A production-style REST API demonstrating:
- JWT authentication (register/login)
- Task management with a thread pool (async runs)
- SQLite with parameterized queries (SQL injection resistant)
- Pydantic request validation (prevents malformed input)
- Safe JSON responses (no server-side HTML → mitigates XSS)
License: Proprietary. All rights reserved. See LICENSE.
` ext Flask (WSGI) ├── /auth/register → create user (bcrypt) ├── /auth/login → issue JWT (HS256) └── /tasks[...] → JWT-gated CRUD + /run → ThreadPoolExecutor job SQLite (parameterized queries) Pydantic (request validation) → jsonify() responses only (no templates) Quick Start bash Copy code python -m venv .venv source .venv/bin/activate # Windows: .venv\Scripts\activate pip install -r requirements.txt
="change-me" # PowerShell
python -m src.app Health:
Auth & Tasks – cURL bash Copy code
curl -s
-H "Content-Type: application/json"
-d '{"username":"alice","password":"s3cret"}'
TOKEN=
curl -s
-H "Authorization: Bearer " -H "Content-Type: application/json"
-d '{"title":"demo"}'
curl -s -H Testing bash Copy code pytest -q Security Notes JWT signed with HS256 (rotate JWT_SECRET; set short TTL via JWT_TTL_MIN).
No SQL string building — all DB access uses ? placeholders.
Validation first: Pydantic rejects unexpected/invalid fields.
JSON only responses — no HTML rendering → mitigates reflected XSS.
Add a reverse-proxy (nginx) + TLS in deployment.
bash Copy code src/ app.py # Flask app + routes auth.py # register/login + JWT mint/verify db.py # SQLite + schema tasks.py # CRUD + thread pool worker validation.py # Pydantic models tests/ test_api.py postman/collection.json CI
GitHub Actions workflow installs deps and runs pytest. See .github/workflows/ci.yml.
Copyright © 2025 Adit Sharma. All rights reserved. See LICENSE.