📝 ToDo API - Task Management System

Maqsad: RESTful API asosida professional vazifalarni boshqarish tizimini yaratish

📋 Loyiha Tafsifi

ToDo API - bu Django REST Framework bilan qurilgan kuchli REST API, foydalanuvchilarga vazifalar (tasks) yaratish, o'qish, yangilash va o'chirish (CRUD) imkoniyatini beradi. Tizim JWT autentifikatsiya, PostgreSQL database va role-based access control bilan qurilgan.

✨ Asosiy Xususiyatlar

• 🔐 JWT Authentication

  • Secure token-based authentication
  • Access va Refresh tokens
  • Token lifecycle management

• 📝 Task Management

  • CRUD operations (Create, Read, Update, Delete)
  • Task status tracking (Completed/Pending)
  • Public/Private task visibility
  • Task filtering va searching

• 👤 User Management

  • Custom user model
  • User profiles
  • Role-based permissions

• 🔍 Advanced Filtering

  • Search by task title
  • Filter by status (completed/pending)
  • Filter by visibility (public/private)
  • Ordering by date

• 📚 API Documentation

  • Swagger UI (drf-yasg)
  • ReDoc documentation
  • OpenAPI 3.0 schema

• ⚡ Performance

  • Database indexing
  • Query optimization
  • Pagination support
  • Celery async tasks

🛠️ Texnologiyalar

Backend Stack

• Framework: Django 5.1
• API: Django REST Framework
• Database: PostgreSQL 12+
• Authentication: JWT (djangorestframework-simplejwt)
• API Documentation: drf-yasg (Swagger/ReDoc)
• Task Queue: Celery + Celery Beat
• Configuration: python-decouple

Qo'shimcha Kutubxonalar

• django-filter - Advanced filtering
• psycopg2-binary - PostgreSQL adapter
• redis - Cache & message broker

📁 Loyiha Strukturasi

ToDoAPILevelUp/
├── config/                  # Django settings
│   ├── settings.py         # Asosiy sozlamalar
│   ├── urls.py             # URL routing
│   ├── asgi.py             # ASGI config
│   └── wsgi.py             # WSGI config
├── todo/                    # Task app (Main)
│   ├── models.py           # Task model
│   ├── views.py            # APIViews
│   ├── serializers.py      # DRF serializers
│   ├── filters.py          # Custom filters
│   ├── permissions.py      # Permission classes
│   ├── urls.py             # Todo URLs
│   └── tasks.py            # Celery tasks
├── accounts/               # User authentication
│   ├── models.py           # CustomUser model
│   ├── views.py            # Auth endpoints
│   ├── serializers.py      # User serializers
│   └── urls.py
├── common/                 # Shared utilities
│   ├── models.py           # Common models
│   ├── permissions.py      # Common permissions
│   └── utils.py            # Helper functions
├── templates/              # Email templates
├── requirements.txt        # Dependencies
├── manage.py              # Django CLI
└── README.md

🚀 O'rnatish va Ishga Tushirish

1️⃣ Talablar

• Python 3.9+
• PostgreSQL 12+
• Redis (optional, but recommended)
• pip/venv

2️⃣ Virtual Environment

# Virtual environment yaratish
python -m venv venv

# Activate
source venv/bin/activate      # Linux/Mac
# yoki
venv\Scripts\activate         # Windows

3️⃣ Dependencies O'rnatish

pip install -r requirements.txt

4️⃣ Environment Setup

.env.example faylini .env ga nomi o'zgarting:

cp .env.example .env

.env faylini tahrirlang:

SECRET_KEY=your-secret-key-change-this-in-production
DEBUG=True
POSTGRES_HOST=localhost
POSTGRES_DB=todo_api
POSTGRES_USER=postgres
POSTGRES_PASSWORD=your_password
POSTGRES_PORT=5432
CELERY_BROKER_URL=redis://localhost:6379/0
CELERY_RESULT_BACKEND=redis://localhost:6379/1

5️⃣ Database Setup

# Migrations yaratish
python manage.py makemigrations

# Migrations qo'llash
python manage.py migrate

# Superuser yaratish (admin uchun)
python manage.py createsuperuser

6️⃣ Development Server

python manage.py runserver

Server http://localhost:8000 da ishga tushadi

7️⃣ API Documentation

• Swagger UI: http://localhost:8000/api/schema/swagger/
• ReDoc: http://localhost:8000/api/schema/redoc/
• Admin Panel: http://localhost:8000/admin/

📡 API Endpoints

Authentication Endpoints

POST   /api/accounts/register/          # Yangi account
POST   /api/accounts/login/             # Login (username + password)
POST   /api/accounts/token/             # JWT tokens olish
POST   /api/accounts/token/refresh/     # Token refresh
GET    /api/accounts/profile/           # Mening profilim

Task Endpoints

GET    /api/todos/                      # Barcha tasks (paginated)
POST   /api/todos/                      # Yangi task yaratish
GET    /api/todos/<id>/                 # Task details
PUT    /api/todos/<id>/                 # Task update
PATCH  /api/todos/<id>/                 # Partial update
DELETE /api/todos/<id>/                 # Task o'chirish

Filtering & Search

GET    /api/todos/?q=search_term        # Search by title
GET    /api/todos/?completed=true       # Filter by status
GET    /api/todos/?is_public=false      # Filter by visibility
GET    /api/todos/?ordering=-created_at # Sorting

🔐 Authentication

JWT Token Flow

1. POST /api/accounts/token/
   {
     "username": "user",
     "password": "pass"
   }
   
   Response:
   {
     "access": "eyJ0eXAiOiJKV1QiLCJhbGc...",
     "refresh": "eyJ0eXAiOiJKV1QiLCJhbGc..."
   }

