A production-ready web application with authentication and task management built with FastAPI, SQLAlchemy, Alembic, and PostgreSQL. Includes Docker, CI, tests, and secure defaults.
- JWT auth (access + refresh), password hashing
- Users + Tasks CRUD with ownership and admin controls
- SQLAlchemy 2.0 + Alembic migrations
- Health checks and Prometheus metrics
- Rate limiting, CORS, secure headers
- Gunicorn + Uvicorn workers
- Docker Compose for local/dev/prod
- GitHub Actions CI (lint + tests)
- Copy env file:
cp .env.example .env
- Start services:
docker compose -f infra/docker-compose.yml up --build
- App available at
http://localhost:8000(API docs at/docs).
python -m venv .venv && source .venv/bin/activate
pip install -r app/requirements.txt
export $(grep -v '^#' .env.example | xargs) # or create .env
alembic -c app/alembic.ini upgrade head
uvicorn src.main:create_app --factory --host 0.0.0.0 --port 8000 --app-dir appmake setup # install deps
make run # run dev server
make test # run tests
make lint # run linters
make format # format code
make docker-upalembic -c app/alembic.ini revision -m "message"
alembic -c app/alembic.ini upgrade headSet environment variables (see .env.example). Defaults are safe for local dev. For production, always set JWT_SECRET, use strong DB credentials, and terminate TLS at a reverse proxy or load balancer.
- Tokens are short-lived, refresh tokens persisted and revocable
- Rate limits applied to auth routes
- CORS is restricted via env
- Non-root container user
MIT