Sicherhaven
e0a491e8cb
- verify_oauth2_token now passes GOOGLE_CLIENT_ID as third arg (audience check)
- fail-closed: returns 503 if GOOGLE_CLIENT_ID env var is not set
- add GOOGLE_CLIENT_ID = os.environ.get('GOOGLE_CLIENT_ID', '') to settings
- replace ClerkLoginViewTests with GoogleLoginViewTests (4 cases)
- update requirements-docker.txt
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
███████╗██╗ ██╗███████╗███╗ ██╗████████╗██╗███████╗██╗ ██╗
██╔════╝██║ ██║██╔════╝████╗ ██║╚══██╔══╝██║██╔════╝╚██╗ ██╔╝
█████╗ ██║ ██║█████╗ ██╔██╗ ██║ ██║ ██║█████╗ ╚████╔╝
██╔══╝ ╚██╗ ██╔╝██╔══╝ ██║╚██╗██║ ██║ ██║██╔══╝ ╚██╔╝
███████╗ ╚████╔╝ ███████╗██║ ╚████║ ██║ ██║██║ ██║
╚══════╝ ╚═══╝ ╚══════╝╚═╝ ╚═══╝ ╚═╝ ╚═╝╚═╝ ╚═╝
A D M I N B A C K E N D
Production REST API powering the Eventify Admin Command Center
✦ Overview
Eventify Backend is the Django 4.2 + Django REST Framework API layer for the Eventify platform. It powers the admin command center at admin.eventifyplus.com, providing JWT-authenticated endpoints for partner management, user CRM, event moderation, financial reporting, and platform analytics.
Built phase-by-phase as a production rebuild — all endpoints are real, all data is live.
✦ Tech Stack
| Layer | Technology |
|---|---|
| Framework | Django 4.2 + Django REST Framework 3.15 |
| Auth | djangorestframework-simplejwt — JWT (access 1 day / refresh 7 days) |
| Database | PostgreSQL 16 (event_dashboard DB) |
| Runtime | Python 3.11 · Gunicorn · Docker |
| Reverse Proxy | Nginx (host-level, ports 80/443) |
| SSL | Let's Encrypt (auto-renew via certbot) |
| Deployment | AWS EC2 · Docker Compose · docker cp deploy |
| Source Control | Gitea self-hosted at code.bshtech.net |
✦ Architecture
┌─────────────────────────────────────────────────┐
│ admin.eventifyplus.com │
│ (HTTPS / 443) │
└────────────────────┬────────────────────────────┘
│ Nginx Reverse Proxy
┌─────────┴──────────┐
│ │
/api/* → :3001 /* → :8084
│ │
┌───────┴──────┐ ┌────────┴────────┐
│ eventify- │ │ admin-frontend │
│ backend │ │ (React + Vite) │
│ (Django) │ │ [nginx SPA] │
└───────┬──────┘ └─────────────────┘
│
┌───────┴──────┐
│ eventify- │
│ postgres │
│ (PG 16) │
└──────────────┘
✦ API Reference
All endpoints are under /api/v1/ and require Authorization: Bearer <access_token> except Auth.
🔐 Authentication
POST /api/v1/admin/auth/login/ → { access, refresh, user }
POST /api/v1/auth/refresh/ → { access }
GET /api/v1/auth/me/ → { user }
GET /api/v1/health/ → { status, db }
📊 Dashboard
GET /api/v1/dashboard/metrics/ → totalRevenue, revenueGrowth, activePartners, liveEvents, ticketSales
GET /api/v1/dashboard/revenue/ → 7-day revenue vs payouts chart data
GET /api/v1/dashboard/activity/ → recent platform activity feed (top 10)
GET /api/v1/dashboard/actions/ → action items panel (KYC queue, flagged events, payouts)
🤝 Partners
GET /api/v1/partners/stats/ → total, active, pendingKyc, highRisk
GET /api/v1/partners/ → paginated list [ status, kyc_status, search ]
GET /api/v1/partners/:id/ → full partner profile + events + KYC docs
PATCH /api/v1/partners/:id/status/ → { status: active|suspended|archived }
POST /api/v1/partners/:id/kyc/review/ → { decision: approved|rejected, reason? }
👤 Users
GET /api/v1/users/metrics/ → total, active, suspended, newThisWeek
GET /api/v1/users/ → paginated list [ status, role, search ]
GET /api/v1/users/:id/ → user profile
PATCH /api/v1/users/:id/status/ → { action: suspend|ban|reinstate }
🎪 Events
GET /api/v1/events/stats/ → total, live, pending, flagged, published
GET /api/v1/events/ → paginated list [ status, partner_id, search ]
