### **📚 Library Management System API with Basic Authentication**

## **🚀 Exercise Overview**
### **User Roles**
- **Admin**: Can **add**, **update**, and **delete** books.
- **User**: Can **borrow** and **return** books.
- **Guest**: Can only **view** available books.

### **Authentication Method**
- Uses **Basic Authentication** (username & password).
- Users must send `Authorization: Basic <base64_encoded(username:password)>` in **every request**.
- Only `admin` can modify books, `user` can borrow/return, and `guest` can only view books.

---

## **🛠️ Endpoints & Role-Based Access**
| HTTP Method | Endpoint           | Description                        | Access |
|------------|-------------------|--------------------------------|--------|
| `POST`    | `/books`           | Add a new book                | Admin  |
| `GET`     | `/books`           | List all books                | Guest, User, Admin |
| `PUT`     | `/books/<id>`      | Update book details           | Admin  |
| `DELETE`  | `/books/<id>`      | Remove a book                 | Admin  |
| `POST`    | `/borrow/<id>`     | Borrow a book                 | User |
| `POST`    | `/return/<id>`     | Return a borrowed book        | User |

---

## **📌 API Endpoint Details**
### **1️⃣ Add a New Book** (Admin Only)
- **POST `/books`**
- **Request:**
  ```json
  {
    "title": "Clean Code",
    "author": "Robert C. Martin",
    "isbn": "978-0132350884"
  }
  ```
- **Response:**
  ```json
  {
    "success": "Book added successfully.",
    "data": {
      "id": 1,
      "title": "Clean Code",
      "author": "Robert C. Martin",
      "isbn": "978-0132350884"
    }
  }
  ```

---

### **2️⃣ Get All Books** (Guest, User, Admin)
- **GET `/books`**
- **Response:**
  ```json
  {
    "books": [
      {
        "id": 1,
        "title": "Clean Code",
        "author": "Robert C. Martin",
        "isbn": "978-0132350884",
        "available": true
      }
    ]
  }
  ```

---

### **3️⃣ Update Book** (Admin Only)
- **PUT `/books/<id>`**
- **Request:**
  ```json
  {
    "title": "Updated Title",
    "author": "Updated Author"
  }
  ```
- **Errors:** `403 Forbidden`, `404 Not Found`.

---

### **4️⃣ Delete Book** (Admin Only)
- **DELETE `/books/<id>`**
- **Errors:** `403 Forbidden`, `404 Not Found`.

---

### **5️⃣ Borrow a Book** (User Only)
- **POST `/borrow/<id>`**
- **Response:**
  ```json
  {
    "message": "Book borrowed successfully.",
    "user": "johndoe",
    "book": "Clean Code"
  }
  ```

---

### **6️⃣ Return a Book** (User Only)
- **POST `/return/<id>`**
- **Response:**
  ```json
  {
    "message": "Book returned successfully.",
    "user": "johndoe",
    "book": "Clean Code"
  }
  ```

---

## **💾 Data Models**
### **📚 Book Model**
```json
{
  "id": 1,
  "title": "Clean Code",
  "author": "Robert C. Martin",
  "isbn": "978-0132350884",
  "available": true
}
```
---
### **👤 User Model**
```json
{
  "id": 1,
  "username": "johndoe",
  "role": "user",
  "password": "hashed_password"
}
```

---

## **💡 Implementation Steps**
1. **Set up Flask, Flask-RESTx, SQLAlchemy.**
2. **Create database models (`User`, `Book`).**
3. **Implement Basic Authentication (username & password).**
4. **Define role-based access control (RBAC).**
5. **Create API endpoints for managing books and borrowing system.**
6. **Test API using Postman or cURL.**

---

### **🔥 Bonus Challenges**
- ✅ Implement password hashing using `werkzeug.security`.
- ✅ Add pagination to `/books`.
- ✅ Add search filtering (`?title=Clean Code`).
- ✅ Track borrow history.

