Theater Reserve API

REST API for movie ticket reservation, built with Django REST Framework, PostgreSQL, Redis, and Docker.

Goals achieved:

• API Development
• JWT Authentication
• Database (PostgreSQL)
• Caching & Redis Lock
• Pagination
• 34 total tests (Unit/Integration)
• API Documentation
• Docker & Compose
• Git

Extra points achieved:

• Advanced Security Features (Rate Limiting, Input Validation, SQL Injection Prevention, CSRF Protection)
• Asynchronous Tasks (Celery for auto-releasing expired seat locks)
• CI/CD (GitHub Actions for automated testing)

Setup

1. Start the full stack:

docker compose up --build

This starts:

• app: Django API
• worker: Celery worker for asynchronous tasks
• beat: Celery Beat scheduler for periodic tasks
• db: PostgreSQL
• redis: Redis

If you want to start the runtime services explicitly:

docker compose up --build app worker beat

2. The API will be available at http://localhost:8000.

3. Swagger documentation will be available at http://localhost:8000/api/docs/.

By default, the application container runs:

• python manage.py migrate
• python manage.py seed_demo_data
• python manage.py runserver 0.0.0.0:8000

The Celery services run:

• worker: celery -A config worker --loglevel=info
• beat: celery -A config beat --loglevel=info

If you want to disable automatic demo seeding, set SEED_DEMO_DATA=False in .env.

Demo Credentials

• Username: demo
• Password: DemoPass123!

Demo Walkthrough

1. Login

curl -X POST http://localhost:8000/api/auth/login/ \
  -H "Content-Type: application/json" \
  -d '{
    "username": "demo",
    "password": "DemoPass123!"
  }'

Store the returned access token and use it in the header:

Authorization: Bearer <ACCESS_TOKEN>

2. List movies

curl http://localhost:8000/api/movies/

3. List sessions for a movie

Replace <MOVIE_ID> with an id returned in the previous step.

curl http://localhost:8000/api/movies/<MOVIE_ID>/sessions/

4. View the seat map

Replace <SESSION_ID> with an id returned in the previous step.

curl http://localhost:8000/api/sessions/<SESSION_ID>/seats/

5. Reserve seats

Replace <ACCESS_TOKEN>, <SESSION_ID>, and the seat ids.

curl -X POST http://localhost:8000/api/sessions/<SESSION_ID>/reservations/ \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer <ACCESS_TOKEN>" \
  -d '{
    "seat_ids": [2, 3]
  }'

6. Checkout

Use the same seat_ids reserved in the previous step.

curl -X POST http://localhost:8000/api/sessions/<SESSION_ID>/checkout/ \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer <ACCESS_TOKEN>" \
  -d '{
    "seat_ids": [2, 3]
  }'

The response includes the generated digital tickets.

7. Check My Tickets

Active tickets:

curl http://localhost:8000/api/my-tickets/active/ \
  -H "Authorization: Bearer <ACCESS_TOKEN>"

Full purchase history:

curl http://localhost:8000/api/my-tickets/history/ \
  -H "Authorization: Bearer <ACCESS_TOKEN>"

Demo Seed

You can run the demo seed manually at any time:

docker compose run --rm app sh -c "python manage.py migrate && python manage.py seed_demo_data"

The command is idempotent. It creates:

• 3 movies
• 6 sessions
• 240 seats
• 1 initial ticket for the demo user

Tests

docker compose run --rm app pytest