[ { "path": ".copier/.copier-answers.yml.jinja", "content": "{{ _copier_answers|to_json -}}\n" }, { "path": ".copier/update_dotenv.py", "content": "from pathlib import Path\nimport json\n\n# Update the .env file with the answers from the .copier-answers.yml file\n# without using Jinja2 templates in the .env file, this way the code works as is\n# without needing Copier, but if Copier is used, the .env file will be updated\nroot_path = Path(__file__).parent.parent\nanswers_path = Path(__file__).parent / \".copier-answers.yml\"\nanswers = json.loads(answers_path.read_text())\nenv_path = root_path / \".env\"\nenv_content = env_path.read_text()\nlines = []\nfor line in env_content.splitlines():\n for key, value in answers.items():\n upper_key = key.upper()\n if line.startswith(f\"{upper_key}=\"):\n if \" \" in value:\n content = f\"{upper_key}={value!r}\"\n else:\n content = f\"{upper_key}={value}\"\n new_line = line.replace(line, content)\n lines.append(new_line)\n break\n else:\n lines.append(line)\nenv_path.write_text(\"\\n\".join(lines))\n" }, { "path": ".gitattributes", "content": "* text=auto\n*.sh text eol=lf\n" }, { "path": ".github/DISCUSSION_TEMPLATE/questions.yml", "content": "labels: [question]\nbody:\n - type: markdown\n attributes:\n value: |\n Thanks for your interest in this project! πŸš€\n\n Please follow these instructions, fill every question, and do every step. πŸ™\n\n I'm asking this because answering questions and solving problems in GitHub is what consumes most of the time.\n\n I end up not being able to add new features, fix bugs, review pull requests, etc. as fast as I wish because I have to spend too much time handling questions.\n\n All that, on top of all the incredible help provided by a bunch of community members, that give a lot of their time to come here and help others.\n\n That's a lot of work, but if more users came to help others like them just a little bit more, it would be much less effort for them (and you and me πŸ˜…).\n\n By asking questions in a structured way (following this) it will be much easier to help you.\n\n And there's a high chance that you will find the solution along the way and you won't even have to submit it and wait for an answer. 😎\n\n As there are too many questions, I'll have to discard and close the incomplete ones. That will allow me (and others) to focus on helping people like you that follow the whole process and help us help you. πŸ€“\n - type: checkboxes\n id: checks\n attributes:\n label: First Check\n description: Please confirm and check all the following options.\n options:\n - label: I added a very descriptive title here.\n required: true\n - label: I used the GitHub search to find a similar question and didn't find it.\n required: true\n - label: I searched in the documentation/README.\n required: true\n - label: I already searched in Google \"How to do X\" and didn't find any information.\n required: true\n - label: I already read and followed all the tutorial in the docs/README and didn't find an answer.\n required: true\n - type: checkboxes\n id: help\n attributes:\n label: Commit to Help\n description: |\n After submitting this, I commit to one of:\n\n * Read open questions until I find 2 where I can help someone and add a comment to help there.\n * I already hit the \"watch\" button in this repository to receive notifications and I commit to help at least 2 people that ask questions in the future.\n\n options:\n - label: I commit to help with one of those options πŸ‘†\n required: true\n - type: textarea\n id: example\n attributes:\n label: Example Code\n description: |\n Please add a self-contained, [minimal, reproducible, example](https://stackoverflow.com/help/minimal-reproducible-example) with your use case.\n\n If I (or someone) can copy it, run it, and see it right away, there's a much higher chance I (or someone) will be able to help you.\n\n placeholder: |\n Write your example code here.\n render: Text\n validations:\n required: true\n - type: textarea\n id: description\n attributes:\n label: Description\n description: |\n What is the problem, question, or error?\n\n Write a short description telling me what you are doing, what you expect to happen, and what is currently happening.\n placeholder: |\n * Open the browser and call the endpoint `/`.\n * It returns a JSON with `{\"message\": \"Hello World\"}`.\n * But I expected it to return `{\"message\": \"Hello Morty\"}`.\n validations:\n required: true\n - type: dropdown\n id: os\n attributes:\n label: Operating System\n description: What operating system are you on?\n multiple: true\n options:\n - Linux\n - Windows\n - macOS\n - Other\n validations:\n required: true\n - type: textarea\n id: os-details\n attributes:\n label: Operating System Details\n description: You can add more details about your operating system here, in particular if you chose \"Other\".