Add backend files and Render configuration

Author: orabe

backend/Dockerfile

@@ -0,0 +1,18 @@
+# Use the official Python image
+FROM python:3.12-slim
+
+# Set the working directory
+WORKDIR /app
+
+# Install dependencies
+COPY requirements.txt .
+RUN pip install --no-cache-dir -r requirements.txt
+
+# Copy the application code
+COPY . .
+
+# Expose the port Render will use
+EXPOSE 10000
+
+# Start the FastAPI application
+CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "10000"]

backend/README.md

@@ -0,0 +1,98 @@
+# MathCodeLab Certificate Verification System
+
+A professional, scalable certificate verification system for MathCodeLab, using FastAPI and SQLite, with a static frontend for public verification.
+
+## Architecture
+- **Frontend:** Static HTML/CSS/JS (GitHub Pages)
+- **Backend:** FastAPI (Python), SQLite (SQLAlchemy)
+- **API URL:** https://api.mathcodelab.de
+
+## File Structure
+```
+verify/
+  index.html
+  verify.css
+  verify.js
+backend/
+  app/
+    main.py
+    database.py
+    models.py
+    schemas.py
+    crud.py
+    security.py
+  scripts/
+    create_certificate.py
+    seed_demo_data.py
+  requirements.txt
+  README.md
+.env.example
+```
+
+## Local Setup
+1. **Clone the repo and enter backend:**
+   ```bash
+   cd backend
+   python3 -m venv venv
+   source venv/bin/activate
+   pip install -r requirements.txt
+   cp .env.example .env
+   # Edit .env as needed
+   ```
+2. **Initialize the database:**
+   ```bash
+   python -c "from app.database import Base, engine; Base.metadata.create_all(bind=engine)"
+   ```
+3. **Seed demo data:**
+   ```bash
+   python scripts/seed_demo_data.py
+   ```
+4. **Run the server:**
+   ```bash
+   uvicorn app.main:app --reload
+   ```
+
+## API Endpoints
+- `GET /health` — API health check
+- `GET /verify/{certificate_id}` — Verify a certificate
+- `POST /admin/certificates` — Create a certificate (admin, API key required)
+- `PATCH /admin/certificates/{certificate_id}/revoke` — Revoke a certificate (admin, API key required)
+
+## Issuing a Certificate
+- Use the admin API or run `python scripts/create_certificate.py` interactively.
+
+## Revoking a Certificate
+- Use the PATCH admin endpoint with a revocation reason.
+
+## Frontend Integration
+- The verification page (`verify/index.html`) calls the backend API at `https://api.mathcodelab.de/verify/{certificate_id}`.
+- Supports both `/verify/?id=...` and `/verify/ID` URL formats.
+
+## Environment Variables
+- `DATABASE_URL` — e.g. `sqlite:///./certificates.db`
+- `ADMIN_API_KEY` — API key for admin endpoints
+- `ALLOWED_ORIGINS` — e.g. `https://mathcodelab.de,https://www.mathcodelab.de`
+
+## Deployment
+- Deploy backend to Railway, Render, Fly.io, etc.
+- Use the production command:
+  ```bash
+  uvicorn app.main:app --host 0.0.0.0 --port $PORT
+  ```
+- Point `api.mathcodelab.de` to your backend host (CNAME or A record).
+- Set CORS origins via `ALLOWED_ORIGINS`.
+
+## Certificate PDF Integration
+- Each certificate should display:
+  - Certificate ID (e.g. MCL-2026-XXXXXX)
+  - Verification URL: `https://mathcodelab.de/verify/?id={certificate_id}`
+  - (Optional) QR code to the same URL
+- The verification page confirms MathCodeLab as the issuer, not external accreditation.
+
+## Wording Policy
+- Use “Certificate of Completion” or “Certificate of Participation”.
+- Do **not** use “accredited”, “state-recognized”, “official degree”, or “diploma”.
+
+---
+
+For questions, contact Mohammad Orabe.

