Merge pull request #53 from tecladocode/jose/cou-97-write-flask-jwt-extended-section

Author: jslvtr

docs/docs-upcoming/07_flask_admin/01_project_overview/README.md

@@ -6,7 +6,7 @@ description: Let's look at what we'll do in this section. There are no changes t
 # Project Overview (and why use SQLAlchemy)
 
 - [x] Set metadata above
-- [ ] Start writing!
+- [x] Start writing!
 
 In this section we'll make absolutely no changes to the API! However, we will completely change the way we store data.
 

docs/docs-upcoming/07_flask_admin/README.md

@@ -59,6 +59,8 @@ class StoreModel(db.Model):
 </Tabs>
 </div>
 
+Remember to import the `TagModel` in `models/__init__.py` so that it is then imported by `app.py`. Otherwise SQLAlchemy won't know about it, and it won't be able to create the tables.
+
 ## The marshmallow schemas
 
 These are the new schemas we'll add. Note that none of the tag schemas have any notion of "items". We'll add those to the schemas when we construct the many-to-many relationship.

docs/docs-upcoming/07_flask_admin/_category_.json

@@ -63,6 +63,15 @@ class ItemsTags(db.Model):
     tag_id = db.Column(db.Integer, db.ForeignKey("tags.id"))
 ```
 
+Let's also add this to our `models/__init__.py` file:
+
+```python title="models/__init__.py"
+from models.item import ItemModel
+from models.tag import TagModel
+from models.store import StoreModel
+from models.item_tags import ItemsTags
+```
+
 ### Using the secondary table in the main models
 
 

docs/docs-upcoming/08_flask_jwt_extended/01_project_overview/README.md

@@ -0,0 +1,19 @@
+---
+title: Changes in this section
+description: Overview of the API endpoints we'll use for user registration and authentication.
+---
+
+# Changes in this section
+
+In this section we will add the following endpoints:
+
+| Method         | Endpoint          | Description                                           |
+| -------------- | ----------------- | ----------------------------------------------------- |
+| `POST`         | `/register`       | Create user accounts given an `email` and `password`. |
+| `POST`         | `/login`          | Get a JWT given an `email` and `password`.            |
+| 🔒 <br/> `POST` | `/logout`         | Revoke a JWT.                                         |
+| 🔒 <br/> `POST` | `/refresh`        | Get a fresh JWT given a refresh JWT.                  |
+| `GET`          | `/user/{user_id}` | (dev-only) Get info about a user given their ID.      |
+| `DELETE`       | `/user/{user_id}` | (dev-only) Delete a user given their ID.              |
+
+We will also protect some existing endpoints by requiring a JWT from clients. You can see which endpoints will be protected in [The API we'll build in this course](/docs/course_intro/what_is_rest_api/#the-api-well-build-in-this-course)

docs/docs-upcoming/08_flask_jwt_extended/README.md

@@ -0,0 +1,21 @@
+---
+title: What is a JWT?
+description: Understand what a JWT is, what data it contains, and how it may be used.
+---
+
+# What is a JWT?
+
+A JWT is a signed JSON object with a specific structure. Our Flask app will sign the JWTs with the secret key, proving that _it generated them_.
+
+The Flask app generates a JWT when a user logs in (with their username and password). In the JWT, we'll store the user ID. The client then stores the JWT and sends it to us on every request.
+
+Because we can prove our app generated the JWT (through its signature), and we will receive the JWT with the user ID in every request, we can _treat requests that include a JWT as "logged in"_.
+
+For example, if we want certain endpoints to only be accessible to logged-in users, all we do is require a JWT in them. Since the client can only get a JWT after logging in, we know that including a JWT is proof that the client logged in successfully at some point in the past.
+
+And since the JWT includes the user ID inside it, when we receive a JWT we know _who logged in_ to get the JWT.
+
+There's a lot more information about JWTs here: [https://jwt.io/introduction](https://jwt.io/introduction). This includes information such as:
+
+- What is stored inside a JWT?
+- Are JWTs secure?