📝 Blog API

A simple RESTful API for a blogging platform built with FastAPI. It provides authentication, post management, and token-based security.

---

Highlights

• JWT authentication with access & refresh tokens
• Token versioning for secure logout
• Dockerized environment for easy setup
• Clean modular architecture (routers, services, dependencies)
• Database migrations with Alembic

---

Tech Stack

• FastAPI
• SQLAlchemy
• PostgreSQL
• Alembic
• JWT (PyJWT)
• uv

---

🚀 Running the Project Locally

Requirements

• Docker installed and running

1. Clone the project

git clone https://github.com/yusufKh7-ctrl/Blog-API.git
cd Blog_API

2. Create your .env file

DATABASE_URL=postgresql://postgres:your_password@db:5432/BlogAPI
SECRET_KEY=your_secret_key_here
POSTGRES_PASSWORD=your_password

3. Start the project

docker compose up --build

That's it! The API will be available at:

http://localhost:8000

And you can explore the interactive docs at:

http://localhost:8000/docs

4. Stop the project

docker compose down

If you want to also delete the database data:

docker compose down -v

---

📌 Main Endpoints

POST   /api/users                  → Register a new account
POST   /api/users/token            → Login (returns access + refresh token)
POST   /api/users/token/refresh    → Get a new access token
POST   /api/users/logout           → Logout 🔒

📄 Posts

GET    /api/posts                  → List all posts
GET    /api/posts/{post_id}        → Get a specific post
GET    /api/posts/user/{user_id}   → Get all posts by a user
 
POST   /api/posts                  → Create a new post 🔒
PUT    /api/posts/{post_id}        → Update a post (full) 🔒
PATCH  /api/posts/{post_id}        → Update a post (partial) 🔒
DELETE /api/posts/{post_id}        → Delete a post 🔒

🔒 = requires login (Bearer token)

---

🔐 Authentication

This API uses JWT tokens with two token types:

• Access token — short-lived (30 minutes), used for protected endpoints
• Refresh token — long-lived (7 days), used to get a new access token without logging in again

To use protected endpoints, add this header to your request:

Authorization: Bearer <your_access_token>

---

📁 Project Structure

Blog_API/
├── alembic/          # Database migrations
├── core/             # Config, security, rate limiter
├── dependencies/     # Auth dependencies
├── models/           # Database models
├── routers/          # API endpoints (users, posts)
├── schemas/          # Pydantic schemas
├── tests/            # Tests
├── main.py           # App entry point
├── database.py       # DB session setup
├── docker-compose.yml
├── Dockerfile
└── pyproject.toml

---

Running Tests

docker compose exec api uv run pytest

---

Built by Yusuf Khlif