backend/app/__init__.py

@@ -0,0 +1 @@
+# MathCodeLab Backend App Package

backend/app/crud.py

@@ -0,0 +1,40 @@
+from sqlalchemy.orm import Session
+from . import models, schemas
+from datetime import datetime
+import random, string
+
+def generate_certificate_id(year: int) -> str:
+    random_part = ''.join(random.choices(string.ascii_uppercase + string.digits, k=7))
+    return f"MCL-{year}-{random_part}"
+
+def get_certificate_by_public_id(db: Session, certificate_id: str):
+    return db.query(models.Certificate).filter(models.Certificate.certificate_id == certificate_id).first()
+
+def create_certificate(db: Session, cert_in: schemas.CertificateCreate):
+    year = datetime.now().year
+    cert_id = generate_certificate_id(year)
+    cert = models.Certificate(
+        certificate_id=cert_id,
+        student_name=cert_in.student_name,
+        course_title=cert_in.course_title,
+        completion_date=cert_in.completion_date,
+        duration_hours=cert_in.duration_hours,
+        issuer=cert_in.issuer,
+        instructor=cert_in.instructor,
+        status=models.CertificateStatus.valid
+    )
+    db.add(cert)
+    db.commit()
+    db.refresh(cert)
+    return cert
+
+def revoke_certificate(db: Session, certificate_id: str, reason: str = None):
+    cert = get_certificate_by_public_id(db, certificate_id)
+    if not cert:
+        return None
+    cert.status = models.CertificateStatus.revoked
+    cert.revocation_reason = reason
+    cert.updated_at = datetime.utcnow()
+    db.commit()
+    db.refresh(cert)
+    return cert

backend/app/database.py

@@ -0,0 +1,19 @@
+import os
+from sqlalchemy import create_engine
+from sqlalchemy.orm import sessionmaker, declarative_base
+
+DATABASE_URL = os.getenv("DATABASE_URL", "sqlite:///./certificates.db")
+
+# Adjust connection arguments for SQLite only
+connect_args = {"check_same_thread": False} if DATABASE_URL.startswith("sqlite") else None
+
+engine = create_engine(DATABASE_URL, connect_args=connect_args)
+SessionLocal = sessionmaker(autocommit=False, autoflush=False, bind=engine)
+Base = declarative_base()
+
+def get_db():
+    db = SessionLocal()
+    try:
+        yield db
+    finally:
+        db.close()

backend/app/main.py

@@ -0,0 +1,73 @@
+import os
+from fastapi import FastAPI, HTTPException, Depends, Header
+from fastapi.middleware.cors import CORSMiddleware
+from sqlalchemy.orm import Session
+from starlette.responses import JSONResponse
+from datetime import datetime
+from . import models, schemas, crud, database, security
+
+app = FastAPI(title="MathCodeLab Certificate Verification API")
+
+# CORS
+ALLOWED_ORIGINS = os.getenv("ALLOWED_ORIGINS", "*").split(",")
+app.add_middleware(
+    CORSMiddleware,
+    allow_origins=[origin.strip() for origin in ALLOWED_ORIGINS],
+    allow_credentials=True,
+    allow_methods=["*"],
+    allow_headers=["*"],
+)
+
+# Dependency
+get_db = database.get_db
+
+@app.get("/health")
+def health():
+    return {"status": "ok"}
+
+@app.get("/verify/{certificate_id}", response_model=schemas.CertificateVerificationResponse)
+def verify_certificate(certificate_id: str, db: Session = Depends(get_db)):
+    cert = crud.get_certificate_by_public_id(db, certificate_id)
+    if not cert:
+        return JSONResponse(status_code=404, content={
+            "status": "invalid",
+            "certificate_id": certificate_id,
+            "message": "Certificate not found"
+        })
+    if cert.status == "revoked":
+        return {
+            "status": "revoked",
+            "certificate_id": cert.certificate_id,
+            "revocation_reason": cert.revocation_reason or ""
+        }
+    return {
+        "status": "valid",
+        "certificate_id": cert.certificate_id,
+        "student_name": cert.student_name,
+        "course_title": cert.course_title,
+        "completion_date": cert.completion_date,
+        "duration_hours": cert.duration_hours,
+        "issuer": cert.issuer,
+        "instructor": cert.instructor,
+        "verified_at": datetime.utcnow().isoformat() + "Z"
+    }
+
+@app.post("/admin/certificates", response_model=schemas.CertificateOut)
+def create_certificate(
+    cert_in: schemas.CertificateCreate,
+    db: Session = Depends(get_db),
+    api_key: str = Depends(security.verify_api_key)
+):
+    return crud.create_certificate(db, cert_in)
+
+@app.patch("/admin/certificates/{certificate_id}/revoke", response_model=schemas.CertificateOut)
+def revoke_certificate(
+    certificate_id: str,
+    body: schemas.CertificateRevoke,
+    db: Session = Depends(get_db),
+    api_key: str = Depends(security.verify_api_key)
+):
+    cert = crud.revoke_certificate(db, certificate_id, body.revocation_reason)
+    if not cert:
+        raise HTTPException(status_code=404, detail="Certificate not found")
+    return cert

