This Flask API implements Task 1 (Member Creation) and Task 2 (Role-Based Access Control - RBAC) for the CS432 Module 3 assignment A short demo is linked here.
- Python 3.8+
- pip (Python package installer)
- Access to the CS432 CIMS Database (
10.0.116.125) with Group 2 (cs432g2) credentials.
-
Clone the repository:
cs432_project_g2/ ├── backend/ │ ├── app/ │ │ ├── auth/ # Authentication endpoints & decorators │ │ │ ├── __init__.py │ │ │ ├── decorators.py │ │ │ └── routes.py │ │ ├── equipment/ # Equipment management endpoints │ │ │ ├── __init__.py │ │ │ └── routes.py │ │ ├── events/ # Event management endpoints │ │ │ ├── __init__.py │ │ │ └── routes.py │ │ ├── matches/ # Match management endpoints │ │ │ ├── __init__.py │ │ │ └── routes.py │ │ ├── members/ # Members endpoints │ │ │ ├── __init__.py │ │ │ └── routes.py │ │ ├── teams/ # Teams endpoints │ │ │ ├── __init__.py │ │ │ └── routes.py │ │ ├── venues/ # Venue endpoints │ │ │ ├── __init__.py │ │ │ └── routes.py │ │ └── utils/ # Helper utilities │ │ ├── __init__.py │ │ ├── database.py │ │ └── helpers.py │ ├── __init__.py │ ├── instance/ │ │ └── config.py # Environment-specific config (DB URL, secrets) │ ├── logs/ # Backend logs │ ├── config.py │ ├── demo.sh # Script for demo or setup │ ├── requirements.txt # Python dependencies │ └── run.py # App entry point ├── frontend/ │ ├── public/ # Static files │ │ ├── index.html │ │ ├── manifest.json │ │ └── favicon/logo images │ ├── src/ │ │ ├── components/ │ │ │ └── EditMemberForm.js # Reusable modal/form for editing members │ │ ├── context/ │ │ │ └── AuthContext.js # Central auth logic │ │ ├── pages/ │ │ │ ├── HomePage.js │ │ │ ├── LoginPage.js │ │ │ └── MembersPage.js │ │ ├── services/ │ │ │ └── api.js # Central API client │ │ ├── App.js # Root component │ │ ├── index.js # ReactDOM render │ │ └── CSS + misc files │ ├── .env.production │ └── package.json ├── logs/ │ ├── app.log │ ├── app.log.1 │ └── app.log.2 └── README.md -
Navigate to the project root directory:
cd /path/to/cs432_project_g2 -
Create and activate a virtual environment (highly recommended):
python3 -m venv mod3
On Windows:
.\mod3\Scripts\activate
On macOS/Linux:
source mod3/bin/activate -
Install required dependencies:
pip install -r requirements.txt
-
Ensure your virtual environment is activated.
-
Make sure you are in the backend directory.
-
Execute the run script:
python run.py
-
The Flask development server will start, typically listening on
http://0.0.0.0:5001. You can access it viahttp://localhost:5001or your machine's local IP address on port 5001. -
Log messages (including errors) will be printed to the console and saved in the
logs/app.logfile.
-
Local Authentication (
/login- POST):- Authenticates users by directly checking credentials (
user=MemberID,password) against thecs432cims.Logintable. - Generates a JWT
session_tokenupon successful login, containing the user's ID (sub) andRole.
- Authenticates users by directly checking credentials (
-
Task 1: Member Creation (
/admin/add_member- POST):- Requires a valid JWT Bearer token from an admin user (obtained via
/login). - Accepts
{"name": "...", "email": "..."}in the JSON body. - Inserts the new member into the
cs432cims.memberstable (usingUserName,emailIDcolumns). - Retrieves the new member's
ID. - Hashes the
DEFAULT_PASSWORD. - Inserts a corresponding record into the
cs432cims.Logintable (usingMemberID,Password,Role='user'columns).
- Requires a valid JWT Bearer token from an admin user (obtained via
-
Task 2: Role-Based Access Control (RBAC):
- Implemented using the
@token_requireddecorator which validates JWTs and extracts user ID and role. - Admin-specific routes (
/admin/add_member,/admin/profile/<id>) contain explicit checks to ensurerole == 'admin'. Non-admins attempting access receive a403 Forbiddenerror. - General authenticated routes (
/profile/me) only require a valid token (any role) via the decorator.
- Implemented using the
These commands demonstrate the implemented features.
Note:
- Run these commands from your terminal.
- Replace
localhost:5001if your API server is running on a different address/port. - Replace
YOUR_ADMIN_TOKEN_HEREandYOUR_USER_TOKEN_HEREwith the actualsession_tokenvalues obtained from the corresponding login commands.
Purpose: Get an Admin Token
curl -X POST http://localhost:5001/login \
-H "Content-Type: application/json" \
-d '{"user": "447", "password": "1234"}'Use {"user": "1137", "password": "XiLV9wEWdi"} for non-admin token.
(Copy the session_token from the successful JSON output)
Replace
YOUR_TOKEN_HEREwith the token from step 1 in the below steps.
Purpose: Verify admin can create a member.
curl -X POST http://localhost:5001/admin/add_member \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR_TOKEN_HERE" \
-d '{"name": "New User via Curl", "email": "new.curl@example.com"}'Purpose: Verify any logged-in user can view their own profile.
curl -X GET http://localhost:5001/profile/me \
-H "Authorization: Bearer YOUR_TOKEN_HERE"Purpose: Verify non-admin cannot access admin-only routes.
Attempt to view Admin 447's profile
curl -X GET http://localhost:5001/admin/profile/447 \
-H "Authorization: Bearer YOUR_TOKEN_HERE"If you plan to connect a React frontend to this Flask API, you must have Node.js and npm installed to manage the necessary dependencies. This step is for the client-side application only.
Navigate to your frontend project directory and run the following commands to install the required packages:
npm install axios
npm install react-router-dom