# Flask App Code Challenge

## Challenge Overview

Build a Flask application that integrates the following features:

### **Authentication**:
- Implement user login and registration:
  - **Web Interface**: Use session-based authentication.
  - **REST API**: Use token-based authentication via JWT.

### **Models**:
- **User**:
  - `id`: Unique identifier for the user.
  - `username`: Unique username.
  - `email`: Unique email address.
  - `password_hash`: Hashed password.
- **Todo**:
  - `id`: Unique identifier for the to-do item.
  - `task`: Description of the to-do item.
  - `is_completed`: Boolean indicating completion status.
  - `user_id`: Foreign key linking the to-do to a user.

### **Web Features**:
- User registration and login via web pages.
- Protected dashboard page showing:
  - List of all to-do items for the logged-in user.
  - Ability to add new to-do items.
  - Delete button to remove specific to-do items.

### **RESTful API**:
- **Authentication**:
  - **POST /auth/register**: Register a new user.
  - **POST /auth/login**: Login and receive a JWT token.
- **To-Do Management**:
  - **GET /todos**: Retrieve all to-do items for the authenticated user.
  - **POST /todos**: Add a new to-do item for the authenticated user.
  - **DELETE /todos/<id>**: Delete a specific to-do item for the authenticated user.

### **Protected Resources**:
- Dashboard (web) and `/todos` (API) endpoints should require authentication:
  - **Web**: Use session management.
  - **API**: Use JWT tokens passed in the `Authorization` header.

---

## Challenge Tasks

### **1. Setup**:
- Use the following libraries:
  - `Flask` for the application.
  - `Flask-SQLAlchemy` for database models.
  - `Flask-WTF` and `Flask-Bootstrap` for forms and UI.
  - `Flask-JWT-Extended` for token-based authentication.
  - `Werkzeug.security` for password hashing.

### **2. Models**:
- Create a `User` model to store user credentials.
- Create a `Todo` model to manage to-do items, with a relationship linking each to-do to a specific user.

### **3. Web Features**:
- Design the following routes:
  - **Register Page (`/register`)**:
    - Form to create a new user account.
  - **Login Page (`/login`)**:
    - Form to log in users.
  - **Dashboard (`/dashboard`)**:
    - Show all to-do items for the logged-in user.
    - Add new to-do items via a form.
    - Allow deletion of specific to-do items with a button.

### **4. REST API Features**:
- Create API endpoints under `/api` for:
  - User registration and login.
  - Managing to-do items with token-based authentication.

### **5. Protected Resources**:
- Ensure the following are restricted:
  - Web-based dashboard access requires user login (session).
  - API endpoints require a valid JWT token.

---

## Bonus Challenges

1. **Pagination**:
   - Add pagination to the `/todos` API endpoint.
   - Show only 10 to-do items per page on the web dashboard.

2. **Search**:
   - Add a search bar on the web dashboard to filter to-do items by keywords.

3. **Validation**:
   - Add input validation for user registration and to-do creation (e.g., unique email, non-empty tasks).

4. **Roles**:
   - Extend the `User` model to include an `is_admin` field for role-based access control.

5. **Testing**:
   - Write unit tests for:
     - User registration and login.
     - CRUD operations on to-do items.

---

## Deliverables

- A working Flask app fulfilling the requirements.
- Clear structure with separate modules for models, routes, and templates.
- Ability to run locally with `flask run` or similar.

---

Let me know if you’d like to refine or expand this further!