backend/app/models.py

@@ -0,0 +1,23 @@
+from sqlalchemy import Column, Integer, String, DateTime, Enum
+from sqlalchemy.sql import func
+from .database import Base
+import enum
+
+class CertificateStatus(str, enum.Enum):
+    valid = "valid"
+    revoked = "revoked"
+
+class Certificate(Base):
+    __tablename__ = "certificates"
+    id = Column(Integer, primary_key=True, index=True)
+    certificate_id = Column(String, unique=True, index=True, nullable=False)
+    student_name = Column(String, nullable=False)
+    course_title = Column(String, nullable=False)
+    completion_date = Column(String, nullable=False)
+    duration_hours = Column(Integer, nullable=False)
+    issuer = Column(String, default="MathCodeLab", nullable=False)
+    instructor = Column(String, default="Mohammad Orabe", nullable=False)
+    status = Column(Enum(CertificateStatus), default=CertificateStatus.valid, nullable=False)
+    revocation_reason = Column(String, nullable=True)
+    created_at = Column(DateTime(timezone=True), server_default=func.now())
+    updated_at = Column(DateTime(timezone=True), onupdate=func.now(), server_default=func.now())

backend/app/schemas.py

@@ -0,0 +1,36 @@
+from pydantic import BaseModel, Field
+from typing import Optional
+
+class CertificateBase(BaseModel):
+    student_name: str
+    course_title: str
+    completion_date: str
+    duration_hours: int
+    issuer: Optional[str] = "MathCodeLab"
+    instructor: Optional[str] = "Mohammad Orabe"
+
+class CertificateCreate(CertificateBase):
+    pass
+
+class CertificateOut(CertificateBase):
+    certificate_id: str
+    status: str
+    revocation_reason: Optional[str] = None
+    class Config:
+        from_attributes = True
+
+class CertificateVerificationResponse(BaseModel):
+    status: str
+    certificate_id: str
+    student_name: Optional[str] = None
+    course_title: Optional[str] = None
+    completion_date: Optional[str] = None
+    duration_hours: Optional[int] = None
+    issuer: Optional[str] = None
+    instructor: Optional[str] = None
+    verified_at: Optional[str] = None
+    revocation_reason: Optional[str] = None
+    message: Optional[str] = None
+
+class CertificateRevoke(BaseModel):
+    revocation_reason: Optional[str] = None

backend/app/security.py

@@ -0,0 +1,13 @@
+import os
+from fastapi import Header, HTTPException, status, Depends
+
+def verify_api_key(authorization: str = Header(...)):
+    api_key = os.getenv("ADMIN_API_KEY")
+    if not api_key:
+        raise HTTPException(status_code=500, detail="Admin API key not set")
+    if not authorization or not authorization.startswith("Bearer "):
+        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Missing or invalid Authorization header")
+    token = authorization.split(" ", 1)[1]
+    if token != api_key:
+        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid API key")
+    return token

backend/render.yaml

@@ -0,0 +1,12 @@
+services:
+  - type: web
+    name: mathcodelab.github.io
+    env: python
+    buildCommand: "pip install -r requirements.txt"
+    startCommand: "uvicorn app.main:app --host 0.0.0.0 --port 10000"
+    plan: free
+    envVars:
+      - key: DATABASE_URL
+        fromSecret: DATABASE_URL
+      - key: ADMIN_API_KEY
+        fromSecret: ADMIN_API_KEY