### **📚 Library Management System API with Token Authentication**

## **🚀 Exercise Overview**
### **User Roles**
- **Admin**: Can **add**, **update**, and **delete** books.
- **User**: Can **borrow** and **return** books.
- **Guest**: Can only **view** available books.

### **Authentication Method**
- Uses **Token-Based Authentication**.
- Users must send `Authorization: Token <your_token>` in **every request**.
- Only `admin` can modify books, `user` can borrow/return, and `guest` can only view books.

---

## **🛠️ Endpoints & Role-Based Access**
| HTTP Method | Endpoint           | Description                        | Access |
|------------|-------------------|--------------------------------|--------|
| `POST`    | `/books`           | Add a new book                | Admin  |
| `GET`     | `/books`           | List all books                | Guest, User, Admin |
| `PUT`     | `/books/<id>`      | Update book details           | Admin  |
| `DELETE`  | `/books/<id>`      | Remove a book                 | Admin  |
| `POST`    | `/borrow/<id>`     | Borrow a book                 | User |
| `POST`    | `/return/<id>`     | Return a borrowed book        | User |

---

## **📌 API Endpoint Details**
### **1️⃣ Add a New Book** (Admin Only)
- **POST `/books`**
- **Request:**
  ```json
  {
    "title": "Clean Code",
    "author": "Robert C. Martin",
    "isbn": "978-0132350884"
  }
  ```
- **Response:**
  ```json
  {
    "success": "Book added successfully.",
    "data": {
      "id": 1,
      "title": "Clean Code",
      "author": "Robert C. Martin",
      "isbn": "978-0132350884"
    }
  }
  ```

---

### **2️⃣ Get All Books** (Guest, User, Admin)
- **GET `/books`**
- **Response:**
  ```json
  {
    "books": [
      {
        "id": 1,
        "title": "Clean Code",
        "author": "Robert C. Martin",
        "isbn": "978-0132350884",
        "available": true
      }
    ]
  }
  ```

---

### **3️⃣ Update Book** (Admin Only)
- **PUT `/books/<id>`**
- **Request:**
  ```json
  {
    "title": "Updated Title",
    "author": "Updated Author"
  }
  ```
- **Errors:** `403 Forbidden`, `404 Not Found`.

---

### **4️⃣ Delete Book** (Admin Only)
- **DELETE `/books/<id>`**
- **Errors:** `403 Forbidden`, `404 Not Found`.

---

### **5️⃣ Borrow a Book** (User Only)
- **POST `/borrow/<id>`**
- **Response:**
  ```json
  {
    "message": "Book borrowed successfully.",
    "user": "johndoe",
    "book": "Clean Code"
  }
  ```

---

### **6️⃣ Return a Book** (User Only)
- **POST `/return/<id>`**
- **Response:**
  ```json
  {
    "message": "Book returned successfully.",
    "user": "johndoe",
    "book": "Clean Code"
  }
  ```

---

## **💾 Data Models**
### **📚 Book Model**
```json
{
  "id": 1,
  "title": "Clean Code",
  "author": "Robert C. Martin",
  "isbn": "978-0132350884",
  "available": true
}
```
---
### **👤 User Model**
```json
{
  "id": 1,
  "username": "johndoe",
  "role": "user",
  "password": "hashed_password"
}
```

---

## **💡 Implementation Steps**
1. **Set up Flask, Flask-RESTx, SQLAlchemy.**
2. **Create database models (`User`, `Book`).**
3. **Implement Basic Authentication (username & password).**
4. **Define role-based access control (RBAC).**
5. **Create API endpoints for managing books and borrowing system.**
6. **Test API using Postman or cURL.**

---

### **🔥 Bonus Challenges**
- ✅ Implement password hashing using `werkzeug.security`.
- ✅ Add pagination to `/books`.
- ✅ Add search filtering (`?title=Clean Code`).
- ✅ Track borrow history.

---
 


In [None]:
from flask import Flask, request  # Import Flask and request object
from flask_jwt_extended import create_access_token  # Import create_access_token to generate JWT tokens
import json  # Import json to handle JSON data for encoding user information in the token
from flask_sqlalchemy import SQLAlchemy  # Import SQLAlchemy for database management
from flask_restx import Api, Resource, Namespace, fields  # Import Flask-RESTx components
from flask_jwt_extended import JWTManager, create_access_token, jwt_required, get_jwt_identity, verify_jwt_in_request  # Import JWT utilities
from werkzeug.security import generate_password_hash, check_password_hash  # Import password hashing utilities
from datetime import datetime, timedelta  # Import datetime and timedelta for token expiration
from enum import Enum  # Import Enum for user roles
import nest_asyncio  # Import nest_asyncio for Jupyter Notebook compatibility
from werkzeug.serving import run_simple  # Import run_simple to run the Flask app
import json  # Import json for handling JSON data

# Apply nest_asyncio for Jupyter Notebook compatibility
nest_asyncio.apply()

# Initialize Flask application
app = Flask(__name__)
# Configure SQLAlchemy with MySQL database URI
app.config['SQLALCHEMY_DATABASE_URI'] = "mysql+mysqlconnector://root:top!secret@localhost:3307/test_43"
# Disable SQLAlchemy track modifications to save resources
app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
# Set the secret key for JWT
app.config['JWT_SECRET_KEY'] = 'your_secret_key'

# Initialize Flask-RESTx API with metadata

# Initialize SQLAlchemy with Flask app 

# Enum for User Roles

# Database Model for User 
 
# Database Model for Token 

# Create all database tables and add initial users with tokens 

# Namespaces

# Add namespace to API


# Swagger ModelS

# Decorator for Token Authentication with role-based access
# Decorator for Basic Authentication with role-based access


# Run the Flask application
run_simple("localhost", 5000, app)