A FastAPI-based REST API for managing university academic information, including courses, sections, professors, classrooms, and schedules. This system integrates with SIIAU (Sistema Integral de Información Académica Universitaria) to fetch and manage academic data.
- Features
- Tech Stack
- Project Structure
- Installation
- Configuration
- Running the Application
- API Documentation
- Database Models
- Authentication
- Development
- License
- User Management: User registration, authentication, and authorization
- JWT Authentication: Secure token-based authentication with refresh tokens
- Academic Calendar Management: Manage academic calendars and periods
- University Centers: Manage university centers (centros universitarios)
- Course Management: Create and manage courses (materias) with credits and codes
- Section Management: Handle course sections with enrollment capacity
- Professor Management: Manage professor information
- Building & Classroom Management: Track buildings (edificios) and classrooms (aulas)
- Class Scheduling: Manage class schedules with time slots and days
- SIIAU Integration: Fetch and import data from SIIAU system
- Pagination Support: Built-in pagination for list endpoints
- Data Seeding: Automatic database seeding in development mode
- Framework: FastAPI
- Database ORM: SQLModel (SQLAlchemy + Pydantic)
- Authentication: JWT (python-jose) with bcrypt password hashing
- Encryption: ShieldCipher for symmetric encryption
- Web Scraping: BeautifulSoup4 and Requests for SIIAU integration
- Python Version: 3.10+
SIIAPI/
├── app/
│ ├── __init__.py
│ ├── main.py # FastAPI application entry point
│ ├── api/
│ │ ├── routes.py # Main API router
│ │ ├── dependencies/ # Shared dependencies
│ │ └── schemas/ # Shared schemas (pagination)
│ ├── core/
│ │ ├── config.py # Application configuration
│ │ ├── database.py # Database setup and initialization
│ │ ├── security.py # Security utilities (JWT, hashing, encryption)
│ │ ├── exceptions.py # Custom exceptions
│ │ └── seed.py # Database seeding
│ └── modules/
│ ├── auth/ # Authentication module
│ ├── users/ # User management
│ ├── calendario/ # Academic calendar
│ ├── centro/ # University centers
│ ├── materia/ # Courses/subjects
│ ├── seccion/ # Course sections
│ ├── profesor/ # Professors
│ ├── clase/ # Class schedules
│ ├── edificio/ # Buildings
│ ├── aula/ # Classrooms
│ └── tasks/ # SIIAU integration tasks
├── requirements.txt
├── dev.sh # Development script
└── LICENSE
Each module follows a consistent architecture:
module_name/
├── __init__.py
├── api/
│ ├── dependencies.py # Module-specific dependencies
│ └── routes.py # API endpoints
├── models/
│ └── model_name.py # SQLModel database models
├── repositories/
│ └── repository.py # Data access layer
├── schemas/
│ └── schema.py # Pydantic schemas for validation
└── services/
└── service.py # Business logic layer
- Python 3.10 or higher
- pip (Python package manager)
-
Clone the repository:
git clone <repository-url> cd SIIAPI
-
Create a virtual environment:
python -m venv venv source venv/bin/activate # On Windows: venv\Scripts\activate
-
Install dependencies:
pip install -r requirements.txt
Create a .env file in the root directory with the following variables:
# Database
DB_URL=sqlite:///./db.sqlite3
# For PostgreSQL: postgresql://user:password@localhost/dbname
# For MySQL: mysql://user:password@localhost/dbname
# Application
APP_NAME=SIIAPI
APP_SITE=localhost
APP_ENV=dev
APP_DESCRIPTION=University Academic Information API
APP_DEBUG=true
# Security
SECRET_KEY=your-secret-key-here-change-in-production
DUMMY_HASH=$2b$12$your-dummy-hash-for-timing-attack-prevention
# SIIAU Integration
SIIAU_URL=https://siiau.udg.mx/wco/sspseca.consulta_oferta- DB_URL: Database connection string (supports SQLite, PostgreSQL, MySQL)
- APP_DEBUG: Enable debug mode (auto-creates tables and seeds data)
- SECRET_KEY: Secret key for JWT token generation (change in production!)
