finish REST API

Author: Josh-pierce2026

planventure-api/README.md

@@ -1,16 +1,61 @@
 from flask import Flask, jsonify
 from flask_cors import CORS
+from flask_jwt_extended import JWTManager
+from database import db
+from dotenv import load_dotenv
+import os
+
+# Load environment variables
+load_dotenv()
 
 app = Flask(__name__)
-CORS(app)
+
+# Basic Flask configuration
+app.config['SECRET_KEY'] = os.getenv('SECRET_KEY', 'dev-secret-key')
+
+# JWT configuration
+app.config['JWT_SECRET_KEY'] = os.getenv('JWT_SECRET_KEY', app.config['SECRET_KEY'])
+app.config['JWT_ACCESS_TOKEN_EXPIRES'] = 3600  # 1 hour in seconds
+app.config['JWT_REFRESH_TOKEN_EXPIRES'] = 2592000  # 30 days in seconds
+
+# SQLAlchemy configuration
+app.config['SQLALCHEMY_DATABASE_URI'] = os.getenv('DATABASE_URL', 'sqlite:///planventure.db')
+app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
+app.config['SQLALCHEMY_ECHO'] = True  # Set to False in production
+
+# Initialize extensions with app
+db.init_app(app)
+jwt = JWTManager(app)
+
+# CORS configuration
+cors_origins = os.getenv('CORS_ORIGINS', 'http://localhost:3000')
+CORS(app, 
+     resources={r"/*": {"origins": cors_origins.split(',')}},
+     supports_credentials=True,
+     allow_headers=["Content-Type", "Authorization"],
+     methods=["GET", "POST", "PUT", "DELETE", "OPTIONS"])
+
+# Import models after db initialization
+from models import User, Trip
+
+# Register blueprints
+from routes import auth_bp, trips_bp
+app.register_blueprint(auth_bp)
+app.register_blueprint(trips_bp)
 
 @app.route('/')
 def home():
     return jsonify({"message": "Welcome to PlanVenture API"})
 
 @app.route('/health')
 def health_check():
-    return jsonify({"status": "healthy"})
+    return jsonify({
+        "status": "healthy",
+        "database": "connected" if db.engine else "disconnected"
+    })
+
+# Database tables are created via scripts/init_db.py
+# Run: python scripts/init_db.py
 
 if __name__ == '__main__':
     app.run(debug=True)

planventure-api/app.py

@@ -0,0 +1,3 @@
+from flask_sqlalchemy import SQLAlchemy
+
+db = SQLAlchemy()

planventure-api/database.py

@@ -0,0 +1,100 @@
+# PlanVenture API Testing Examples
+
+## Getting Started
+
+### 1. First, register and login to get an access token:
+
+```bash
+# Register
+curl -X POST http://localhost:5000/auth/register \
+  -H "Content-Type: application/json" \
+  -d '{"email":"[email protected]","password":"password123"}'
+
+# Login
+curl -X POST http://localhost:5000/auth/login \
+  -H "Content-Type: application/json" \
+  -d '{"email":"[email protected]","password":"password123"}'
+```
+
+Save the `access_token` from the response.
+
+### 2. Test Trip Routes
+
+#### Create a Trip
+
+```bash
+curl -X POST http://localhost:5000/trips \
+  -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
+  -H "Content-Type: application/json" \
+  -d @examples/trips_examples.json
+```
+
+Or use specific examples:
+
+```bash
+# Full trip with itinerary
+curl -X POST http://localhost:5000/trips \
+  -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "destination": "Paris, France",
+    "start_date": "2025-06-15",
+    "end_date": "2025-06-22",
+    "latitude": 48.8566,
+    "longitude": 2.3522,
+    "itinerary": "Day 1: Eiffel Tower..."
+  }'
+```
+
+#### Get All Trips
+
+```bash
+curl -X GET http://localhost:5000/trips \
+  -H "Authorization: Bearer YOUR_ACCESS_TOKEN"
+```
+
+#### Get Specific Trip
+
+```bash
+curl -X GET http://localhost:5000/trips/1 \
+  -H "Authorization: Bearer YOUR_ACCESS_TOKEN"
+```
+
+#### Update a Trip
+
+```bash
+curl -X PUT http://localhost:5000/trips/1 \
+  -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
+  -H "Content-Type: application/json" \
+  -d '{"destination": "Paris & Nice, France"}'
+```
+
+#### Delete a Trip
+
+```bash
+curl -X DELETE http://localhost:5000/trips/1 \
+  -H "Authorization: Bearer YOUR_ACCESS_TOKEN"
+```
+
+### 3. Using the Test Script
+
+Make the script executable and run it:
+
+```bash
+chmod +x examples/test_trips.sh
+./examples/test_trips.sh YOUR_ACCESS_TOKEN
+```
+
+## API Endpoints Summary
+
+| Method | Endpoint         | Description          | Auth Required |
+| ------ | ---------------- | -------------------- | ------------- |
+| POST   | `/auth/register` | Register new user    | No            |
+| POST   | `/auth/login`    | Login user           | No            |
+| GET    | `/auth/me`       | Get current user     | Yes           |
+| POST   | `/auth/logout`   | Logout user          | Yes           |
+| GET    | `/trips`         | Get all user's trips | Yes           |
+| POST   | `/trips`         | Create new trip      | Yes           |
+| GET    | `/trips/:id`     | Get specific trip    | Yes           |
+| PUT    | `/trips/:id`     | Update trip          | Yes           |
+| DELETE | `/trips/:id`     | Delete trip          | Yes           |

