## How to build beautiful REST APIs with Flask, Swagger UI and Flask-RESTPlus

### set virtual env
* python3 -m venv learn_flask
* cd learn_flask
* source bin/activate

### install packages and write code
* install the python package: pip install flask
* create hello.py, code as below
* run in the console "FLASK_APP=hello.py flask run"
* open browser with "http://127.0.0.1:5000", you should be able to see the "Hello World!" string

In [None]:
from flask import Flask
app = Flask(__name__)

@app.route("/")
def hello():
    return "Hello World!"

### enable live reload of changed code
1. export FLASK_APP=hello.py
2. export FLASK_DEBUG=1
3. flask run

### routing and variables

In [None]:
from flask import Flask
app = Flask(__name__)

@app.route('/user/<string:username>')
def show_user_profile(username):    
    return 'User %s' % getUserProfile(username)

@app.route('/post/<int:user_id>')
def show_user_profile_by_user_id(user_id):
    return 'User %s' % getUserProfileByUserID(user_id)

### HTTP methods

In [None]:
from flask import request

@app.route('/login', methods=['GET', 'POST'])
def login():
    if request.method == 'POST':
        do_the_login()
    else:
        show_the_login_form()

### responed with JSON
use curl -i http://localhost:5000/onelab/api/v1.0/user/zhongzhu/profile to test result

In [None]:
from flask import Flask, jsonify, request
app = Flask(__name__)

@app.route('/onelab/api/v1.0/user/<username>/profile')
def profile(username):
    id, email, site = [123, 'happy@haha.com', 'Beijing']
    return jsonify(result={'id':id, 'email':email, 'site':site})

### version?
* https://www.haha.com/api/v1.0/ or
* https://api.haha.com/v1.0  (maybe this one)

## end points
* GET /v1/inventory/<uniq-id>  :get item detail info by uniq id
* GET /v1/inventory/sn/<id>    :get item detail info by serial number
* GET /v1/inventory/search?q=  :search inventory
* GET /v1/user/<id>

## Operations
* GET（SELECT）：从服务器取出资源（一项或多项）。
* POST（CREATE）：在服务器新建一个资源。
* PUT（UPDATE）：在服务器更新资源（客户端提供改变后的完整资源）。
* PATCH（UPDATE）：在服务器更新资源（客户端提供改变的属性）。
* DELETE（DELETE）：从服务器删除资源。

### Operation examples
* GET /zoos：列出所有动物园
* POST /zoos：新建一个动物园
* GET /zoos/ID：获取某个指定动物园的信息
* PUT /zoos/ID：更新某个指定动物园的信息（提供该动物园的全部信息）
* PATCH /zoos/ID：更新某个指定动物园的信息（提供该动物园的部分信息）
* DELETE /zoos/ID：删除某个动物园
* GET /zoos/ID/animals：列出某个指定动物园的所有动物
* DELETE /zoos/ID/animals/ID：删除某个指定动物园的指定动物

## filtering
* ?limit=10：指定返回记录的数量
* ?offset=10：指定返回记录的开始位置。
* ?page=2&per_page=100：指定第几页，以及每页的记录数。
* ?sortby=name&order=asc：指定返回结果按照哪个属性排序，以及排序顺序。
* ?animal_type_id=1：指定筛选条件

## status code
* 200 OK - [GET]：服务器成功返回用户请求的数据，该操作是幂等的（Idempotent）。
* 201 CREATED - [POST/PUT/PATCH]：用户新建或修改数据成功。
* 202 Accepted - [*]：表示一个请求已经进入后台排队（异步任务）
* 204 NO CONTENT - [DELETE]：用户删除数据成功。
* 400 INVALID REQUEST - [POST/PUT/PATCH]：用户发出的请求有错误，服务器没有进行新建或修改数据的操作，该操作是幂等的。
* 401 Unauthorized - [*]：表示用户没有权限（令牌、用户名、密码错误）。
* 403 Forbidden - [*] 表示用户得到授权（与401错误相对），但是访问是被禁止的。
* 404 NOT FOUND - [*]：用户发出的请求针对的是不存在的记录，服务器没有进行操作，该操作是幂等的。
* 406 Not Acceptable - [GET]：用户请求的格式不可得（比如用户请求JSON格式，但是只有XML格式）。
* 410 Gone -[GET]：用户请求的资源被永久删除，且不会再得到的。
* 422 Unprocesable entity - [POST/PUT/PATCH] 当创建一个对象时，发生一个验证错误。
* 500 INTERNAL SERVER ERROR - [*]：服务器发生错误，用户将无法判断发出的请求是否成功。