\n validations:\n required: true\n - type: input\n id: python-version\n attributes:\n label: Python Version\n description: |\n What Python version are you using?\n\n You can find the Python version with:\n\n ```bash\n python --version\n ```\n validations:\n required: true\n - type: textarea\n id: context\n attributes:\n label: Additional Context\n description: Add any additional context information or screenshots you think are useful.\n" }, { "path": ".github/FUNDING.yml", "content": "github: [tiangolo]\n" }, { "path": ".github/ISSUE_TEMPLATE/config.yml", "content": "blank_issues_enabled: false\ncontact_links:\n - name: Security Contact\n about: Please report security vulnerabilities to security@tiangolo.com\n - name: Question or Problem\n about: Ask a question or ask about a problem in GitHub Discussions.\n url: https://github.com/fastapi/full-stack-fastapi-template/discussions/categories/questions\n - name: Feature Request\n about: To suggest an idea or ask about a feature, please start with a question saying what you would like to achieve. There might be a way to do it already.\n url: https://github.com/fastapi/full-stack-fastapi-template/discussions/categories/questions\n" }, { "path": ".github/ISSUE_TEMPLATE/privileged.yml", "content": "name: Privileged\ndescription: You are @tiangolo or he asked you directly to create an issue here. If not, check the other options. πŸ‘‡\nbody:\n - type: markdown\n attributes:\n value: |\n Thanks for your interest in this project! πŸš€\n\n If you are not @tiangolo or he didn't ask you directly to create an issue here, please start the conversation in a [Question in GitHub Discussions](https://github.com/tiangolo/full-stack-fastapi-template/discussions/categories/questions) instead.\n - type: checkboxes\n id: privileged\n attributes:\n label: Privileged issue\n description: Confirm that you are allowed to create an issue here.\n options:\n - label: I'm @tiangolo or he asked me directly to create an issue here.\n required: true\n - type: textarea\n id: content\n attributes:\n label: Issue Content\n description: Add the content of the issue here.\n" }, { "path": ".github/dependabot.yml", "content": "version: 2\nupdates:\n # GitHub Actions\n - package-ecosystem: github-actions\n directory: /\n schedule:\n interval: daily\n commit-message:\n prefix: ⬆\n labels: [dependencies, internal]\n # Python uv\n - package-ecosystem: uv\n directory: /\n schedule:\n interval: weekly\n commit-message:\n prefix: ⬆\n labels: [dependencies, internal]\n # bun\n - package-ecosystem: bun\n directory: /\n schedule:\n interval: weekly\n commit-message:\n prefix: ⬆\n labels: [dependencies, internal]\n ignore:\n - dependency-name: \"@hey-api/openapi-ts\"\n # Docker\n - package-ecosystem: docker\n directories:\n - /backend\n - /frontend\n schedule:\n interval: weekly\n commit-message:\n prefix: ⬆\n labels: [dependencies, internal]\n # Docker Compose\n - package-ecosystem: docker-compose\n directory: /\n schedule:\n interval: weekly\n commit-message:\n prefix: ⬆\n labels: [dependencies, internal]\n" }, { "path": ".github/labeler.yml", "content": "docs:\n - all:\n - changed-files:\n - any-glob-to-any-file:\n - '**/*.md'\n - all-globs-to-all-files:\n - '!frontend/**'\n - '!backend/**'\n - '!.github/**'\n - '!scripts/**'\n - '!.gitignore'\n - '!.pre-commit-config.yaml'\n\ninternal:\n - all:\n - changed-files:\n - any-glob-to-any-file:\n - .github/**\n - scripts/**\n - .gitignore\n - .pre-commit-config.yaml\n - all-globs-to-all-files:\n - '!./**/*.md'\n - '!frontend/**'\n - '!backend/**'\n" }, { "path": ".github/workflows/add-to-project.yml", "content": "name: Add to Project\n\non:\n pull_request_target:\n issues:\n types:\n - opened\n - reopened\n\njobs:\n add-to-project:\n name: Add to project\n runs-on: ubuntu-latest\n steps:\n - uses: actions/add-to-project@v1.0.2\n with:\n project-url: https://github.com/orgs/fastapi/projects/2\n github-token: ${{ secrets.PROJECTS_TOKEN }}\n" }, { "path": ".github/workflows/deploy-production.yml", "content": "name: Deploy to Production\n\non:\n release:\n types:\n - published\n\njobs:\n deploy:\n # Do not deploy in the main repository, only in user projects\n if: github.repository_owner != 'fastapi'\n runs-on:\n - self-hosted\n - production\n env:\n ENVIRONMENT: production\n DOMAIN: ${{ secrets.DOMAIN_PRODUCTION }}\n STACK_NAME: ${{ secrets.STACK_NAME_PRODUCTION }}\n SECRET_KEY: ${{ secrets.SECRET_KEY }}\n FIRST_SUPERUSER: ${{ secrets.FIRST_SUPERUSER }}\n FIRST_SUPERUSER_PASSWORD: ${{ secrets.FIRST_SUPERUSER_PASSWORD }}\n SMTP_HOST: ${{ secrets.SMTP_HOST }}\n SMTP_USER: ${{ secrets.SMTP_USER }}\n SMTP_PASSWORD: ${{ secrets.SMTP_PASSWORD }}\n EMAILS_FROM_EMAIL: ${{ secrets.EMAILS_FROM_EMAIL }}\n POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}\n