Building out an opinionated Falcon REST API for a movie recommendation project.
alysivji, updated
🕥
2022-01-21 19:27:14
Falcon Batteries Included
This opinionated project demonstrates how use Falcon and various Python libraries to build a scalable REST API for a movie recommendation website.
Table of Contents
- Design
- Development Workflow
- Getting Started
- Search Notes
- Python Best Practices
- Batteries
- Asynchronous Task Queue
- Authentication
- Continuous Integration, Continouous Delivery (CICD)
- Documentation
- Full-Text Search
- ORM (SQLAlchemy)
- Profiler
- Security
- Serialization / Deserialization
- Testing
Design
Use the best tool for the job at hand.
- Most of the CRUD logic is in controllers, but if we have to do perform multiple tasks for an endpoint, a process is kicked off.
- Took inspiration from Twelve-Factor App
Development Workflow
- Development environment leverages Docker-Compose to replicate production environment
Makefileprovides common operations for development- pre-commit hooks identify comomn code review issues before submission
- CI pipeline is triggered on push to branch and PR creation
Getting Started
make up- Create virtual environment on local machine,
pip install -r requirements_dev.txtto install dependencies locally - Point IDE's
PYTHONPATHto thepythoninstance in the virtual environment from above to get autocomplete and other tooling working - Install
pre-commiton your development machine pre-commit installwill run existing hook scripts (from.pre-commit-config.yaml)
Server available at http://0.0.0.0:7000/
Search Notes
- Implemented in console in console only, TODO: add search endpoint
python
Movie.reindex()
Movie.search("top gun", page=1, per_page=5)
Python Best Practices
- Code Formatter: Black
- Logging: Standard Library
- Static Type Checker: mypy
- Updating Dependencies: PyUp
Batteries
Asynchronous Task Queue
- redis + rq
- rq-scheduler to schedule jobs
- rq-dashboard for monitoring. Available at http://0.0.0.0:9181/
Authentication
- JWT authentication via falcon-auth
Continuous Integration, Continouous Delivery (CICD)
- CI builds with drone
Documentation
- apispec + falcon-apispec to generate OpenAPI (aka Swagger) specification
- Serving Redoc-styled docs at http://localhost:7000/swagger/redoc.html
Full-Text Search
- Using elasticsearch via elasticsearch-py
- Leveraging developer utilities from Kibana
ORM (SQLAlchemy)
- Follow pattern described in SQLAlchemy docs
- Load database (well, declarative base) into the request object
- Remove database from request before sending response
- Migrations with Alembic
Profiler
- Attach py-spy to Python process to profile
- Connect to Gunicorn process to profile web application
- Gunicorn architecture
console
USAGE:
py-spy --duration <duration> --pid <pid> --rate <rate>
Security
- Bandit is a static analysis tool to find security issues
- 10 common security gotchas in Python and how to avoid them
- Open Web Application Security Project: 2017 Top 10
Serialization / Deserialization
- Marshmallow to serialize objects into JSON (response) and deserialize JSON into object (request)
- webargs to parse requests arguments (query string)
toasted-marshmallowhas 10x performance, investigate
Testing
- pytest
- Functional tests via tavern
- Works locally and not in drone (currently excluded from CI check)
- Either write a plugin to have Tavern hit Falcon test API or use Jenkins
Issues
Bump ipython from 6.5.0 to 7.16.3
opened on 2022-01-21 19:27:13 by dependabot[bot]Bumps ipython from 6.5.0 to 7.16.3.
Commits
d43c7c7release 7.16.35fa1e40Merge pull request from GHSA-pq7m-3gw7-gq5x8df8971back to dev9f477b7release 7.16.2138f266bring back release helper from master branch5aa3634Merge pull request #13341 from meeseeksmachine/auto-backport-of-pr-13335-on-7...bcae8e0Backport PR #13335: What's new 7.16.28fcdcd3Pin Jedi to <0.17.2.2486838release 7.16.120bdc6ffix conda build- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/alysivji/falcon-batteries-included/network/alerts).
Bump webargs from 5.5.1 to 5.5.3
opened on 2021-04-07 21:29:31 by dependabot[bot]Bumps webargs from 5.5.1 to 5.5.3.