planventure-api/examples/README.md

@@ -0,0 +1,67 @@
+#!/bin/bash
+
+# PlanVenture API - Trip Routes Testing Script
+# Usage: ./test_trips.sh YOUR_ACCESS_TOKEN
+
+if [ -z "$1" ]; then
+    echo "Usage: ./test_trips.sh YOUR_ACCESS_TOKEN"
+    echo "Get your access token by logging in first:"
+    echo "curl -X POST http://localhost:5000/auth/login -H 'Content-Type: application/json' -d '{\"email\":\"[email protected]\",\"password\":\"yourpassword\"}'"
+    exit 1
+fi
+
+TOKEN=$1
+BASE_URL="http://localhost:5000/trips"
+
+echo "=== Testing PlanVenture Trip Routes ==="
+echo ""
+
+# 1. Create a new trip
+echo "1. Creating a new trip..."
+RESPONSE=$(curl -s -X POST $BASE_URL \
+  -H "Authorization: Bearer $TOKEN" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "destination": "Paris, France",
+    "start_date": "2025-06-15",
+    "end_date": "2025-06-22",
+    "latitude": 48.8566,
+    "longitude": 2.3522,
+    "itinerary": "Day 1: Eiffel Tower\nDay 2: Louvre Museum\nDay 3: Versailles"
+  }')
+echo $RESPONSE | python3 -m json.tool
+TRIP_ID=$(echo $RESPONSE | python3 -c "import sys, json; print(json.load(sys.stdin)['trip']['id'])" 2>/dev/null)
+echo ""
+
+# 2. Get all trips
+echo "2. Getting all trips..."
+curl -s -X GET $BASE_URL \
+  -H "Authorization: Bearer $TOKEN" | python3 -m json.tool
+echo ""
+
+# 3. Get specific trip
+if [ ! -z "$TRIP_ID" ]; then
+    echo "3. Getting trip with ID $TRIP_ID..."
+    curl -s -X GET $BASE_URL/$TRIP_ID \
+      -H "Authorization: Bearer $TOKEN" | python3 -m json.tool
+    echo ""
+    
+    # 4. Update trip
+    echo "4. Updating trip $TRIP_ID..."
+    curl -s -X PUT $BASE_URL/$TRIP_ID \
+      -H "Authorization: Bearer $TOKEN" \
+      -H "Content-Type: application/json" \
+      -d '{
+        "destination": "Paris & Nice, France",
+        "itinerary": "Extended trip with Nice added!"
+      }' | python3 -m json.tool
+    echo ""
+    
+    # 5. Delete trip
+    echo "5. Deleting trip $TRIP_ID..."
+    curl -s -X DELETE $BASE_URL/$TRIP_ID \
+      -H "Authorization: Bearer $TOKEN" | python3 -m json.tool
+    echo ""
+fi
+
+echo "=== Testing Complete ==="

planventure-api/examples/test_trips.sh

@@ -0,0 +1,35 @@
+{
+  "create_trip": {
+    "destination": "Paris, France",
+    "start_date": "2025-06-15",
+    "end_date": "2025-06-22",
+    "latitude": 48.8566,
+    "longitude": 2.3522,
+    "itinerary": "Day 1: Arrive in Paris, check into hotel near the Eiffel Tower\nDay 2: Visit the Louvre Museum and walk along the Seine\nDay 3: Explore Montmartre and Sacré-Cœur\nDay 4: Day trip to Versailles Palace\nDay 5: Visit Notre-Dame and Latin Quarter\nDay 6: Shopping on Champs-Élysées\nDay 7: Final day - Musée d'Orsay and farewell dinner"
+  },
+  "create_trip_minimal": {
+    "destination": "Tokyo, Japan",
+    "start_date": "2025-09-01",
+    "end_date": "2025-09-10"
+  },
+  "create_trip_with_coordinates": {
+    "destination": "New York City, USA",
+    "start_date": "2025-07-04",
+    "end_date": "2025-07-11",
+    "latitude": 40.7128,
+    "longitude": -74.006,
+    "itinerary": "Day 1: Statue of Liberty and Ellis Island\nDay 2: Central Park and Metropolitan Museum\nDay 3: Times Square and Broadway show\nDay 4: Brooklyn Bridge walk\nDay 5: 9/11 Memorial\nDay 6: Fifth Avenue shopping\nDay 7: Departure"
+  },
+  "update_trip": {
+    "destination": "Paris & Nice, France",
+    "itinerary": "Updated itinerary with additional days in Nice"
+  },
+  "update_trip_dates": {
+    "start_date": "2025-06-20",
+    "end_date": "2025-06-27"
+  },
+  "update_trip_coordinates": {
+    "latitude": 43.7102,
+    "longitude": 7.262
+  }
+}