SENTRY_DSN: ${{ secrets.SENTRY_DSN }}\n steps:\n - name: Checkout\n uses: actions/checkout@v6\n - run: docker compose -f compose.yml --project-name ${{ secrets.STACK_NAME_PRODUCTION }} build\n - run: docker compose -f compose.yml --project-name ${{ secrets.STACK_NAME_PRODUCTION }} up -d\n" }, { "path": ".github/workflows/deploy-staging.yml", "content": "name: Deploy to Staging\n\non:\n push:\n branches:\n - master\n\njobs:\n deploy:\n # Do not deploy in the main repository, only in user projects\n if: github.repository_owner != 'fastapi'\n runs-on:\n - self-hosted\n - staging\n env:\n ENVIRONMENT: staging\n DOMAIN: ${{ secrets.DOMAIN_STAGING }}\n STACK_NAME: ${{ secrets.STACK_NAME_STAGING }}\n SECRET_KEY: ${{ secrets.SECRET_KEY }}\n FIRST_SUPERUSER: ${{ secrets.FIRST_SUPERUSER }}\n FIRST_SUPERUSER_PASSWORD: ${{ secrets.FIRST_SUPERUSER_PASSWORD }}\n SMTP_HOST: ${{ secrets.SMTP_HOST }}\n SMTP_USER: ${{ secrets.SMTP_USER }}\n SMTP_PASSWORD: ${{ secrets.SMTP_PASSWORD }}\n EMAILS_FROM_EMAIL: ${{ secrets.EMAILS_FROM_EMAIL }}\n POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}\n SENTRY_DSN: ${{ secrets.SENTRY_DSN }}\n steps:\n - name: Checkout\n uses: actions/checkout@v6\n - run: docker compose -f compose.yml --project-name ${{ secrets.STACK_NAME_STAGING }} build\n - run: docker compose -f compose.yml --project-name ${{ secrets.STACK_NAME_STAGING }} up -d\n" }, { "path": ".github/workflows/detect-conflicts.yml", "content": "name: \"Conflict detector\"\non:\n push:\n pull_request_target:\n types: [synchronize]\n\njobs:\n main:\n permissions:\n contents: read\n pull-requests: write\n runs-on: ubuntu-latest\n steps:\n - name: Check if PRs have merge conflicts\n uses: eps1lon/actions-label-merge-conflict@v3\n with:\n dirtyLabel: \"conflicts\"\n repoToken: \"${{ secrets.GITHUB_TOKEN }}\"\n commentOnDirty: \"This pull request has a merge conflict that needs to be resolved.\"\n" }, { "path": ".github/workflows/issue-manager.yml", "content": "name: Issue Manager\n\non:\n schedule:\n - cron: \"21 17 * * *\"\n issue_comment:\n types:\n - created\n issues:\n types:\n - labeled\n pull_request_target:\n types:\n - labeled\n workflow_dispatch:\n\npermissions:\n issues: write\n pull-requests: write\n\njobs:\n issue-manager:\n if: github.repository_owner == 'fastapi'\n runs-on: ubuntu-latest\n steps:\n - name: Dump GitHub context\n env:\n GITHUB_CONTEXT: ${{ toJson(github) }}\n run: echo \"$GITHUB_CONTEXT\"\n - uses: tiangolo/issue-manager@0.6.0\n with:\n token: ${{ secrets.GITHUB_TOKEN }}\n config: >\n {\n \"answered\": {\n \"delay\": 864000,\n \"message\": \"Assuming the original need was handled, this will be automatically closed now. But feel free to add more comments or create new issues or PRs.\"\n },\n \"waiting\": {\n \"delay\": 2628000,\n \"message\": \"As this PR has been waiting for the original user for a while but seems to be inactive, it's now going to be closed. But if there's anyone interested, feel free to create a new PR.\",\n \"reminder\": {\n \"before\": \"P3D\",\n \"message\": \"Heads-up: this will be closed in 3 days unless there's new activity.\"\n }\n },\n \"invalid\": {\n \"delay\": 0,\n \"message\": \"This was marked as invalid and will be closed now. If this is an error, please provide additional details.\"\n },\n \"maybe-ai\": {\n \"delay\": 0,\n \"message\": \"This was marked as potentially AI generated and will be closed now. If this is an error, please provide additional details, make sure to read the docs about contributing and AI.\"\n }\n }\n" }, { "path": ".github/workflows/labeler.yml", "content": "name: Labels\non:\n pull_request_target:\n types:\n - opened\n - synchronize\n - reopened\n # For label-checker\n - labeled\n - unlabeled\n\njobs:\n labeler:\n permissions:\n contents: read\n pull-requests: write\n runs-on: ubuntu-latest\n steps:\n - uses: actions/labeler@v6\n if: ${{ github.event.action != 'labeled' && github.event.action != 'unlabeled' }}\n - run: echo \"Done adding labels\"\n # Run this after labeler applied labels\n check-labels:\n needs:\n - labeler\n permissions:\n pull-requests: read\n runs-on: ubuntu-latest\n steps:\n - uses: docker://agilepathway/pull-request-label-checker:latest\n with:\n one_of: breaking,security,feature,bug,refactor,upgrade,docs,lang-all,internal\n repo_token: ${{ secrets.GITHUB_TOKEN }}\n" }, { "path": ".github/workflows/latest-changes.yml", "content": "name: Latest Changes\n\non:\n pull_request_target:\n branches:\n - master\n types:\n - closed\n workflow_dispatch:\n inputs:\n number:\n description: PR number\n required: true\n debug_enabled:\n description: \"Run the build with tmate debugging enabled (https://github.com/marketplace/actions/debugging-with-tmate)\"\n required: false\n default: \"false\"\n\njobs:\n latest-changes:\n runs-on: ubuntu-latest\n