Skip to content

zayed0099/book_manager

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

128 Commits
app
app
 
 
docs
docs
 
 
migrations
migrations
 
 
scripts
scripts
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
.replit
.replit
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 
run.py
run.py
 
 

Repository files navigation

Book Manager API

A Flask-based REST API for managing personal book collections with user authentication, admin controls, and comprehensive book management features.

Features

User Management

  • User Registration & Authentication - JWT-based authentication system
  • Role-based Access Control - User and Admin roles with different permissions
  • Account Security - Password hashing, token blacklisting, and ban/unban functionality
  • Rate Limiting - Built-in rate limiting to prevent abuse

Book Management

  • CRUD Operations - Create, Read, Update, Delete books in your collection
  • Search, Filter & Pagination - Search with sorting options & Efficient pagination
  • Soft Delete - Books are marked as deleted but can be recovered
  • Favorites System - Mark books as favorites for quick access
  • Universal Database - Universal Book, Author, Category, Publisher database.
  • Rating & Review - Rate and write Review a book.
  • Custom List - User created custom list(5 list/user) with privacy control.

Admin Features

  • User Management - Ban/unban users, promote users to admin
  • Book Oversight - View all books across all users
  • Token Management - Clean up expired JWT tokens
  • Admin Controls - Full administrative access to the system

Tech Stack

  • Backend: Flask, Flask-RESTful
  • Database: SQLAlchemy with SQLite
  • Authentication: Flask-JWT-Extended
  • Validation: Marshmallow
  • Security: Argon2-cffi password hashing
  • Rate Limiting: Flask-Limiter
  • Frontend: HTML, CSS, Vanilla JS

Getting Started

For setup and installation instructions, see docs/setup.md.

API Endpoints

For API endpoints instructions, see docs/api_reference.md.

Security Features

  • Password Hashing: Uses Werkzeug's secure password hashing
  • JWT Token Management: Access and refresh tokens with blacklisting
  • Rate Limiting: Prevents API abuse with configurable limits
  • Input Validation: Marshmallow schemas validate all inputs
  • Role-based Access: Admin-only endpoints protected
  • SQL Injection Prevention: SQLAlchemy ORM protects against SQL injection

Rate Limiting

Default rate limits:

  • General: 200 requests per day, 50 per hour
  • Registration: 3 attempts per day
  • Login: 3 attempts per day
  • Book operations: 50 per day

License

This project is licensed under the MIT License .

Support

For support, email zayed.ah06@gmail.com or create an issue in the GitHub repository.

Changelog

v1.1.0

  • Added a basic JavaScript and HTML frontend to consume the API
  • Implemented rating and reviews functionality for books
  • Improved core logic and fixed various bugs for better stability

v1.0.0

  • Initial release
  • User authentication and authorization
  • Book CRUD operations
  • Admin panel
  • Rate limiting
  • JWT token management

About

API: Book Manager with Secure JWT Authentication

Topics

python flask marshmallow sqlite3 flask-sqlalchemy werkzeug flask-restful flask-jwt-extended flask-limiter

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages