First Backend Code Review

.gcloudignore

@@ -0,0 +1,17 @@
+# This file specifies files that are *not* uploaded to Google Cloud Platform
+# using gcloud. It follows the same syntax as .gitignore, with the addition of
+# "#!include" directives (which insert the entries of the given .gitignore-style
+# file at that point).
+#
+# For more information, run:
+#   $ gcloud topic gcloudignore
+#
+.gcloudignore
+# If you would like to upload your .git directory, .gitignore file or files
+# from your .gitignore file, remove the corresponding line
+# below:
+.git
+.gitignore
+
+# Python pycache:
+__pycache__/

.gitignore

@@ -0,0 +1,3 @@
+.idea/*
+cloud_sql_proxy
+backend/backend/config.py

PULL_REQUEST_TEMPLATE.md

@@ -4,8 +4,8 @@
 
 ## Testing
 
-- [ ] Functional tests
-- [ ] Unit tests
+- [X] Functional tests
+- [X] Unit tests
 - [ ] Manual tests
 - [ ] Other (Please describe)
 
@@ -14,9 +14,10 @@
 ## PR Checklist
 
 - [ ] My code adheres to the code standards outlined in the EngineeringDocs repo. If not, add an explanation for why it doesn't.
-- [ ] I have selected at least one primary assignee for this PR. These people need to approve this PR for it to be merged.
+- [X] I have selected at least one primary assignee for this PR. These people need to approve this PR for it to be merged.
 - [ ] I have selected any number of reviewers for this pull request.  Reviewers are people who should know about the pull request, but whose sign-off is not a blocker to merging.
 
 ## PR Dependencies
 
 <!-- Optional. If this pull request cannot be merged until others are merged, link them here --> 
+Listed in requirements.txt

README.md

@@ -1,2 +1,59 @@
-# startup-job-board
-A job board for the startup community at UIUC. Built and maintained by the Founders R&D team.  
+# StartupMatch API
+
+This is a repository containing the Backedn PR's for Founders' StartupMatch website. StartupMatch is a Job Board application determined to find good student-company fits for startups that are hiring at UIUC.
+
+The backend is written using the Django REST Framework, using Google's CloudSQL backend to store data and being consumed by a React frontend. To see more of the frontend, go to [this fork](https://github.com/SirajChokshi/startup-job-board/tree/frontend-backend/backend/frontend).
+
+## Getting Started
+
+To run the API locally, make sure you have authentication credentials with our Google Cloud project. Also make sure you have the Google Cloud Proxy installed as well as the Google Cloud SDK. For running without accessing the Google server, make sure you have Python3 installed and the latest version of Django.
+
+### Prerequisites
+
+Install requirements using the following
+
+```
+pip install -r requirements.txt
+```
+
+### Installing
+
+Once you have the dependencies installed, clone or fork the repository. Start the google cloud proxy before continuing. If not using the google database and instead using a local MySQL db, update the `settings.py` file to point to that sql backend instead of the Google CloudSQL backend.
+
+Start the server by running:
+```
+python manage.py runserver
+```
+
+And navigate to localhost:8000 to see if it worked!
+
+Official API Documentation can be found in the `backend/` folder's README.
+
+## Deployment
+
+Deployment is still in progress with this particular API, but a hosting service like Heroku or DigitalOcean is preferred. In the Dockerfile be sure to specify that the Cloud SQL Proxy should be started (and gcloud auth should be set) before starting the server.
+
+## Built With
+
+* [Django](https://www.djangoproject.com/) - The API Framework used
+* [Python 3.7](https://www.python.org/downloads/release/python-370/) - Dependency Management
+* [Google Cloud Platform](https://cloud.google.com/sql) - Cloud Database Hosting
+
+## Contributing
+
+This project is not yet available for contributing, nor are we currently accepting PR's from outside the organization.
+
+## Authors
+
+* **Davis Keene** - *Backend* - [Website](https://daviskeene.com)
+* **Siraj Chokshi** - *Frontend* - [Website](https://sirajchokshi.com)
+
+See also the list of [contributors](https://github.com/Illinois-Founders/startup-job-board/contributors) who participated in this project.
+
+## License
+
+No applicable license yet.
+
+## Acknowledgments
+
+Thank you to [Jordan Campbell](https://www.linkedin.com/in/jordan-campbell-733621102) for pioneering this project.

