/posts: {post1_response['status_code']} - {post1_response.get('data', {}).get('title', 'Error')}")
    
    post2_response = api.create_post({
        "title": "Web Development Tips",
        "content": "Here are some tips for web development...",
        "is_published": False
    }, author_id=2)
    print(f"  POST /api/posts: {post2_response['status_code']} - {post2_response.get('data', {}).get('title', 'Error')}")
    
    # Get all posts
    posts_response = api.get_posts()
    print(f"  GET /api/posts: {posts_response['status_code']} - {posts_response['total']} posts")
    
    # Get posts by author
    author_posts_response = api.get_posts(filters={"author_id": 1})
    print(f"  GET /api/posts?author_id=1: {author_posts_response['status_code']} - {author_posts_response['total']} posts")
    
    # Get published posts only
    published_posts_response = api.get_posts(filters={"is_published": True})
    print(f"  GET /api/posts?is_published=true: {published_posts_response['status_code']} - {published_posts_response['total']} posts")
    
    # Test error cases
    print("\n3. Error Handling:")
    
    # Try to get non-existent user
    error_response = api.get_user(999)
    print(f"  GET /api/users/999: {error_response['status_code']} - {error_response.get('error')}")
    
    # Try to create duplicate user
    duplicate_response = api.create_user({
        "username": "alice",
        "email": "alice2@example.com",
        "password": "password"
    })
    print(f"  POST /api/users (duplicate): {duplicate_response['status_code']} - {duplicate_response.get('error')}")
    
    # Try to create post with missing fields
    invalid_post_response = api.create_post({"title": "Incomplete Post"}, author_id=1)
    print(f"  POST /api/posts (invalid): {invalid_post_response['status_code']} - {invalid_post_response.get('error')}")

simulate_rest_api()
```

### API Documentation and Testing

```python
def api_documentation_example():
    """Demonstrate API documentation practices"""
    
    print("API Documentation Example:")
    
    api_docs = {
        "openapi": "3.0.0",
        "info": {
            "title": "Blog API",
            "description": "A RESTful API for a blog application",
            "version": "1.0.0",
            "contact": {
                "name": "API Support",
                "email": "support@blogapi.com"
            }
        },
        "servers": [
            {
                "url": "https://api.blogapi.com/v1",
                "description": "Production server"
            },
            {
                "url": "https://staging-api.blogapi.com/v1",
                "description": "Staging server"
            }
        ],
        "paths": {
            "/users": {
                "get": {
                    "summary": "Get all users",
                    "description": "Retrieve a paginated list of users",
                    "parameters": [
                        {
                            "name": "skip",
                            "in": "query",
                            "description": "Number of users to skip",
                            "schema": {"type": "integer", "default": 0}
                        },
                        {
                            "name": "limit",
                            "in": "query",
                            "description": "Maximum number of users to return",
                            "schema": {"type": "integer", "default": 100, "maximum": 1000}
                        }
                    ],
                    "responses": {
                        "200": {
                            "description": "Successful response",
                            "content": {
                                "application/json": {
                                    "schema": {
                                        "type": "object",
                                        "properties": {
                                            "data": {
                                                "type": "array",
                                                "items": {"$ref": "#/components/schemas/User"}
                                            },
                                            "total": {"type": "integer"},
                                            "skip": {"type": "integer"},
                                            "limit": {"type": "integer"}
                                        }
                                    }
                                }
                            }
                        }
                    }
                },
                "post": {
                    "summary": "Create a new user",
                    "description": "Create a new user account",
                    "requestBody": {
                        "required": True,
                        "content": {
                            "application/json": {
                                "schema": {"$ref": "#/components/schemas/UserCreate"}
                            }
                        }
                    },
                    "responses": {
                        "201": {
                            "description": "User created successfully",
                            "content": {
                                "application/json": {
                                    "schema": {"$ref": "#/components/schemas/User"}
                                }
                            }
                        },
                        "400": {
                            "description": "Invalid input",
                            "content": {
                                "application/json": {
                                    "schema": {"$ref": "#/components/schemas/Error"}
                                }
                            }
                        }
                    }
                }
            }
        },
        "components": {
            "schemas": {
                "User": {
                    "type": "object",
                    "properties": {
                        "id": {"type": "integer", "example": 1},
                        "username": {"type": "string", "example": "alice"},
                        "email": {"type": "string", "format": "email", "example": "alice@example.com"},
                        "is_active": {"type": "boolean", "example": True},
                        "created_at": {"type": "string", "format": "date-time"}
                    }
                },
                "UserCreate": {
                    "type": "object",
                    "required": ["username", "email", "password"],
                    "properties": {
                        "username": {"type": "string", "minLength": 3, "maxLength": 50},
                        "email": {"type": "string", "format": "email"},
                        "password": {"type": "string", "minLength": 8}
                    }
                },
                "Error": {
                    "type": "object",
                    "properties": {
                        "error": {"type": "string"},
                        "message": {"type": "string"},
                        "details": {"type": "object"}
                    }
                }
            },
            "securitySchemes": {
                "bearerAuth": {
                    "type": "http",
                    "scheme": "bearer",
                    "bearerFormat": "JWT"
                }
            }
        }
    }
    
