This is the backend that powers Espresso, my personal link-saving tool for saving websites to read later. It uses PostgreSQL to store URLs to read, and contains a REST API (built with Flask) that allows other applications to add/modify links easily (this allows me to add Shortcuts actions to capture URLs quickly from any application with a share sheet, or create a send-to-email URL saving service).
🚧 Under Construction: Espresso is still being developed. Hoping to release it as a self-hosted link saving tool!
This will get you started on getting Espresso installed locally to play with the API.
- A computer with Python 3.9+ installed
- Docker already installed and ready to go (or a local PostgreSQL instance if you're running without Docker)
Choose your adventure!
-
Clone this repository in the directory of your choosing:
git clone https://github.com/mm/espresso-api.git -
Ensure Docker is running (and Docker Compose is installed)
-
Make a copy of the
.env.examplefile as.env, for example:$ cp .env.example .env -
Update environment variables in
.envto your liking -- these control the PostgreSQL username, password and database. TheDB_HOSTvariable isn't used in Docker Compose builds. -
Build and run Espresso!
docker-compose up -d -
Upgrade the database structure to the latest version:
docker-compose run web flask db upgrade -
Once everything's up and running, you can use the CLI to generate a testing environment with a few links already populated for you. Make note of the API key it outputs as you can use this to access the API methods afterwards.
$ docker-compose run web flask admin dummy -
You should be able to access the API at
http://127.0.0.1:8000. Once you're done, stop any running containers withdocker-compose down.
-
Clone this repository in the directory of your choosing:
git clone https://github.com/mm/espresso-api.git -
Install dependencies with Pipenv:
$ cd espresso-api $ pipenv install
-
Copy the
.env.examplefile into an.envfile to store environment variables:$ cp .env.example .envTo specify how to get to your database, you can specify either a
DATABASE_URLenvironment variable (see the SQLAlchemy docs for how this is formatted) or manually specify:DB_USERDB_PASSWORDDB_DATABASEDB_HOST
If a
DATABASE_URLvariable and the above variables are specified, theDATABASE_URLtakes precedence. Otherwise, a URL connection string is automatically generated. -
Upgrade the database structure to the latest version:
flask db upgrade -
Use the CLI to generate test data for your environment (a testing user with some links). You can specify your name and email and it'll give you an API key to access the API with as well. Make note of the API key it outputs as you can use this to test out the API methods afterwards.
$ flask admin dummy --name Matt --email hello@example.com -
Start up the API with the built-in Flask development server:
flask run.
I deploy Espresso to Heroku for my own use. Here's how it can be done:
-
Sign up for Heroku if you haven't already. Set up a new app and provision the Heroku Postgres addon for it. When you deploy this app to Heroku, the
DATABASE_URLenvironment variable will be used automatically to give the correct URL for the Heroku Postgres instance (no need to copy it anywhere) -
Ensure that the Heroku CLI is installed.
-
If you haven't logged in to the CLI before, run
heroku loginfirst in your console. Then, add the Heroku remote to your repository and push to that remote:$ heroku git:remote -a YOUR_APP_NAME_ON_HEROKU_HERE $ git push heroku master
-
If all goes well, you should now be able to initialize the database and create your API key remotely using the CLI!
$ heroku run flask db upgrade $ heroku run flask admin new_user --name Matt --email hello@example.com
Enjoy :)
This application uses pytest to run unit tests. Tests run against a SQLite database instead of a Postgres one. To run tests, at the project root start up pytest:
$ pytest -vYou can also run tests in a Docker container:
$ docker-compose run --rm web pytest -vThe CLI is where you can perform a couple administrative functions on the application. From the project directory, you can run flask admin <command name> to run a command (or docker compose run web flask admin <command name>)
$ flask admin
Usage: flask admin [OPTIONS] COMMAND [ARGS]...
Options:
--help Show this message and exit.