permissions:\n pull-requests: read\n steps:\n - name: Dump GitHub context\n env:\n GITHUB_CONTEXT: ${{ toJson(github) }}\n run: echo \"$GITHUB_CONTEXT\"\n - uses: actions/checkout@v6\n with:\n # To allow latest-changes to commit to the main branch\n token: ${{ secrets.LATEST_CHANGES }}\n - uses: tiangolo/latest-changes@0.4.1\n with:\n token: ${{ secrets.GITHUB_TOKEN }}\n latest_changes_file: ./release-notes.md\n latest_changes_header: \"## Latest Changes\"\n end_regex: \"^## \"\n debug_logs: true\n label_header_prefix: \"### \"\n" }, { "path": ".github/workflows/playwright.yml", "content": "name: Playwright Tests\n\non:\n push:\n branches:\n - master\n pull_request:\n types:\n - opened\n - synchronize\n workflow_dispatch:\n inputs:\n debug_enabled:\n description: 'Run the build with tmate debugging enabled (https://github.com/marketplace/actions/debugging-with-tmate)'\n required: false\n default: 'false'\n\njobs:\n changes:\n runs-on: ubuntu-latest\n # Set job outputs to values from filter step\n outputs:\n changed: ${{ steps.filter.outputs.changed }}\n steps:\n - uses: actions/checkout@v6\n # For pull requests it's not necessary to checkout the code but for the main branch it is\n - uses: dorny/paths-filter@v4\n id: filter\n with:\n filters: |\n changed:\n - backend/**\n - frontend/**\n - .env\n - compose*.yml\n - .github/workflows/playwright.yml\n\n test-playwright:\n needs:\n - changes\n if: ${{ needs.changes.outputs.changed == 'true' }}\n timeout-minutes: 60\n runs-on: ubuntu-latest\n strategy:\n matrix:\n shardIndex: [1, 2, 3, 4]\n shardTotal: [4]\n fail-fast: false\n steps:\n - uses: actions/checkout@v6\n - uses: oven-sh/setup-bun@v2\n - uses: actions/setup-python@v6\n with:\n python-version: '3.10'\n - name: Setup tmate session\n uses: mxschmitt/action-tmate@v3\n if: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.debug_enabled == 'true' }}\n with:\n limit-access-to-actor: true\n - name: Install uv\n uses: astral-sh/setup-uv@v7\n - run: uv sync\n working-directory: backend\n - run: bun ci\n working-directory: frontend\n - run: bash scripts/generate-client.sh\n - run: docker compose build\n - run: docker compose down -v --remove-orphans\n - name: Run Playwright tests\n run: docker compose run --rm playwright bunx playwright test --fail-on-flaky-tests --trace=retain-on-failure --shard=${{ matrix.shardIndex }}/${{ matrix.shardTotal }}\n - run: docker compose down -v --remove-orphans\n - name: Upload blob report to GitHub Actions Artifacts\n if: ${{ !cancelled() }}\n uses: actions/upload-artifact@v7\n with:\n name: blob-report-${{ matrix.shardIndex }}\n path: frontend/blob-report\n include-hidden-files: true\n retention-days: 1\n\n merge-playwright-reports:\n needs:\n - test-playwright\n - changes\n # Merge reports after playwright-tests, even if some shards have failed\n if: ${{ !cancelled() && needs.changes.outputs.changed == 'true' }}\n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@v6\n - uses: oven-sh/setup-bun@v2\n - name: Install dependencies\n run: bun ci\n - name: Download blob reports from GitHub Actions Artifacts\n uses: actions/download-artifact@v8\n with:\n path: frontend/all-blob-reports\n pattern: blob-report-*\n merge-multiple: true\n - name: Merge into HTML Report\n run: bunx playwright merge-reports --reporter html ./all-blob-reports\n working-directory: frontend\n - name: Upload HTML report\n uses: actions/upload-artifact@v7\n with:\n name: html-report--attempt-${{ github.run_attempt }}\n path: frontend/playwright-report\n retention-days: 30\n include-hidden-files: true\n\n # https://github.com/marketplace/actions/alls-green#why\n alls-green-playwright: # This job does nothing and is only used for the branch protection\n if: always()\n needs:\n - test-playwright\n runs-on: ubuntu-latest\n steps:\n - name: Decide whether the needed jobs succeeded or failed\n uses: re-actors/alls-green@release/v1\n with:\n jobs: ${{ toJSON(needs) }}\n allowed-skips: test-playwright\n" }, { "path": ".github/workflows/pre-commit.yml", "content": "name: pre-commit\n\non:\n pull_request:\n types:\n - opened\n - synchronize\n\nenv:\n # Forks and Dependabot don't have access to secrets\n HAS_SECRETS: ${{ secrets.PRE_COMMIT != '' }}\n\njobs:\n pre-commit:\n runs-on: ubuntu-latest\n steps:\n - name: Dump GitHub context\n env:\n GITHUB_CONTEXT: ${{ toJson(github) }}\n run: echo \"$GITHUB_CONTEXT\"\n - uses: actions/checkout@v6\n name: Checkout PR for own repo\n if: env.HAS_SECRETS == 'true'\n with:\n # To be able to commit it needs to fetch the head of the branch, not the\n # merge commit\n ref: ${{ github.head_ref }}\n # And it needs the full history to be able to compute diffs\n fetch-depth: 0\n # A token other than the default GITHUB_TOKEN is needed to be able to trigger CI\n token: ${{ secrets.PRE_COMMIT }}\n # pre-commit lite ci