    print("  OpenAPI specification structure:")
    print(f"    Title: {api_docs['info']['title']}")
    print(f"    Version: {api_docs['info']['version']}")
    print(f"    Servers: {len(api_docs['servers'])}")
    print(f"    Endpoints: {len(api_docs['paths'])}")
    print(f"    Schemas: {len(api_docs['components']['schemas'])}")

api_documentation_example()
```

---

## 8. Testing Web Applications

### Unit and Integration Testing

```python
"""
# test_app.py - Testing web applications
import pytest
from fastapi.testclient import TestClient
from app import app

client = TestClient(app)

class TestUserAPI:
    def test_create_user_success(self):
        response = client.post("/api/users", json={
            "username": "testuser",
            "email": "test@example.com",
            "password": "securepass123"
        })
        assert response.status_code == 201
        data = response.json()
        assert data["username"] == "testuser"
        assert data["email"] == "test@example.com"
        assert "password" not in data
    
    def test_create_user_duplicate_email(self):
        # First user
        client.post("/api/users", json={
            "username": "user1",
            "email": "duplicate@example.com",
            "password": "password123"
        })
        
        # Duplicate email
        response = client.post("/api/users", json={
            "username": "user2",
            "email": "duplicate@example.com",
            "password": "password456"
        })
        assert response.status_code == 409
    
    def test_get_user_not_found(self):
        response = client.get("/api/users/999")
        assert response.status_code == 404
    
    def test_get_users_pagination(self):
        # Create multiple users
        for i in range(5):
            client.post("/api/users", json={
                "username": f"user{i}",
                "email": f"user{i}@example.com",
                "password": "password123"
            })
        
        # Test pagination
        response = client.get("/api/users?skip=2&limit=2")
        assert response.status_code == 200
        data = response.json()
        assert len(data["data"]) == 2
        assert data["skip"] == 2
        assert data["limit"] == 2

class TestPostAPI:
    def test_create_post_authenticated(self):
        # First create a user and login
        user_response = client.post("/api/users", json={
            "username": "author",
            "email": "author@example.com",
            "password": "password123"
        })
        
        login_response = client.post("/api/auth/login", json={
            "username": "author",
            "password": "password123"
        })
        token = login_response.json()["access_token"]
        
        # Create post with authentication
        response = client.post("/api/posts", 
            json={
                "title": "Test Post",
                "content": "This is a test post content"
            },
            headers={"Authorization": f"Bearer {token}"}
        )
        assert response.status_code == 201
        data = response.json()
        assert data["title"] == "Test Post"
    
    def test_create_post_unauthenticated(self):
        response = client.post("/api/posts", json={
            "title": "Test Post",
            "content": "This is a test post content"
        })
        assert response.status_code == 401