app.yaml

@@ -0,0 +1,15 @@
+# [START django_app]
+runtime: python37
+
+handlers:
+# This configures Google App Engine to serve the files in the app's static
+# directory.
+- url: /static
+  static_dir: static/
+
+# This handler routes all requests not caught above to your main app. It is
+# required when static routes are defined, but can be omitted (along with
+# the entire handlers section) when there are no static files defined.
+- url: /.*
+  script: auto
+# [END django_app]

backend/README.md

@@ -0,0 +1,264 @@
+# API Documentation
+
+Founders Backend API Documentation.
+
+## Getting Started Locally
+Make sure that you have all of the proper requirements for the server to run locally by running:
+pip3 install -r requirements.txt
+
+Second, get the config.py file (for founders sql password) from here:
+https://drive.google.com/open?id=1puDFEjLAIqN8htaCIl-daZ-jFtVkx3RU
+and put it in backend/backend/ (where settings.py, wsgi.py and urls.py are located).
+
+Run the server my navigating to the backend directory and running:
+python3 manage.py runserver
+
+Assuming everything goes well, you should see the server up and running on
+localhost:8000
+
+## Endpoints
+This API currently has three endpoints:
+/api/users, /api/startups, and /api/listings
+
+## Making a request from the server
+Assuming that the server is up and running, making a request is as easy as using curl or requests in python:
+```angular2html
+# Get Request
+import requests
+
+url = 'http://127.0.0.1:8000/api/users'
+headers = {'content-type': 'application/json'}
+r = requests.get(url, headers=headers)
+
+# Post Request (add, delete)
+
+data = {
+    "firstName": "First",
+    "lastName": "Last",
+    "dateOfBirth": "1970-01-01",
+    "authToken": "000000001",
+    "userMajor": "CS",
+    "userGPA": "4.0",
+    "userDegree": "B.S",
+    "userPassword": "root",
+    "userPitch": "I am a student.",
+}
+r = requests.post(url, headers=headers, data=json.dumps(data))
+
+```
+# Docs
+
+## Creating Users
+To create a new user, you first have to register them via the <i>registration</i> api.
+To register a user, we send a request to `/api/auth/register` with the data in the following format:
+```angular2html
+email = "[email protected]"
+data = {
+    "username": email,
+    "email": email,
+    "password": "your-password"
+}
+```
+The following response should be in this format:
+```angular2html
+{
+    "user": {
+        "id": [user id],
+        "username": [user email]
+        "email": [also user email]
+    },
+    "token": "[user auth token]",
+    "is_startup": [Boolean, true if authuser is a startup.]
+}
+```
+There are two kinds of users in our backend, an <i> authuser </i> and a <i> CustomUser </i>.
+Django handles user authentication via their own user model (located under django.contrib.auth.models.User).
+Since Django handles user auth through a different model than we use to store user information, we have to somehow
+match authusers with CustomUsers. This is done through the email field.
+
+To create a new CustomUser, we send data to `/api/users/` in the following format:
+```angular2html
+data = {
+    "firstName": [first name],
+    "lastName": [last name],
+    "email": [same email as authuser],
+    ...
+    (Additional CustomUser fields can be found 
+    under board/models.py)
+}
+```
+## Public User Endpoints
+#### api/users/
+Gives a list of all users.
+
+Method: GET
+
+Permissions: AllowAny (dev), IsSuperUser (prod)
+
+#### api/users/[id]/
+Returns user information with specific id.
+
+Method: GET
+
+Permissions: AllowAny (dev), IsSuperUser (prod)
+
+#### api/users/data/bookmarks/