--- 



In [19]:
from base64 import b64decode
from functools import wraps
from http import HTTPStatus
from flask import Flask, request, g
# Import Flask and request object
from flask_jwt_extended import create_access_token  # Import create_access_token to generate JWT tokens
import json  # Import json to handle JSON data for encoding user information in the token
from flask_sqlalchemy import SQLAlchemy  # Import SQLAlchemy for database management
from flask_restx import Api, Resource, Namespace, fields  # Import Flask-RESTx components
from flask_jwt_extended import JWTManager, create_access_token, jwt_required, get_jwt_identity, verify_jwt_in_request  # Import JWT utilities
from werkzeug.security import generate_password_hash, check_password_hash  # Import password hashing utilities
from datetime import datetime, timedelta  # Import datetime and timedelta for token expiration
from enum import Enum  # Import Enum for user roles
import nest_asyncio  # Import nest_asyncio for Jupyter Notebook compatibility
from werkzeug.serving import run_simple  # Import run_simple to run the Flask app
import json  # Import json for handling JSON data

# Apply nest_asyncio for Jupyter Notebook compatibility
nest_asyncio.apply()

# Initialize Flask application
app = Flask(__name__)
# Configure SQLAlchemy with MySQL database URI
app.config['SQLALCHEMY_DATABASE_URI'] = "mysql+mysqlconnector://root:secret@localhost:3307/test_60"
# Disable SQLAlchemy track modifications to save resources
app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
# Set the secret key for JWT
app.config['JWT_SECRET_KEY'] = 'your_secret_key'

    
# Enum for User Roles
class UserRole(Enum):
    ADMIN = "admin"
    USER = "user"
    GUEST = "guest"

    
# Initialize Flask-RESTx API with metadata

# Initialize SQLAlchemy with Flask app 
db = SQLAlchemy(app)

# Database Model for User 
class User(db.Model):
    __tablename__ = "users"
    
    id = db.Column(db.Integer, primary_key=True)
    username = db.Column(db.String(80), unique=True, nullable=False)
    password = db.Column(db.String(255), nullable=False) 
    role = db.Column(db.Enum(UserRole), nullable=False)
    
    def to_dict(self):
        return {"id": self.id, "username": self.username, "role": self.role.value}
    
class Book(db.Model): 
    __tablename__ = "books"
    id = db.Column(db.Integer, primary_key=True)
    title = db.Column(db.String(120), nullable=False)
    author = db.Column(db.String(80), nullable=False)
    isbn = db.Column(db.String(13), unique=True, nullable=False)
    available = db.Column(db.Boolean, default=True)
    borrowed_by = db.Column(db.Integer, db.ForeignKey('users.id'), nullable=True)
    
    def to_dict(self):
        return {
            "id": self.id,
            "title": self.title,
            "author": self.author,
            "isbn": self.isbn,
            "available": self.available,
            "borrowed_by": self.borrowed_by
        }

# Create all database  initial users  
with app.app_context():
    # db.drop_all()
    db.create_all()
    if not User.query.first():
        admin = User(username='admin', password=generate_password_hash('admin123'), role=UserRole.ADMIN)
        user = User(username='johndoe', password=generate_password_hash('user123'), role=UserRole.USER)
        guest = User(username='guest', password=generate_password_hash('guest123'), role=UserRole.GUEST)
        db.session.add_all([admin, user, guest])
        db.session.commit()
        
# Namespaces
api = Api(app, 
          version="1.0", 
          title="Library Management API", 
          description="API for managing library books with role-based access",
          authorizations={
          'basic': {
            'type': 'basic',
            'description': "Basic Authentication - Provide `username:password` in Base64."
        }
    })

library_ns = Namespace("library", description="Library management operations")