GET /api/v1/events/:id/ → event detail
PATCH /api/v1/events/:id/moderate/ → { action: approve|reject|flag|feature|unfeature }
✦ Project Structure
eventify-django/
├── admin_api/ ← All admin REST endpoints (Phases 1–5)
│ ├── views.py ← Auth + Dashboard + Partners + Users + Events views
│ ├── urls.py ← /api/v1/ URL router
│ └── serializers.py ← UserSerializer
├── accounts/ ← Custom User model (extends AbstractUser)
├── events/ ← Event model + legacy CRUD views
├── partner/ ← Partner model + KYC fields
├── bookings/ ← Booking + Ticket models
├── ledger/ ← RazorpayTransaction model
├── banking_operations/ ← PaymentTransaction model
├── eventify/ ← Django settings + root urls.py
├── requirements-docker.txt ← Production dependencies
└── manage.py
✦ Changelog
Full history in CHANGELOG.md
| Version | Date | Summary |
|---|---|---|
| 1.6.0 | 2026-04-02 | Unique Eventify ID (EVT-XXXXXXXX) on User model, exposed across all APIs |
| 1.5.0 | 2026-03-31 | allowed_modules field + get_allowed_modules() for RBAC |
| 1.4.0 | 2026-03-24 | Partner portal login/logout/me APIs |
| 1.3.0 | 2026-03-14 | User id → BigAutoField |
| 1.0.0 | 2026-03-01 | Initial release — Django + JWT + Admin API |
✦ Build Phases
| Phase | Module | Endpoints | Status |
|---|---|---|---|
| 1 | JWT Auth Foundation | login, refresh, me, health | ✅ Live |
| 2 | Dashboard Metrics | metrics, revenue, activity, actions | ✅ Live |
| 3 | Partners API | stats, list, detail, status, KYC review | ✅ Live |
| 4 | Users & RBAC | metrics, list, detail, status | ✅ Live |
| 5 | Events Admin | stats, list, detail, moderate | ✅ Live |
| 6 | Financials & Payouts | transactions, settlements, payouts | ⏳ Planned |
| 7 | Notifications & Settings | notifications, audit log, system config | ⏳ Planned |
✦ Local Development
# Clone
git clone https://code.bshtech.net/Sicherhaven/eventify_backend.git
cd eventify_backend
# Virtual environment
python -m venv venv
source venv/bin/activate
pip install -r requirements-docker.txt
# Environment variables
cp .env.example .env # set DJANGO_SECRET_KEY, DB_* vars
# Database
python manage.py migrate
python manage.py createsuperuser
# Run
python manage.py runserver
✦ Production Deployment
# Files are deployed via docker cp (no volume mount)
scp admin_api/views.py eventify:/tmp/
ssh eventify docker cp /tmp/views.py eventify-backend:/app/admin_api/views.py
# Reload gunicorn (graceful — no downtime)
ssh eventify docker exec eventify-backend kill -HUP 1
# Verify
ssh eventify curl -s http://localhost:3001/api/v1/health/
Containers:
| Container | Image | Port | Role |
|---|---|---|---|
eventify-backend |
eventify-django | :3001 | Django API |
eventify-postgres |
postgres:16-alpine | internal | Database |
admin-frontend |
admin-prototype | :8084 | React SPA |
✦ Environment Variables
| Variable | Description | Example |
|---|---|---|
DJANGO_SECRET_KEY |
Django secret key | django-insecure-... |
DJANGO_DEBUG |
Debug mode | False |
DJANGO_ALLOWED_HOSTS |
Allowed hostnames | admin.eventifyplus.com |
DB_NAME |
PostgreSQL database | event_dashboard |
DB_USER |
PostgreSQL user | event_user |
DB_PASSWORD |
PostgreSQL password | — |
DB_HOST |
PostgreSQL host | eventify-postgres |
DB_PORT |
PostgreSQL port | 5432 |
✦ Status Mappings
Partner KYC
| Backend | Frontend |
|---|---|
approved |
Verified |
rejected |
Rejected |
pending / high_risk / medium_risk |
Pending |
Event Status
| Backend | Frontend |
|---|---|
live |
live |
published |
published |
pending / created |
draft |
flagged |
flagged |
cancelled / postponed |
cancelled |
completed |
completed |
Eventify Admin Backend · Built by BSH Technologies