- DUMMY_HASH: Bcrypt hash used for timing attack prevention
- SIIAU_URL: URL endpoint for SIIAU data fetching
Using the provided script:
chmod +x dev.sh
./dev.shOr manually:
fastapi dev app/main.pyThe API will be available at http://localhost:8000
fastapi run app/main.pyOr with Uvicorn:
uvicorn app.main:app --host 0.0.0.0 --port 8000Once the application is running, access the interactive API documentation:
- Swagger UI: http://localhost:8000/docs
- ReDoc: http://localhost:8000/redoc
POST /api/auth/login- User loginPOST /api/auth/logout- User logoutPOST /api/auth/refresh- Refresh access token
GET /api/users- List users (paginated)POST /api/users- Create userGET /api/users/{id}- Get user by IDPUT /api/users/{id}- Update userDELETE /api/users/{id}- Delete user
GET /api/calendarios- List calendarsPOST /api/calendarios- Create calendarGET /api/calendarios/{id}- Get calendarPUT /api/calendarios/{id}- Update calendarDELETE /api/calendarios/{id}- Delete calendar
GET /api/centros- List centersPOST /api/centros- Create centerGET /api/centros/{id}- Get centerPUT /api/centros/{id}- Update centerDELETE /api/centros/{id}- Delete center
GET /api/materias- List coursesPOST /api/materias- Create courseGET /api/materias/{id}- Get coursePUT /api/materias/{id}- Update courseDELETE /api/materias/{id}- Delete course
GET /api/secciones- List sectionsPOST /api/secciones- Create sectionGET /api/secciones/{id}- Get sectionPUT /api/secciones/{id}- Update sectionDELETE /api/secciones/{id}- Delete section
GET /api/profesores- List professorsPOST /api/profesores- Create professorGET /api/profesores/{id}- Get professorPUT /api/profesores/{id}- Update professorDELETE /api/profesores/{id}- Delete professor
GET /api/clases- List classesPOST /api/clases- Create classGET /api/clases/{id}- Get classPUT /api/clases/{id}- Update classDELETE /api/clases/{id}- Delete class
GET /api/edificios- List buildingsPOST /api/edificios- Create buildingGET /api/edificios/{id}- Get buildingPUT /api/edificios/{id}- Update buildingDELETE /api/edificios/{id}- Delete building
GET /api/aulas- List classroomsPOST /api/aulas- Create classroomGET /api/aulas/{id}- Get classroomPUT /api/aulas/{id}- Update classroomDELETE /api/aulas/{id}- Delete classroom
POST /api/tasks/fetch-secciones- Fetch sections from SIIAU
- User accounts with authentication
- Fields: name, email, password, is_active, is_superuser, is_staff
- Tracks: created_at, updated_at, last_login
- JWT refresh tokens for authentication
- Tracks: token_hash, jti, user_agent, ip_address, expires_at
- Academic calendar periods
- Fields: name, siiau_id
- University centers/campuses
- Fields: name, siiau_id
- Academic courses/subjects
- Fields: name, clave (code), creditos (credits)
- Professor information
- Fields: name
- Course sections with enrollment
- Fields: name, nrc, cupos, cupos_disponibles, periodo_inicio, periodo_fin
- Relations: centro, materia, profesor, calendario
- Individual class sessions
- Fields: sesion, hora_inicio, hora_fin, dia (day of week)
- Relations: seccion, aula
- Building information
- Fields: name
- Relations: centro
- Classroom information
- Fields: name
- Relations: edificio
The API uses JWT (JSON Web Tokens) for authentication with a dual-token system:
- Short-lived tokens for API requests
- Include user permissions (is_superuser, is_staff)
- Expire after 1 day
- Long-lived tokens for obtaining new access tokens
- Stored in database with metadata (user_agent, ip_address)
- Can be revoked individually
- Expire after 1 day (configurable)
- Password hashing with bcrypt
- Timing attack prevention with dummy hash
- Token revocation support
- User agent and IP tracking
- Symmetric encryption with ShieldCipher
-
Login: POST credentials to
/api/auth/login- Returns access_token and refresh_token
-
Authenticated Requests: Include access token in header
Authorization: Bearer <access_token> -
Token Refresh: POST refresh_token to
/api/auth/refresh- Returns new access_token
-
Logout: POST refresh_token to
/api/auth/logout- Revokes the refresh token
The project follows a modular architecture with clear separation of concerns:
- Models: Database schema definitions using SQLModel
- Schemas: Request/response validation using Pydantic
- Repositories: Data access layer (CRUD operations)
- Services: Business logic layer
- API Routes: HTTP endpoint definitions
- Dependencies: Dependency injection for database sessions and authentication
-
Create module directory structure:
mkdir -p app/modules/new_module/{api,models,repositories,schemas,services} -
Create model in
models/new_model.py -
Create schemas in
schemas/new_schema.py -
Create repository in
repositories/new_repository.py -
Create service in
services/new_service.py -
Create routes in
api/routes.py -
Register routes in
app/api/routes.py -
Import model in
app/core/database.py
Currently using SQLModel's create_all() for table creation. For production, consider using Alembic for migrations.
The project structure supports easy testing:
- Unit tests for services
- Integration tests for repositories
- API tests for routes
This project is licensed under the GNU Affero General Public License v3.0 (AGPL-3.0).
See the LICENSE file for details.
- Free to use, modify, and distribute
- Must disclose source code when distributing
- Network use is considered distribution (must provide source to users)
- Modifications must be released under AGPL-3.0
- No warranty provided
Contributions are welcome! Please ensure:
- Code follows the existing architecture patterns
- All endpoints include proper authentication/authorization
- Database models include proper relationships and constraints
- API responses use appropriate schemas
For issues, questions, or contributions, please open an issue in the repository.
Note: This is an academic project for managing university course information. Ensure proper configuration and security measures before deploying to production.