needs the default checkout configs to work\n - uses: actions/checkout@v6\n name: Checkout PR for fork\n if: env.HAS_SECRETS == 'false'\n with:\n # To be able to commit it needs the head branch of the PR, the remote one\n ref: ${{ github.event.pull_request.head.sha }}\n fetch-depth: 0\n - uses: oven-sh/setup-bun@v2\n - name: Set up Python\n uses: actions/setup-python@v6\n with:\n python-version: \"3.11\"\n - name: Setup uv\n uses: astral-sh/setup-uv@v7\n with:\n cache-dependency-glob: |\n requirements**.txt\n pyproject.toml\n uv.lock\n - name: Install backend dependencies\n run: uv sync --all-packages\n - name: Install frontend dependencies\n run: bun ci\n - name: Run prek - pre-commit\n id: precommit\n run: uvx prek run --from-ref origin/${GITHUB_BASE_REF} --to-ref HEAD --show-diff-on-failure\n continue-on-error: true\n - name: Commit and push changes\n if: env.HAS_SECRETS == 'true'\n run: |\n git config user.name \"github-actions[bot]\"\n git config user.email \"github-actions[bot]@users.noreply.github.com\"\n git add -A\n if git diff --staged --quiet; then\n echo \"No changes to commit\"\n else\n git commit -m \"🎨 Auto format and update with pre-commit\"\n git push\n fi\n - uses: pre-commit-ci/lite-action@v1.1.0\n if: env.HAS_SECRETS == 'false'\n with:\n msg: 🎨 Auto format and update with pre-commit\n - name: Error out on pre-commit errors\n if: steps.precommit.outcome == 'failure'\n run: exit 1\n\n # https://github.com/marketplace/actions/alls-green#why\n pre-commit-alls-green: # This job does nothing and is only used for the branch protection\n if: always()\n needs:\n - pre-commit\n runs-on: ubuntu-latest\n steps:\n - name: Dump GitHub context\n env:\n GITHUB_CONTEXT: ${{ toJson(github) }}\n run: echo \"$GITHUB_CONTEXT\"\n - name: Decide whether the needed jobs succeeded or failed\n uses: re-actors/alls-green@release/v1\n with:\n jobs: ${{ toJSON(needs) }}\n" }, { "path": ".github/workflows/smokeshow.yml", "content": "name: Smokeshow\n\non:\n workflow_run:\n workflows: [Test Backend]\n types: [completed]\n\njobs:\n smokeshow:\n runs-on: ubuntu-latest\n permissions:\n actions: read\n statuses: write\n\n steps:\n - uses: actions/checkout@v6\n - uses: actions/setup-python@v6\n with:\n python-version: \"3.13\"\n - run: pip install smokeshow\n - uses: actions/download-artifact@v8\n with:\n name: coverage-html\n path: backend/htmlcov\n github-token: ${{ secrets.GITHUB_TOKEN }}\n run-id: ${{ github.event.workflow_run.id }}\n - run: smokeshow upload backend/htmlcov\n env:\n SMOKESHOW_GITHUB_STATUS_DESCRIPTION: Coverage {coverage-percentage}\n SMOKESHOW_GITHUB_COVERAGE_THRESHOLD: 90\n SMOKESHOW_GITHUB_CONTEXT: coverage\n SMOKESHOW_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n SMOKESHOW_GITHUB_PR_HEAD_SHA: ${{ github.event.workflow_run.head_sha }}\n SMOKESHOW_AUTH_KEY: ${{ secrets.SMOKESHOW_AUTH_KEY }}\n" }, { "path": ".github/workflows/test-backend.yml", "content": "name: Test Backend\n\non:\n push:\n branches:\n - master\n pull_request:\n types:\n - opened\n - synchronize\n\njobs:\n test-backend:\n runs-on: ubuntu-latest\n steps:\n - name: Checkout\n uses: actions/checkout@v6\n - name: Set up Python\n uses: actions/setup-python@v6\n with:\n python-version: \"3.10\"\n - name: Install uv\n uses: astral-sh/setup-uv@v7\n - run: docker compose down -v --remove-orphans\n - run: docker compose up -d db mailcatcher\n - name: Migrate DB\n run: uv run bash scripts/prestart.sh\n working-directory: backend\n - name: Run tests\n run: uv run bash scripts/tests-start.sh \"Coverage for ${{ github.sha }}\"\n working-directory: backend\n - run: docker compose down -v --remove-orphans\n - name: Store coverage files\n uses: actions/upload-artifact@v7\n with:\n name: coverage-html\n path: backend/htmlcov\n include-hidden-files: true\n - name: Coverage report\n run: uv run coverage report --fail-under=90\n working-directory: backend\n" }, { "path": ".github/workflows/test-docker-compose.yml", "content": "name: Test Docker Compose\n\non:\n push:\n branches:\n - master\n pull_request:\n types:\n - opened\n - synchronize\n\njobs:\n\n test-docker-compose:\n runs-on: ubuntu-latest\n steps:\n - name: Checkout\n uses: actions/checkout@v6\n - run: docker compose build\n - run: docker compose down -v --remove-orphans\n - run: docker compose up -d --wait backend frontend adminer\n - name: Test backend is up\n run: curl http://localhost:8000/api/v1/utils/health-check\n - name: Test frontend is up\n run: curl http://localhost:5173\n - run: docker compose down -v --remove-orphans\n" }, { "path": ".gitignore", "content": ".vscode/*\n!.vscode/extensions.json\nnode_modules/\n/test-results/\n/playwright-report/\n/blob-report/\n/playwright/.cache/\n" }, { "path": ".pre-commit-config.yaml", "content": "# See https://pre-commit.com for more information\n# See https://pre-commit.com/hooks.html for more hooks\nrepos:\n - repo: https://github.com/pre-commit/pre-commit-hooks\n rev: v4.4.0\n hooks:\n - id: check-added-large-files\n - id: check-toml\n - id: check-yaml\n args:\n - --unsafe\n - id: end-of-file-fixer\n exclude: |\n (?x)^(\n frontend/src/client/.