# Flask testing example
class TestFlaskApp:
    @pytest.fixture
    def client(self):
        app.config['TESTING'] = True
        app.config['WTF_CSRF_ENABLED'] = False
        with app.test_client() as client:
            yield client
    
    def test_home_page(self, client):
        response = client.get('/')
        assert response.status_code == 200
        assert b'Welcome' in response.data
    
    def test_login_required(self, client):
        response = client.get('/profile')
        assert response.status_code == 302  # Redirect to login
    
    def test_form_submission(self, client):
        response = client.post('/contact', data={
            'name': 'Test User',
            'email': 'test@example.com',
            'message': 'This is a test message'
        })
        assert response.status_code == 302  # Redirect after successful submission
"""

# Simulating web application testing
class TestSimulator:
    def __init__(self, api_simulator):
        self.api = api_simulator
        self.test_results = []
    
    def run_test(self, test_name, test_func):
        try:
            result = test_func()
            self.test_results.append({"test": test_name, "status": "PASS", "result": result})
            print(f"  ✓ {test_name}")
            return True
        except AssertionError as e:
            self.test_results.append({"test": test_name, "status": "FAIL", "error": str(e)})
            print(f"  ✗ {test_name}: {e}")
            return False
        except Exception as e:
            self.test_results.append({"test": test_name, "status": "ERROR", "error": str(e)})
            print(f"  ⚠ {test_name}: {e}")
            return False
    
    def test_user_creation_success(self):
        response = self.api.create_user({
            "username": "testuser",
            "email": "test@example.com",
            "password": "securepass123"
        })
        assert response["status_code"] == 201
        assert response["data"]["username"] == "testuser"
        return response
    
    def test_user_creation_duplicate(self):
        # Create first user
        self.api.create_user({
            "username": "duplicate",
            "email": "duplicate@example.com",
            "password": "password123"
        })
        
        # Try to create duplicate
        response = self.api.create_user({
            "username": "duplicate",
            "email": "duplicate@example.com",
            "password": "password456"
        })
        assert response["status_code"] == 409
        return response
    
    def test_user_not_found(self):
        response = self.api.get_user(999)
        assert response["status_code"] == 404
        return response
    
    def test_post_creation(self):
        # First create a user
        user_response = self.api.create_user({
            "username": "author",
            "email": "author@example.com",
            "password": "password123"
        })
        user_id = user_response["data"]["id"]
        
        # Create post
        response = self.api.create_post({
            "title": "Test Post",
            "content": "This is test content"
        }, author_id=user_id)
        
        assert response["status_code"] == 201
        assert response["data"]["title"] == "Test Post"
        return response
    
    def test_pagination(self):
        # Create multiple users
        for i in range(5):
            self.api.create_user({
                "username": f"user{i}",
                "email": f"user{i}@example.com",
                "password": "password123"
            })
        
        # Test pagination
        response = self.api.get_users(skip=2, limit=2)
        assert response["status_code"] == 200
        assert len(response["data"]) == 2
        assert response["skip"] == 2
        assert response["limit"] == 2
        return response
    
    def run_all_tests(self):
        print("Running Web Application Tests:")
        
        tests = [
            ("User Creation Success", self.test_user_creation_success),
            ("User Creation Duplicate", self.test_user_creation_duplicate),
            ("User Not Found", self.test_user_not_found),
            ("Post Creation", self.test_post_creation),
            ("Pagination", self.test_pagination)
        ]
        
        passed = 0
        for test_name, test_func in tests:
            if self.run_test(test_name, test_func):
                passed += 1
        
        print(f"\nTest Results: {passed}/{len(tests)} passed")
        return self.test_results

def simulate_web_testing():
    api = RESTAPISimulator()
    tester = TestSimulator(api)
    results = tester.run_all_tests()
    
    print("\nTest Summary:")
    for result in results:
        status_icon = "✓" if result["status"] == "PASS" else "✗" if result["status"] == "FAIL" else "⚠"
        print(f"  {status_icon} {result['test']}: {result['status']}")

simulate_web_testing()
```

---

## 9. Deployment

### Production Deployment Strategies

```python
def deployment_strategies():
    """Demonstrate deployment strategies and configurations"""
    
    print("Deployment Strategies:")
    