Changelog
Sourced from webargs's changelog.
5.5.3 (2020-01-28)
Bug fixes:
- :cve:
CVE-2020-7965: Don't attempt to parse JSON if request's content type is mismatched.5.5.2 (2019-10-06)
Bug fixes:
- Handle
UnicodeDecodeErrorwhen parsing JSON payloads (:issue:427). Thanks :user:lindycoderfor the catch and patch.
Commits
29b6a16Bump version and update changelog74fada6Skip JSON parsing if Content-Type is mismatchedf1ae764Bump version and update changelog6347b4bHandle decoding errors like json decode errors (#428)fb8ff11Run pre-commit autoupdatef2db6bcMerge pull request #429 from marshmallow-code/dependabot/pip/mypy-0.730211c442Bump mypy from 0.720 to 0.730- See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/alysivji/falcon-batteries-included/network/alerts).
Bump pyyaml from 5.1.2 to 5.4
opened on 2021-03-25 22:01:32 by dependabot[bot]Bumps pyyaml from 5.1.2 to 5.4.
Changelog
Sourced from pyyaml's changelog.
5.4 (2021-01-19)
- yaml/pyyaml#407 -- Build modernization, remove distutils, fix metadata, build wheels, CI to GHA
- yaml/pyyaml#472 -- Fix for CVE-2020-14343, moves arbitrary python tags to UnsafeLoader
- yaml/pyyaml#441 -- Fix memory leak in implicit resolver setup
- yaml/pyyaml#392 -- Fix py2 copy support for timezone objects
- yaml/pyyaml#378 -- Fix compatibility with Jython
5.3.1 (2020-03-18)
- yaml/pyyaml#386 -- Prevents arbitrary code execution during python/object/new constructor
5.3 (2020-01-06)
- yaml/pyyaml#290 -- Use
isinstead of equality for comparing withNone- yaml/pyyaml#270 -- Fix typos and stylistic nit
- yaml/pyyaml#309 -- Fix up small typo
- yaml/pyyaml#161 -- Fix handling of slots
- yaml/pyyaml#358 -- Allow calling add_multi_constructor with None
- yaml/pyyaml#285 -- Add use of safe_load() function in README
- yaml/pyyaml#351 -- Fix reader for Unicode code points over 0xFFFF
- yaml/pyyaml#360 -- Enable certain unicode tests when maxunicode not > 0xffff
- yaml/pyyaml#359 -- Use full_load in yaml-highlight example
- yaml/pyyaml#244 -- Document that PyYAML is implemented with Cython
- yaml/pyyaml#329 -- Fix for Python 3.10
- yaml/pyyaml#310 -- Increase size of index, line, and column fields
- yaml/pyyaml#260 -- Remove some unused imports
- yaml/pyyaml#163 -- Create timezone-aware datetimes when parsed as such
- yaml/pyyaml#363 -- Add tests for timezone
5.2 (2019-12-02)
- Repair incompatibilities introduced with 5.1. The default Loader was changed, but several methods like add_constructor still used the old default yaml/pyyaml#279 -- A more flexible fix for custom tag constructors yaml/pyyaml#287 -- Change default loader for yaml.add_constructor yaml/pyyaml#305 -- Change default loader for add_implicit_resolver, add_path_resolver
- Make FullLoader safer by removing python/object/apply from the default FullLoader yaml/pyyaml#347 -- Move constructor for object/apply to UnsafeConstructor
- Fix bug introduced in 5.1 where quoting went wrong on systems with sys.maxunicode <= 0xffff yaml/pyyaml#276 -- Fix logic for quoting special characters
- Other PRs: yaml/pyyaml#280 -- Update CHANGES for 5.1
Commits
58d0cb75.4 releasea60f7a1Fix compatibility with Jythonee98abdRun CI on PR base branch changesddf2033constructor.timezone: _copy & deepcopyfc914d5Avoid repeatedly appending to yaml_implicit_resolversa001f27Fix for CVE-2020-14343fe15062Add 3.9 to appveyor file for completeness sake1e1c7fbAdd a newline character to end of pyproject.toml0b6b7d6Start sentences and phrases for capital lettersc976915Shell code improvements- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/alysivji/falcon-batteries-included/network/alerts).