planventure-api/examples/trips_examples.json

@@ -0,0 +1,3 @@
+from .auth import require_auth, get_current_user
+
+__all__ = ['require_auth', 'get_current_user']

planventure-api/middleware/__init__.py

@@ -0,0 +1,58 @@
+from functools import wraps
+from flask import jsonify, request
+from flask_jwt_extended import verify_jwt_in_request, get_jwt_identity
+from flask_jwt_extended.exceptions import NoAuthorizationError, InvalidHeaderError
+from models import User
+import jwt
+
+def require_auth(fn):
+    """
+    Decorator to protect routes that require authentication.
+    Usage: @require_auth
+    
+    This will verify the JWT token and ensure the user exists in the database.
+    """
+    @wraps(fn)
+    def wrapper(*args, **kwargs):
+        try:
+            # Verify JWT token is present and valid
+            verify_jwt_in_request()
+            
+            # Get user ID from token
+            user_id = get_jwt_identity()
+            
+            # Verify user still exists in database
+            user = User.query.get(user_id)
+            if not user:
+                return jsonify({'error': 'User not found'}), 404
+            
+            # Call the original function
+            return fn(*args, **kwargs)
+            
+        except NoAuthorizationError:
+            return jsonify({'error': 'Missing authorization token'}), 401
+        except InvalidHeaderError:
+            return jsonify({'error': 'Invalid authorization header'}), 401
+        except jwt.ExpiredSignatureError:
+            return jsonify({'error': 'Token has expired'}), 401
+        except jwt.InvalidTokenError:
+            return jsonify({'error': 'Invalid token'}), 401
+        except Exception as e:
+            return jsonify({'error': f'Authentication failed: {str(e)}'}), 401
+    
+    return wrapper
+
+def get_current_user():
+    """
+    Get the current authenticated user from the JWT token.
+    Must be called within a request context with a valid JWT token.
+    
+    Returns:
+        User object or None if not authenticated
+    """
+    try:
+        verify_jwt_in_request()
+        user_id = get_jwt_identity()
+        return User.query.get(user_id)
+    except:
+        return None

planventure-api/middleware/auth.py

@@ -0,0 +1,4 @@
+from .user import User
+from .trip import Trip
+
+__all__ = ['User', 'Trip']

planventure-api/models/__init__.py

@@ -0,0 +1,39 @@
+from datetime import datetime
+from database import db
+
+class Trip(db.Model):
+    __tablename__ = 'trips'
+    
+    id = db.Column(db.Integer, primary_key=True)
+    user_id = db.Column(db.Integer, db.ForeignKey('users.id'), nullable=False)
+    destination = db.Column(db.String(200), nullable=False)
+    start_date = db.Column(db.Date, nullable=False)
+    end_date = db.Column(db.Date, nullable=False)
+    latitude = db.Column(db.Float, nullable=True)
+    longitude = db.Column(db.Float, nullable=True)
+    itinerary = db.Column(db.Text, nullable=True)
+    created_at = db.Column(db.DateTime, nullable=False, default=datetime.utcnow)
+    updated_at = db.Column(db.DateTime, nullable=False, default=datetime.utcnow, onupdate=datetime.utcnow)
+    
+    # Relationship to User
+    user = db.relationship('User', backref=db.backref('trips', lazy=True, cascade='all, delete-orphan'))
+    
+    def __repr__(self):
+        return f'<Trip {self.destination} - {self.start_date}>'
+    
+    def to_dict(self):
+        """Convert trip object to dictionary"""
+        return {
+            'id': self.id,
+            'user_id': self.user_id,
+            'destination': self.destination,
+            'start_date': self.start_date.isoformat() if self.start_date else None,
+            'end_date': self.end_date.isoformat() if self.end_date else None,
+            'coordinates': {
+                'latitude': self.latitude,
+                'longitude': self.longitude
+            } if self.latitude and self.longitude else None,
+            'itinerary': self.itinerary,
+            'created_at': self.created_at.isoformat() if self.created_at else None,
+            'updated_at': self.updated_at.isoformat() if self.updated_at else None
+        }