Commands:
clear_tables Deletes all data.
drop_tables Drops all database tables.
dummy Creates a dummy testing environment, complete with a test...
new_user Creates a new user with an API key.All API methods are prefixed with a v1 (i.e. /v1/links/4)
All API methods require you to authenticate with the API key generated by the CLI. The key must be passed in as an x-api-key HTTP header with every request. Failure to do so will yield a 401 error with this body:
{
"message": "Authorization is required to access this resource."
}This was really only designed to be used for one person, but this scheme is definitely not ideal and rather basic as far as security goes. In the future I want to implement a 3rd party auth provider like Auth0 (which would make authentication on the accompanying web app much easier too).
Returns information about the current user (detected via API key).
- URL:
/auth/user - Method:
GET
-
Example successful response:
-
Code:
200 -
Response body:
{ "id": 1, "links": 7, "name": "Matt" }
-
- URL:
/links - Method:
GET, POST
Returns a list of links belonging to the current user. By default, this will paginate to show 20 links per page, sorted in order of most recently added links first.
-
URL Parameters:
per_page=[integer]: The number of links to show per page (default 20)page=[integer]: The page number of links to retrieve (will yield a 404 if out of bounds)show=[string{all, read, unread}]: Controls whether unread, read or all links are returned:unread(Default): Returns only links which haven't been marked as read yetread: Returns only links which have been marked as readall: Returns all links regardless of read status
-
Example successful response:
-
Code:
200 -
Response body:
{ "links": [ { "date_added": "2020-08-03 14:52", "id": 28, "read": false, "title": "Tutorial: VPN on Demand with Siri, Shortcuts, Python, AWS EC2 & Lambda - DEV", "url": "https://dev.to/mmascioni/tutorial-vpn-on-demand-with-siri-shortcuts-python-aws-ec2-lambda-i83" } ], "next_page": null, "page": 1, "per_page": 20, "total_links": 1, "total_pages": 1 }
-
-
Note that
total_linkswill always reflect the total number of links the user has saved, regardless of the value passed to theshowparameter.
Adds a new link to the database. If a title wasn't provided, the backend attempts to infer one from the <title> element of the URL passed in. A JSON representation of the link will be returned in the response, with a 201 code if successful. URLs need to have a scheme specified as well as a TLD.
-
Request body: Must be valid JSON of this form:
{ "title": "Apple", "url": "https://apple.com" }Note that only
urlis required. Iftitlewasn't passed in, the title is inferred from the site's<title>element. -
Example successful response::
-
Code:
201 -
Response body:
{ "date_added": "2020-08-15 22:31", "id": 30, "read": false, "title": "Apple", "url": "https://apple.com" }Note that
date_addedis in UTC. -
Location Header:
http://localhost/links/30
-
-
Example validation error::
Returned if, for example, the URL is invalid.
-
Code:
422 -
Response body:
{ "issues": { "url": [ "Not a valid URL." ] }, "message": "The submitted data failed validation checks" }
-
Allows manipulation or retrieval of a given link stored in the database. If the link at the ID specified is not owned by the current user, a 403 Forbidden is returned.
- URL:
/links/:id - Required:
:id [integer] - Method:
GET, PATCH, DELETE
Retrieves a link from the database with a given ID, or returns a 404 if the link wasn't found.
-
Example successful response:
GET /links/30Code:
200Response body:
{ "date_added": "2020-08-15 22:31", "id": 30, "read": false, "title": "Apple", "url": "https://apple.com" }Note that
date_addedis in UTC.
Updates a field in the database for a link with a given ID. Returns a 404 if the link wasn't found to begin with, or 422 if new data failed validation. Only fields passed in to the request body are updated.
-
Request Body: JSON describing the fields to be changed and the new values. Keys can be any (or a combination) of
title, url, readto change the URL's title, URL or read status (true/false) respectively. -
Example successful request:
PATCH /links/30Request body:
{"read": true }Code:
200Response body:
{ "message": "Link with ID 30 updated successfully" }
Deletes an entry in the database for a link with a given ID. Returns a 404 if the link wasn't found.
-
Example successful response:
DELETE /links/30Code:
200Response body:
{ "message": "Link with ID 30 deleted successfully" }