*|\n backend/app/email-templates/build/.*\n )$\n - id: trailing-whitespace\n exclude: ^frontend/src/client/.*\n - repo: local\n hooks:\n - id: local-biome-check\n name: biome check\n entry: npm run lint\n language: system\n types: [text]\n files: ^frontend/\n\n - id: local-ruff-check\n name: ruff check\n entry: uv run ruff check --force-exclude --fix --exit-non-zero-on-fix\n require_serial: true\n language: unsupported\n types: [python]\n\n - id: local-ruff-format\n name: ruff format\n entry: uv run ruff format --force-exclude --exit-non-zero-on-format\n require_serial: true\n language: unsupported\n types: [python]\n\n - id: local-mypy\n name: mypy check\n entry: uv run mypy backend/app\n require_serial: true\n language: unsupported\n pass_filenames: false\n\n - id: generate-frontend-sdk\n name: Generate Frontend SDK\n entry: bash ./scripts/generate-client.sh\n pass_filenames: false\n language: unsupported\n files: ^backend/.*$|^scripts/generate-client\\.sh$\n" }, { "path": ".vscode/extensions.json", "content": "{\n \"recommendations\": [\n \"FastAPILabs.fastapi-vscode\",\n \"astral-sh.ty\",\n \"biomejs.biome\",\n \"bradlc.vscode-tailwindcss\",\n \"charliermarsh.ruff\",\n \"docker.docker\",\n \"github.vscode-github-actions\",\n \"mjmlio.vscode-mjml\",\n \"ms-playwright.playwright\",\n \"ms-python.python\",\n \"tombi-toml.tombi\"\n ]\n}\n" }, { "path": "CONTRIBUTING.md", "content": "# Contributing\n\nThank you for your interest in contributing to the Full Stack FastAPI Template! πŸ™‡\n\n## Discussions First\n\nFor **big changes** (new features, architectural changes, significant refactoring), please start by opening a [GitHub Discussion](https://github.com/fastapi/full-stack-fastapi-template/discussions) first. This allows the community and maintainers to provide feedback on the approach before you invest significant time in implementation.\n\nFor small, straightforward changes, you can go directly to a Pull Request without starting a discussion first. This includes:\n\n- Typos and grammatical fixes\n- Small reproducible bug fixes\n- Fixing lint warnings or type errors\n- Minor code improvements (e.g., removing unused code)\n\n## Developing\n\nFor detailed instructions on setting up your development environment, running the stack, linting, pre-commit hooks, and more, see the [Development Guide](development.md).\n\n## Pull Requests\n\nWhen submitting a pull request:\n\n1. Make sure all tests pass before submitting.\n2. Keep PRs focused on a single change.\n3. Update tests if you're changing functionality.\n4. Reference any related issues in your PR description.\n\n## Automated Code and AI\n\nYou are encouraged to use all the tools you want to do your work and contribute as efficiently as possible, this includes AI (LLM) tools, etc. Nevertheless, contributions should have meaningful human intervention, judgement, context, etc.\n\nIf the **human effort** put in a PR, e.g. writing LLM prompts, is **less** than the **effort we would need to put** to **review it**, please **don't** submit the PR.\n\nThink of it this way: we can already write LLM prompts or run automated tools ourselves, and that would be faster than reviewing external PRs.\n\n### Closing Automated and AI PRs\n\nIf we see PRs that seem AI generated or automated in similar ways, we'll flag them and close them.\n\nThe same applies to comments and descriptions, please don't copy paste the content generated by an LLM.\n\n### Human Effort Denial of Service\n\nUsing automated tools and AI to submit PRs or comments that we have to carefully review and handle would be the equivalent of a [Denial-of-service attack](https://en.wikipedia.org/wiki/Denial-of-service_attack) on our human effort.\n\nIt would be very little effort from the person submitting the PR (an LLM prompt) that generates a large amount of effort on our side (carefully reviewing code).\n\nPlease don't do that.\n\nWe'll need to block accounts that spam us with repeated automated PRs or comments.\n\n### Use Tools Wisely\n\nAs Uncle Ben said:\n\n> With great ~~power~~ **tools** comes great responsibility.\n\nAvoid inadvertently doing harm.\n\nYou have amazing tools at hand, use them wisely to help effectively.\n\n## Questions?\n\nIf you have questions about contributing, feel free to open a [GitHub Discussion](https://github.com/fastapi/full-stack-fastapi-template/discussions).