+Gets a query of Listing objects bookmarked by the user.
+
+Method: GET
+
+Permissions: IsAuthenticated
+
+## Public Startup Endpoints
+#### api/startups/
+Gives a list of all startups.
+
+Method: GET
+
+Permissions: AllowAny (dev), IsSuperUser (prod)
+
+#### api/startups/[id]
+Returns startup information given startup id.
+
+Method: GET
+
+Permissions: AllowAny (dev), IsSuperUser (prod)
+
+## Public Listing Endpoints
+#### api/listings/
+Gives a list of all job listings.
+
+Method: GET
+
+Permissions: AllowAny (prod)
+
+    search_fields = ['listName', 'listOrgID', 'listDesc']
+    filterset_fields = ['listCategory', 'isPaid', 'listName', 'listOrgID', 'listDesc']
+
+Searching: `/api/listings/?search=Business`
+
+Filtering: `/api/listings/?isPaid=true`
+
+#### api/listings/[id]/
+Returns job listing information given listing id.
+
+Method: GET
+
+Permissions: AllowAny (prod)
+
+#### api/listings/[id]/update/
+Updates a particular listing
+
+Method: GET
+
+Permissions: IsAuthenticated, IsListingOwner
+
+#### api/listings/[id]/toggle/
+Toggles a listing as bookmarked or not given a user's token.
+
+Method: POST
+
+Permissions: IsAuthenticated (prod)
+
+#### api/listings/[id]/applicants/
+Returns a list of applicants given a job listing id.
+
+Method: GET
+
+Permissions: AllowAny (prod)
+
+#### api/listings/manage/[add/delete]
+Adds or deletes a listing (for startups).
+
+Method: POST or DELETE (depending on add or delete)
+
+Permissions: IsAuthenticated, IsStartup (custom)
+
+## Authorization Endpoints (no slash at end)
+#### api/auth/user
+Returns a user's information given Token (CustomUser and Startups).
+
+Method: GET
+
+Permissions: IsAuthenticated
+
+#### api/auth/register
+Registers a new authuser given username, email and password.
+
+Method: POST
+
+Permissions: AllowAny
+
+#### api/auth/login
+Logs a user in given username (email) and password.
+
+Method: POST
+
+Permissions: AllowAny
+
+#### api/auth/logout
+Logs a user out given token (invalidates user token).
+
+Method: POST
+
+Permissions: IsAuthenticated
+
+#### api/authusers/
+Returns a list of current authusers.
+
+Method: GET
+
+Permissions: IsSuperUser
+
+#### api/authusers/confirm/
+Confirms if a user's password is valid.
+
+Method: POST
+
+Permissions: IsAuthenticated
+
+## Sorting API Documentation
+Sorting is done using a filterset, a search set and an ordering set.
+
+#### Ordering a query
+Examples:
+```angular2html
+/api/users/?ordering=id
+# sorts users in ascending order by id.
+
+/api/users/?ordering=-userGPA
+# sorts users in descending order by GPA.
+
+/api/listings/?ordering=id
+# sorts listings in ascending order by id.
+```
+
+#### Filtering a query
+Examples:
+```angular2html
+/api/users/?userGPA__gte=3.5
+# Filters users who have a GPA greater than or equal to (gte) 3.5 .
+
+/api/users/[email protected]
+# Returns users who have this particular email (should only return one result).
+
+/api/users/?userGradYear__lte=2022
+# Returns users who have a graduation year less than or equal to (lte) 2022.
+```
+
+#### Searching a queryset
+Examples:
+```angular2html
+/api/listings/?search=Business
+# Returns a list of listings that contain the word Business.
+
+/api/users/?search=CS
+# Returns a list of users that have CS in them.
+```
+
+#### Putting it all together
+Examples of multiple filters:
+```angular2html
+/api/listings/?ordering=-listDeadline&isPaid=true
+# Returns a list of listings sorted in descending order by deadline and only paying positions.
+```

backend/accounts/admin.py

@@ -0,0 +1,3 @@
+from django.contrib import admin
+
+# Register your models here.