2. Header bilan request:
   Authorization: Bearer <access_token>

Token Lifetime

• Access Token: 60 daqiqa
• Refresh Token: 1 kun

📊 Models

Task Model

class Task(models.Model):
    user          - ForeignKey to User
    title         - CharField(max_length=200)
    description   - TextField
    completed     - BooleanField (default=False)
    is_public     - BooleanField (default=False)
    created_at    - DateTimeField (auto_now_add=True)
    updated_at    - DateTimeField (auto_now=True)

Xususiyatlar

• about property - title + description birlashtiradi

🐛 Aniqlashtirgan Xatolar va Muammolar

⚠️ Xato #1: Typo in models.py

Fayl: todo/models.py (13-qator)

# ❌ NOTO'G'RI:
discription = models.TextField()

# ✅ TO'G'RI:
description = models.TextField()

Sababi: Python naming conventions va database schema uchun "description" to'g'ri yozuv.

Ta'siri:

• Database sxemasida "discription" deb saqlanadi
• API response-da "discription" bo'ladi
• Serializerlarni moslashtirishga to'g'ri keladi

Fix qilish:

1. Migration yaratish kerak:

python manage.py makemigrations todo
python manage.py migrate

2. Serializer-da field nomini o'zgartirish:

class TaskSerializer(serializers.ModelSerializer):
    class Meta:
        model = Task
        fields = ['id', 'title', 'description', 'completed', 'is_public']

---

🔐 Xato #2: Email Parol Xavfsizligi

Fayl: config/settings.py (147-148 qatorlar)

# ❌ XAVFSIZ EMAS:
EMAIL_HOST_USER = "azizbeknuraliyev2005@gmail.com"
EMAIL_HOST_PASSWORD = "cykj mxum fmvv jejo"

# ✅ XAVFSIZ:
EMAIL_HOST_USER = config("EMAIL_HOST_USER")
EMAIL_HOST_PASSWORD = config("EMAIL_HOST_PASSWORD")

Sababi: Credentials GitHub-da ochiq ko'rinmoqda!

Xavfsizlik tahdidlari:

• Parol bukanlanishi mumkin
• Spam emaillar jo'natilishi mumkin
• Account compromised bo'lishi mumkin

To'g'rilash:

1. .env faylga qo'shish:

EMAIL_HOST_USER=azizbeknuraliyev2005@gmail.com
EMAIL_HOST_PASSWORD=your_app_password

2. Settings.py-da:

EMAIL_HOST_USER = config("EMAIL_HOST_USER")
EMAIL_HOST_PASSWORD = config("EMAIL_HOST_PASSWORD")

3. .gitignore ga .env qo'shish (agar qo'shilmagan bo'lsa):

.env
.env.local
*.pyc

---

⚙️ Konfiguratsiya

Database Connection

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.postgresql_psycopg2',
        'HOST': 'localhost',
        'NAME': 'todo_api',
        'PORT': 5432,
        'USER': 'postgres',
        'PASSWORD': 'your_password',
    }
}

REST Framework Settings

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': [
        'rest_framework_simplejwt.authentication.JWTAuthentication',
        'rest_framework.authentication.SessionAuthentication',
    ],
    'DEFAULT_PERMISSION_CLASSES': [
        'rest_framework.permissions.IsAuthenticated',
    ],
    'DEFAULT_PAGINATION_CLASS': 
        'rest_framework.pagination.PageNumberPagination',
    'PAGE_SIZE': 10,
    'DEFAULT_FILTER_BACKENDS': [
        'django_filters.rest_framework.DjangoFilterBackend',
        'rest_framework.filters.SearchFilter',
        'rest_framework.filters.OrderingFilter',
    ],
}

JWT Settings

SIMPLE_JWT = {
    'ACCESS_TOKEN_LIFETIME': timedelta(minutes=60),
    'SLIDING_TOKEN_REFRESH_LIFETIME': timedelta(days=1),
}

🧪 Testing

Test yozish misoli:

python manage.py test todo

# Verbosity bilan
python manage.py test todo -v 2

# Specific test
python manage.py test todo.tests.TaskTestCase

📚 API Misollari

Task Yaratish

curl -X POST http://localhost:8000/api/todos/ \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "title": "Ishni bajarib bo\'lish",
    "description": "Urgent task",
    "completed": false,
    "is_public": true
  }'

Tasklar Ro'yxatini Olish

curl -X GET http://localhost:8000/api/todos/?completed=false \
  -H "Authorization: Bearer YOUR_TOKEN"

Task Yangilash

curl -X PATCH http://localhost:8000/api/todos/1/ \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"completed": true}'

🔧 Development

Debug Mode

# settings.py
DEBUG = True
INTERNAL_IPS = ['127.0.0.1', 'localhost']

Logging

LOGGING = {
    'version': 1,
    'disable_existing_loggers': False,
    'handlers': {
        'file': {
            'level': 'ERROR',
            'class': 'logging.FileHandler',
            'filename': 'error.log',
        },
    },
}

🚀 Production Deployment

Security Checks

python manage.py check --deploy

Collect Static

python manage.py collectstatic --noinput

Environment Variables (Production)

DEBUG=False
SECRET_KEY=your-very-secure-key
ALLOWED_HOSTS=yourdomain.com,api.yourdomain.com
DATABASE_URL=postgresql://user:pass@host:port/dbname

📚 Qo'shimcha Resurslar

• Django Documentation
• Django REST Framework
• Simple JWT
• PostgreSQL Docs
• drf-yasg

👨‍💻 Contribuytor

firdavsDev - Asosiy Developer

📝 Litsenziya

MIT License - Batafsil ma'lumot uchun LICENSE faylini ko'ring

---

Last Updated: 2026-04-23 Status: ✅ Production Ready