    # 1. Environment Configuration
    print("\n1. Environment Configuration:")
    
    class ConfigManager:
        def __init__(self):
            self.environments = {
                "development": {
                    "DEBUG": True,
                    "DATABASE_URL": "sqlite:///dev.db",
                    "SECRET_KEY": "dev-secret-key",
                    "ALLOWED_HOSTS": ["localhost", "127.0.0.1"],
                    "LOG_LEVEL": "DEBUG"
                },
                "staging": {
                    "DEBUG": False,
                    "DATABASE_URL": "postgresql://user:pass@staging-db:5432/app",
                    "SECRET_KEY": "staging-secret-key",
                    "ALLOWED_HOSTS": ["staging.example.com"],
                    "LOG_LEVEL": "INFO"
                },
                "production": {
                    "DEBUG": False,
                    "DATABASE_URL": "postgresql://user:pass@prod-db:5432/app",
                    "SECRET_KEY": "production-secret-key",
                    "ALLOWED_HOSTS": ["example.com", "www.example.com"],
                    "LOG_LEVEL": "WARNING"
                }
            }
        
        def get_config(self, environment):
            return self.environments.get(environment, {})
    
    config_manager = ConfigManager()
    
    for env in ["development", "staging", "production"]:
        config = config_manager.get_config(env)
        print(f"  {env.upper()}:")
        print(f"    Debug: {config['DEBUG']}")
        print(f"    Database: {config['DATABASE_URL']}")
        print(f"    Log Level: {config['LOG_LEVEL']}")
    
    # 2. Docker Configuration
    print("\n2. Docker Configuration:")
    
    dockerfile_content = '''
FROM python:3.9-slim

WORKDIR /app

# Install system dependencies
RUN apt-get update && apt-get install -y \\
    build-essential \\
    && rm -rf /var/lib/apt/lists/*

# Install Python dependencies
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt

# Copy application code
COPY . .

# Create non-root user
RUN adduser --disabled-password --gecos '' appuser && \\
    chown -R appuser:appuser /app
USER appuser

# Expose port
EXPOSE 8000

# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \\
    CMD curl -f http://localhost:8000/health || exit 1

# Start application
CMD ["gunicorn", "--bind", "0.0.0.0:8000", "--workers", "4", "app:app"]
'''
    
    print("  Dockerfile configuration:")
    print("    - Multi-stage build for optimization")
    print("    - Non-root user for security")
    print("    - Health checks for monitoring")
    print("    - Production WSGI server (Gunicorn)")
    
    # 3. Docker Compose for Production
    print("\n3. Docker Compose Production Setup:")
    
    docker_compose_prod = {
        "version": "3.8",
        "services": {
            "app": {
                "build": ".",
                "ports": ["8000:8000"],
                "environment": [
                    "DATABASE_URL=postgresql://app:password@db:5432/app_db",
                    "REDIS_URL=redis://redis:6379"
                ],
                "depends_on": ["db", "redis"],
                "restart": "unless-stopped",
                "healthcheck": {
                    "test": ["CMD", "curl", "-f", "http://localhost:8000/health"],
                    "interval": "30s",
                    "timeout": "10s",
                    "retries": 3
                }
            },
            "db": {
                "image": "postgres:13-alpine",
                "environment": [
                    "POSTGRES_DB=app_db",
                    "POSTGRES_USER=app",
                    "POSTGRES_PASSWORD=password"
                ],
                "volumes": ["postgres_data:/var/lib/postgresql/data"],
                "restart": "unless-stopped"
            },
            "redis": {
                "image": "redis:6-alpine",
                "restart": "unless-stopped",
                "volumes": ["redis_data:/data"]
            },
            "nginx": {
                "image": "nginx:alpine",
                "ports": ["80:80", "443:443"],
                "volumes": [
                    "./nginx.conf:/etc/nginx/nginx.conf",
                    "./ssl:/etc/nginx/ssl"
                ],
                "depends_on": ["app"],
                "restart": "unless-stopped"
            }
        },
        "volumes": {
            "postgres_data": {},
            "redis_data": {}
        }
    }
    
    print("  Production services:")
    for service, config in docker_compose_prod["services"].items():
        print(f"    - {service}: {config.get('image', 'custom build')}")
    