\n" }, { "path": "LICENSE", "content": "MIT License\n\nCopyright (c) 2019 SebastiΓ‘n RamΓ­rez\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n" }, { "path": "README.md", "content": "# Full Stack FastAPI Template\n\n\"Test\n\"Test\n\"Coverage\"\n\n## Technology Stack and Features\n\n- ⚑ [**FastAPI**](https://fastapi.tiangolo.com) for the Python backend API.\n - 🧰 [SQLModel](https://sqlmodel.tiangolo.com) for the Python SQL database interactions (ORM).\n - πŸ” [Pydantic](https://docs.pydantic.dev), used by FastAPI, for the data validation and settings management.\n - πŸ’Ύ [PostgreSQL](https://www.postgresql.org) as the SQL database.\n- πŸš€ [React](https://react.dev) for the frontend.\n - πŸ’ƒ Using TypeScript, hooks, [Vite](https://vitejs.dev), and other parts of a modern frontend stack.\n - 🎨 [Tailwind CSS](https://tailwindcss.com) and [shadcn/ui](https://ui.shadcn.com) for the frontend components.\n - πŸ€– An automatically generated frontend client.\n - πŸ§ͺ [Playwright](https://playwright.dev) for End-to-End testing.\n - πŸ¦‡ Dark mode support.\n- πŸ‹ [Docker Compose](https://www.docker.com) for development and production.\n- πŸ”’ Secure password hashing by default.\n- πŸ”‘ JWT (JSON Web Token) authentication.\n- πŸ“« Email based password recovery.\n- πŸ“¬ [Mailcatcher](https://mailcatcher.me) for local email testing during development.\n- βœ… Tests with [Pytest](https://pytest.org).\n- πŸ“ž [Traefik](https://traefik.io) as a reverse proxy / load balancer.\n- 🚒 Deployment instructions using Docker Compose, including how to set up a frontend Traefik proxy to handle automatic HTTPS certificates.\n- 🏭 CI (continuous integration) and CD (continuous deployment) based on GitHub Actions.\n\n### Dashboard Login\n\n[![API docs](img/login.png)](https://github.com/fastapi/full-stack-fastapi-template)\n\n### Dashboard - Admin\n\n[![API docs](img/dashboard.png)](https://github.com/fastapi/full-stack-fastapi-template)\n\n### Dashboard - Items\n\n[![API docs](img/dashboard-items.png)](https://github.com/fastapi/full-stack-fastapi-template)\n\n### Dashboard - Dark Mode\n\n[![API docs](img/dashboard-dark.png)](https://github.com/fastapi/full-stack-fastapi-template)\n\n### Interactive API Documentation\n\n[![API docs](img/docs.png)](https://github.com/fastapi/full-stack-fastapi-template)\n\n## How To Use It\n\nYou can **just fork or clone** this repository and use it as is.\n\n✨ It just works. ✨\n\n### How to Use a Private Repository\n\nIf you want to have a private repository, GitHub won't allow you to simply fork it as it doesn't allow changing the visibility of forks.\n\nBut you can do the following:\n\n- Create a new GitHub repo, for example `my-full-stack`.\n- Clone this repository manually, set the name with the name of the project you want to use, for example `my-full-stack`:\n\n```bash\ngit clone git@github.com:fastapi/full-stack-fastapi-template.git my-full-stack\n```\n\n- Enter into the new directory:\n\n```bash\ncd my-full-stack\n```\n\n- Set the new origin to your new repository, copy it from the GitHub interface, for example:\n\n```bash\ngit remote set-url origin git@github.com:octocat/my-full-stack.git\n```\n\n- Add this repo as another \"remote\" to allow you to get updates later:\n\n```bash\ngit remote add upstream git@github.com:fastapi/full-stack-fastapi-template.git\n```\n\n- Push the code to your new repository:\n\n```bash\ngit push -u origin master\n```\n\n### Update From the Original Template\n\nAfter cloning the repository, and after doing changes, you might want to get the latest changes from this original template.\n\n- Make sure you added the original repository as a remote, you can check it with:\n\n```bash\ngit remote -v\n\norigin git@github.com:octocat/my-full-stack.git (fetch)\norigin git@github.com:octocat/my-full-stack.git (push)\nupstream git@github.com:fastapi/full-stack-fastapi-template.git (fetch)\nupstream git@github.com:fastapi/full-stack-fastapi-template.git (push)\n```\n\n- Pull the latest changes without merging:\n\n```bash\ngit pull --no-commit upstream master\n```\n\nThis will download the latest changes from this template without committing them, that way you can check everything is right before committing.\n\n- If there are conflicts, solve them in your editor.\n\n- Once you are done, commit the changes:\n\n```bash\ngit merge --continue\n```\n\n### Configure\n\nYou can then update configs in the `.env` files to customize your configurations.\n\nBefore deploying it, make sure you change at least the values for:\n\n- `SECRET_KEY`\n- `FIRST_SUPERUSER_PASSWORD`\n- `POSTGRES_PASSWORD`\n\nYou can (and should) pass these as environment variables from secrets.\n\nRead the [deployment.md](./deployment.md) docs for more details.\n\n### Generate Secret Keys\n\nSome environment variables in the `.env` file have a default value of `changethis`.