# Swagger ModelS 
book_schema = library_ns.model('BookModel', {
    "id": fields.Integer(readonly=True),
    "title": fields.String(required=True),
    "author": fields.String(required=True),
    "isbn": fields.String(required=True),
    "available": fields.Boolean(readonly=True),
    "borrowed_by": fields.Integer(readonly=True)
})

book_request_schema = library_ns.model('BookRequestModel', {
    "title": fields.String(required=True),
    "author": fields.String(required=True),
    "isbn": fields.String(required=True)
})

book_response_schema = library_ns.model('BookResponseModel', {
    "success": fields.Boolean(),
    "data": fields.Nested(book_schema, skip_none=True), 
})
book_list_schema =  library_ns.model('BookListResponseModel', {
    "success": fields.Boolean(),
    "data": fields.List(fields.Nested(book_schema)),
    "total": fields.Integer(),
    "pages": fields.Integer()
})

book_borrow_schema =  ('BookBorrowResponseModel', {
    "message": fields.String(required=True),
    "user":  fields.String(required=True),
    "book":   fields.String(required=True),
  })

# Decorator for Basic Authentication with role-based access
def require_auth(roles):
    def decorator(f):
      @wraps(f)
      def decorated_function(*args, **kwargs):
        """
        request = {
          payload: {},
          header: {
            Authorization: JWT qwrewqerdfasfda
          }
        }
        """
        auth_header = request.headers.get('Authorization') #   basic qwrewqer  or None
        
        if not auth_header or not auth_header.startswith('Basic '):
              return {"success": False, "message": "Authentication required"}, HTTPStatus.UNAUTHORIZED
        
        auth_artifacts = auth_header.split() # ["basic", "qwrewqer" ] "qwrewqer" is an encrypted username and password
        credentials = b64decode(auth_artifacts[1]).decode('utf-8') # username:password
        some_username, some_password = credentials.split(":")
        #                list[users].first  =  user
        user = User.query.filter_by(username=some_username).first() # user | none
        
        if not user or not check_password_hash(user.password, some_password):
          return {"success": False, "message": "Invalid credentials"}, HTTPStatus.UNAUTHORIZED
        
        if user.role not in [UserRole(role) for role in roles]:
          return {"success": False, "message": "Forbidden"}, HTTPStatus.FORBIDDEN
        
        g.current_user = user.to_dict()
      
        return f(*args, **kwargs)
      return decorated_function
    return decorator

          
        
  
# endpoints 

@library_ns.route('/books')
class BookList(Resource):
  @library_ns.doc(security='basic')
  @library_ns.expect(book_schema, validate=True)
  @library_ns.response(HTTPStatus.CREATED, 'Book added', book_response_schema)
  @library_ns.response(HTTPStatus.BAD_REQUEST, 'Invalid input')
  @require_auth([UserRole.ADMIN.value])
  def post(self)-> tuple[dict, int]:
    """Add a new book"""
    data = api.payload 
    book = Book(**data)   
    
    db.session.add(book)
    db.session.commit()
    
    response_data = { "success": True,  "data": book.to_dict()   }
    response_status_code = HTTPStatus.CREATED
    
    return response_data, response_status_code
    
  
  @library_ns.doc(security='basic')
  @library_ns.response(HTTPStatus.OK, 'Books retrieved', book_list_schema)
  @require_auth([UserRole.GUEST.value, UserRole.USER.value, UserRole.ADMIN.value])
  def get(self)-> tuple[dict, int]:
    """List all books with pagination and filtering"""
    # /library/books?page=1&per_page=10&title="asdfas"
    page = request.args.get("page", 1, type=int)
    per_page = request.args.get("per_page", 10, type=int)
    title_filter= request.args.get("title", type=str)
    
    query = Book.query 
    if title_filter:
      """ 
       SELECT * FROM BOOKS WHERE title like %{title_filter}%
      """
      query = query.filter(Book.title.ilike(f'%{title_filter}%'))
    