    # 4. Monitoring and Logging
    print("\n4. Monitoring and Logging:")
    
    monitoring_stack = {
        "application_metrics": {
            "tool": "Prometheus + Grafana",
            "metrics": ["request_rate", "response_time", "error_rate", "active_users"]
        },
        "infrastructure_monitoring": {
            "tool": "Node Exporter + Grafana",
            "metrics": ["CPU", "Memory", "Disk", "Network"]
        },
        "log_aggregation": {
            "tool": "ELK Stack (Elasticsearch, Logstash, Kibana)",
            "sources": ["application_logs", "nginx_logs", "system_logs"]
        },
        "alerting": {
            "tool": "Alertmanager",
            "alerts": ["high_error_rate", "high_response_time", "service_down"]
        }
    }
    
    for category, details in monitoring_stack.items():
        print(f"  {category.replace('_', ' ').title()}:")
        print(f"    Tool: {details['tool']}")
        if 'metrics' in details:
            print(f"    Metrics: {', '.join(details['metrics'])}")
        elif 'sources' in details:
            print(f"    Sources: {', '.join(details['sources'])}")
        elif 'alerts' in details:
            print(f"    Alerts: {', '.join(details['alerts'])}")

deployment_strategies()
```

---

## 10. Practice Projects

### Project 1: Blog API

```python
def blog_api_project():
    """Complete blog API project specification"""
    
    print("Practice Project 1: Blog API")
    print("=" * 40)
    
    project_spec = {
        "description": "Build a complete RESTful API for a blog application",
        "features": [
            "User registration and authentication",
            "JWT token-based authorization",
            "CRUD operations for blog posts",
            "Categories and tags system",
            "Comments on posts",
            "User profiles and preferences",
            "Search functionality",
            "Pagination and filtering",
            "File upload for images",
            "Email notifications"
        ],
        "technical_requirements": [
            "FastAPI or Flask framework",
            "SQLAlchemy ORM with PostgreSQL",
            "Pydantic for data validation",
            "JWT for authentication",
            "pytest for testing (>80% coverage)",
            "Docker for containerization",
            "OpenAPI documentation",
            "Redis for caching",
            "Celery for background tasks"
        ],
        "api_endpoints": {
            "Authentication": [
                "POST /api/auth/register",
                "POST /api/auth/login", 
                "POST /api/auth/refresh",
                "POST /api/auth/logout"
            ],
            "Users": [
                "GET /api/users/{user_id}",
                "PUT /api/users/{user_id}",
                "GET /api/users/{user_id}/posts"
            ],
            "Posts": [
                "GET /api/posts",
                "POST /api/posts",
                "GET /api/posts/{post_id}",
                "PUT /api/posts/{post_id}",
                "DELETE /api/posts/{post_id}"
            ],
            "Comments": [
                "GET /api/posts/{post_id}/comments",
                "POST /api/posts/{post_id}/comments",
                "PUT /api/comments/{comment_id}",
                "DELETE /api/comments/{comment_id}"
            ],
            "Categories": [
                "GET /api/categories",
                "POST /api/categories",
                "GET /api/categories/{category_id}/posts"
            ]
        },
        "bonus_features": [
            "Rate limiting",
            "API versioning",
            "Soft delete for posts",
            "Post scheduling",
            "Social media integration",
            "Analytics dashboard",
            "Content moderation",
            "Multi-language support"
        ]
    }
    
    print(f"Description: {project_spec['description']}")
    print(f"\nCore Features ({len(project_spec['features'])}):")
    for feature in project_spec['features']:
        print(f"  • {feature}")
    
    print(f"\nTechnical Requirements:")
    for req in project_spec['technical_requirements']:
        print(f"  • {req}")
    
    print(f"\nAPI Endpoints:")
    for category, endpoints in project_spec['api_endpoints'].items():
        print(f"  {category}:")
        for endpoint in endpoints:
            print(f"    - {endpoint}")
    
