This repository contains the source code for an API that services a web application called Votify, a website for shared polls. You can visit the website through This Link
Before you can start using Git and Python, you need to make sure you have the following software installed on your computer:
-
Git: Git is a version control system that allows you to track changes to your code over time. To install Git, follow the instructions for your operating system at https://git-scm.com/downloads.
-
Pip: Pip is a package manager for Python that allows you to easily install and manage third-party libraries and modules. To install Pip, follow the instructions at https://pip.pypa.io/en/stable/installation/.
-
Python: Python is a popular programming language used for a wide range of applications, including web development, data analysis, and machine learning. To install Python, follow the instructions for your operating system at https://www.python.org/downloads/.
To run the Django REST API, follow these steps:
- Clone the repository onto your local machine using the following command:
git clone https://github.com/alaaamady/polls-api.git
- Navigate to the project's root directory and create a virtual environment:
python -m venv venv
- Activate the virtual environment:
source venv/bin/activate
- Install the required packages:
pip install -r requirements.txt
- Configure the postgres database by setting up a local database or a hosted one and then set up the following environment variables in your root project
.envfile:
## .env file
DB_NAME=
DB_USER=
DB_PASSWORD=
DB_HOST=
DB_PORT=
- Run database migration:
python manage.py migrate
- Setup the sender email host and password by adding the following varialvles to you
.envfile
EMAIL_ADDRESS=
EMAIL_PASSWORD=
57
- Start the server:
python manage.py runserver
| Name | Description |
|---|---|
| /GET /polls?page= | Lists all polls in a paginated response of maximum 10 entries |
| /GET /polls?search= | Searches all polls' titles, description or choices |
| /POST /vote | Submits a vote for verification |
| /POST /confirm-vote | Verifies a vote's OTP |
- The current implementation only has unit tests for the views module. It should cover all app modules, eg. Serializers, Models.
- An OpenAPI documentation would aid in on boarding users to utilize this API quicker. For now there is a Postman collection for all endpoints.
- Use a secure method for generating and storing the OTP, such as using a cryptographically secure random number generator and storing the OTP in hashed form.
- Implement rate limiting and/or CAPTCHA to prevent automated attacks that attempt to guess OTPs.
- Log all OTP generation, sending, and validation activities, to allow for audit trails and investigation in case of suspicious activities.