      """ 
       SELECT * FROM BOOKS WHERE title like %{title_filter}% offset=1 limit=10  
      """
    books = query.paginate(page=page, per_page=per_page)
    
    response_data =  {
    "success": True,
    "data":  [ book.to_dict() for book in books],
    "total": books.total,
    "pages": books.pages
    }
    response_status_code = HTTPStatus.OK
    
    return  response_data, response_status_code

@library_ns.route('/books/<int:book_id>')
class BookItem(Resource):
  
  @library_ns.doc(security='basic')
  @library_ns.expect(book_request_schema, validate=True)
  @library_ns.response(HTTPStatus.OK, 'Book updated', book_response_schema)
  @library_ns.response(HTTPStatus.NOT_FOUND, 'Book not found')
  @require_auth([UserRole.ADMIN.value])
  def put(self, book_id: int)-> tuple[dict, int]:
    """Update book details"""
    book = Book.query.get_or_404(book_id)
    data = api.payload
    """ 
    title = data.get('title') | title or Non
    if title:
        book.title = title
    """
    if title:=data.get('title'):
      book.title = title
    if author:=data.get('author'):
      book.author = author
    if isbn:=data.get('isbn'):
      book.isbn = isbn
    
    db.session.commit()
    
    response_data = {
      "success": True, 
      "data": book.to_dict(),
    }
    response_status_code = HTTPStatus.OK
    
    return response_data, response_status_code
      
  @library_ns.doc(security='basic')
  @library_ns.response(HTTPStatus.NO_CONTENT, 'Book deleted')
  @library_ns.response(HTTPStatus.NOT_FOUND, 'Book not found')
  @require_auth([UserRole.ADMIN.value])
  def delete(self, book_id: int)-> tuple[dict, int]:
    """Delete a book"""
    book = Book.query.get_or_404(book_id)
    
    db.session.delete(book)
    db.session.commit()
    
    response_data = {"success": True, "message": "Book deleted successfully"}
    response_status_code = HTTPStatus.NO_CONTENT    
    
    return response_data, response_status_code
  
@library_ns.route("/borrow/<int:book_id>")
class BorrowBook(Resource):
  @library_ns.doc(security='basic')
  @library_ns.response(HTTPStatus.OK, 'Book borrowed', book_response_schema)
  @library_ns.response(HTTPStatus.NOT_FOUND, 'Book not found')
  @require_auth([UserRole.USER.value])
  def post(self, book_id: int)-> tuple[dict, int]:
    """Borrow a book"""
    book = Book.query.get_or_404(book_id)
    if not book.available:
      response_data = {"success": False, "message": "Book not available"}
      response_status_code = HTTPStatus.NOT_FOUND
      
      return response_data, response_status_code
    
    book.available = False
    book.borrowed_by = g.current_user['id']  # Use g.current_user dict
    db.session.commit()
    
    response_data  = {  "success": True,  "data": book.to_dict(), }
    response_status_code = HTTPStatus.OK
    
    return response_data, response_status_code
  
@library_ns.route('/return/<int:book_id>')
class ReturnBook(Resource):
  
  @library_ns.doc(security='basic')
  @library_ns.response(HTTPStatus.OK, 'Book returned', book_response_schema)
  @library_ns.response(HTTPStatus.NOT_FOUND, 'Book not found')
  @require_auth([UserRole.USER.value])
  def post(self, book_id: int)-> tuple[dict, int]:
    """Return a book"""
    book = Book.query.get_or_404(book_id)
  
    book.available = True
    book.borrowed_by = None
    db.session.commit()
    response_data  = {  "success": True,  "data": book.to_dict(), }
    response_status_code = HTTPStatus.OK
    
    return response_data, response_status_code
    
# Add namespace to API
api.add_namespace(library_ns)
  

# Run the Flask application
run_simple("localhost", 5000, app)

 * Running on http://localhost:5000
[33mPress CTRL+C to quit[0m


127.0.0.1 - - [06/Mar/2025 21:57:50] "POST /library/return/2 HTTP/1.1" 200 -