    print(f"\nBonus Features:")
    for feature in project_spec['bonus_features']:
        print(f"  • {feature}")

blog_api_project()
```

### Project 2: E-commerce Platform

```python
def ecommerce_project():
    """E-commerce platform project specification"""
    
    print("\nPractice Project 2: E-commerce Platform")
    print("=" * 45)
    
    project_spec = {
        "description": "Build a full-stack e-commerce platform with web interface",
        "architecture": {
            "Backend": "FastAPI with async support",
            "Frontend": "React or Vue.js SPA",
            "Database": "PostgreSQL with Redis cache",
            "Payment": "Stripe integration",
            "Search": "Elasticsearch",
            "Storage": "AWS S3 for images"
        },
        "core_features": [
            "Product catalog with categories",
            "Shopping cart and wishlist",
            "User accounts and profiles",
            "Order management system",
            "Payment processing",
            "Inventory management",
            "Product reviews and ratings",
            "Admin dashboard",
            "Email notifications",
            "Mobile-responsive design"
        ],
        "advanced_features": [
            "Real-time notifications",
            "Advanced search and filtering",
            "Recommendation engine",
            "Multi-vendor support",
            "Coupon and discount system",
            "Analytics and reporting",
            "Social login integration",
            "Multi-language and currency",
            "Progressive Web App (PWA)",
            "Microservices architecture"
        ],
        "database_models": [
            "User, UserProfile, Address",
            "Product, Category, Brand",
            "Order, OrderItem, Payment",
            "Cart, CartItem, Wishlist",
            "Review, Rating, Comment",
            "Coupon, Discount, Promotion",
            "Inventory, Stock, Warehouse"
        ],
        "security_features": [
            "JWT authentication",
            "Role-based permissions",
            "CSRF protection",
            "SQL injection prevention",
            "XSS protection",
            "Rate limiting",
            "Data encryption",
            "PCI DSS compliance"
        ]
    }
    
    print(f"Description: {project_spec['description']}")
    
    print(f"\nArchitecture:")
    for component, tech in project_spec['architecture'].items():
        print(f"  {component}: {tech}")
    
    print(f"\nCore Features:")
    for feature in project_spec['core_features']:
        print(f"  • {feature}")
    
    print(f"\nAdvanced Features:")
    for feature in project_spec['advanced_features']:
        print(f"  • {feature}")
    
    print(f"\nDatabase Models:")
    for models in project_spec['database_models']:
        print(f"  • {models}")
    
    print(f"\nSecurity Features:")
    for feature in project_spec['security_features']:
        print(f"  • {feature}")

ecommerce_project()
```

---

## Congratulations!

You've completed the Web Development with Python notebook! You've learned:

- **Flask Fundamentals**: Building web applications with Flask framework
- **FastAPI Modern Framework**: Creating APIs with automatic documentation
- **Templates and Frontend**: Jinja2 templating and frontend integration
- **Database Integration**: SQLAlchemy ORM and database operations
- **Authentication and Security**: User management and security best practices
- **RESTful APIs**: Designing and implementing REST APIs
- **Testing**: Unit and integration testing for web applications
- **Deployment**: Production deployment strategies and monitoring

## Next Steps

1. **Build Projects**: Complete the practice projects (Blog API, E-commerce)
2. **Learn Frontend**: Integrate with React, Vue.js, or Angular
3. **Advanced Topics**: GraphQL, WebSockets, microservices
4. **DevOps**: CI/CD pipelines, monitoring, and scaling
5. **Cloud Deployment**: AWS, Google Cloud, or Azure deployment

## Additional Resources

- [FastAPI Documentation](https://fastapi.tiangolo.com/)
- [Flask Documentation](https://flask.palletsprojects.com/)
- [SQLAlchemy Documentation](https://docs.sqlalchemy.org/)
- [REST API Design Best Practices](https://restfulapi.net/)
- [Web Security Fundamentals](https://owasp.org/www-project-web-security-testing-guide/)

You're now equipped to build production-ready web applications with Python!