## return value
### return single item
### return multiple items
```javascript
{
    code = 200,  //return code
    errmsg = "", //err message
    "start" = 0, //item index in total result (used for paging)
    "count" = 10,  // item count in current reponse (used for paging)
    "total" = 50,  // total result count (used for paging)
    "data" = [item1, item2, ...]
}
```
### return error


### The REST framework is used to:

* enforce best practices
* simplify: versioning, serialization, documentation, authenication
* provide browsable API

## Flask-RESTPlus
* is based on Flask-RESTFul
* define and document end points
* validate inputs
* format output as JSON
* turn python exception into HTTP responses
* minimise boilerplate code
* generate interactive documentation (Swagger UI)

## Open API Specification
* Standard language to describe REST APIs
* Open source
* Tools
  * Swagger UI
  * Swagger Editor
  * Code Generators
* http://openapis.org
* http://swagger.io

### Flask-RESTPlus
* FLASK_APP=todo.py FLASK_DEBUG=1 flask run
* type below to add 2 todo items
    * curl http://localhost:5000/todo1 -d "data=Drink the milk" -X PUT
    * curl http://localhost:5000/todo2 -d "data=Go to the Great Wall" -X PUT
* type below to query todo items    
    * curl http://localhost:5000/todo1
    * curl http://localhost:5000/todo2
* or open browser with http://127.0.0.1:5000/ , you'll see the Swagger UI, very handy tool

In [None]:
from flask import Flask, request
from flask_restplus import Resource, Api

app = Flask(__name__)
api = Api(app)

todos = {}


@api.route('/<string:todo_id>')
class TodoResource(Resource):
    def get(self, todo_id):
        return {todo_id: todos[todo_id]}

    def put(self, todo_id):
        todos[todo_id] = request.form['data']
        return {todo_id: todos[todo_id]}


## Authentication - Token based
* FLASK_APP=todo.py FLASK_DEBUG=1 flask run
* add a todo item
    * url http://localhost:5000/todo1 -d "data=Drink the milk" -X PUT
* query a todo item
    * curl -X GET --header 'Accept: application/json' --header 'X-API-KEY: key2' 'http://127.0.0.1:5000/todo1'

In [None]:
from flask import Flask, request
from flask_restplus import Resource, Api
from functools import wraps

myTokens = ('key1', 'key2', 'key3')
authorizations = {
    'apikey': {
        'type': 'apiKey',
        'in': 'header',
        'name': 'X-API-KEY'
    }
}
todos = {}

app = Flask(__name__)
api = Api(app, authorizations=authorizations, security='apikey')

def token_required(f):
    @wraps(f)
    def decorated(*args, **kwargs):
        token = None
        if 'X-API-KEY' in request.headers:
            token = request.headers['X-API-KEY']

        if not token:
            return {'message': 'Token is missing.'}, 401

        print('TOKEN: {}'.format(token))

        if not token in myTokens:
            return {'message': 'Authentication failed.'}, 401

        return f(*args, **kwargs)

    return decorated

@api.route('/<string:todo_id>')
class TodoResource(Resource):
    @token_required
    def get(self, todo_id):
        return {todo_id: todos[todo_id]}

    def put(self, todo_id):
        todos[todo_id] = request.form['data']
        return {todo_id: todos[todo_id]}