\n\nYou have to change them with a secret key, to generate secret keys you can run the following command:\n\n```bash\npython -c \"import secrets; print(secrets.token_urlsafe(32))\"\n```\n\nCopy the content and use that as password / secret key. And run that again to generate another secure key.\n\n## How To Use It - Alternative With Copier\n\nThis repository also supports generating a new project using [Copier](https://copier.readthedocs.io).\n\nIt will copy all the files, ask you configuration questions, and update the `.env` files with your answers.\n\n### Install Copier\n\nYou can install Copier with:\n\n```bash\npip install copier\n```\n\nOr better, if you have [`pipx`](https://pipx.pypa.io/), you can run it with:\n\n```bash\npipx install copier\n```\n\n**Note**: If you have `pipx`, installing copier is optional, you could run it directly.\n\n### Generate a Project With Copier\n\nDecide a name for your new project's directory, you will use it below. For example, `my-awesome-project`.\n\nGo to the directory that will be the parent of your project, and run the command with your project's name:\n\n```bash\ncopier copy https://github.com/fastapi/full-stack-fastapi-template my-awesome-project --trust\n```\n\nIf you have `pipx` and you didn't install `copier`, you can run it directly:\n\n```bash\npipx run copier copy https://github.com/fastapi/full-stack-fastapi-template my-awesome-project --trust\n```\n\n**Note** the `--trust` option is necessary to be able to execute a [post-creation script](https://github.com/fastapi/full-stack-fastapi-template/blob/master/.copier/update_dotenv.py) that updates your `.env` files.\n\n### Input Variables\n\nCopier will ask you for some data, you might want to have at hand before generating the project.\n\nBut don't worry, you can just update any of that in the `.env` files afterwards.\n\nThe input variables, with their default values (some auto generated) are:\n\n- `project_name`: (default: `\"FastAPI Project\"`) The name of the project, shown to API users (in .env).\n- `stack_name`: (default: `\"fastapi-project\"`) The name of the stack used for Docker Compose labels and project name (no spaces, no periods) (in .env).\n- `secret_key`: (default: `\"changethis\"`) The secret key for the project, used for security, stored in .env, you can generate one with the method above.\n- `first_superuser`: (default: `\"admin@example.com\"`) The email of the first superuser (in .env).\n- `first_superuser_password`: (default: `\"changethis\"`) The password of the first superuser (in .env).\n- `smtp_host`: (default: \"\") The SMTP server host to send emails, you can set it later in .env.\n- `smtp_user`: (default: \"\") The SMTP server user to send emails, you can set it later in .env.\n- `smtp_password`: (default: \"\") The SMTP server password to send emails, you can set it later in .env.\n- `emails_from_email`: (default: `\"info@example.com\"`) The email account to send emails from, you can set it later in .env.\n- `postgres_password`: (default: `\"changethis\"`) The password for the PostgreSQL database, stored in .env, you can generate one with the method above.\n- `sentry_dsn`: (default: \"\") The DSN for Sentry, if you are using it, you can set it later in .env.\n\n## Backend Development\n\nBackend docs: [backend/README.md](./backend/README.md).\n\n## Frontend Development\n\nFrontend docs: [frontend/README.md](./frontend/README.md).\n\n## Deployment\n\nDeployment docs: [deployment.md](./deployment.md).\n\n## Development\n\nGeneral development docs: [development.md](./development.md).\n\nThis includes using Docker Compose, custom local domains, `.env` configurations, etc.\n\n## Release Notes\n\nCheck the file [release-notes.md](./release-notes.md).\n\n## License\n\nThe Full Stack FastAPI Template is licensed under the terms of the MIT license.\n" }, { "path": "SECURITY.md", "content": "# Security Policy\n\nSecurity is very important for this project and its community. πŸ”’\n\nLearn more about it below. πŸ‘‡\n\n## Versions\n\nThe latest version or release is supported.\n\nYou are encouraged to write tests for your application and update your versions frequently after ensuring that your tests are passing. This way you will benefit from the latest features, bug fixes, and **security fixes**.\n\n## Reporting a Vulnerability\n\nIf you think you found a vulnerability, and even if you are not sure about it, please report it right away by sending an email to: security@tiangolo.com. Please try to be as explicit as possible, describing all the steps and example code to reproduce the security issue.\n\nI (the author, [@tiangolo](https://twitter.com/tiangolo)) will review it thoroughly and get back to you.\n\n## Public Discussions\n\nPlease restrain from publicly discussing a potential security vulnerability. πŸ™Š\n\nIt's better to discuss privately and try to find a solution first, to limit the potential impact as much as possible.\n\n---\n\nThanks for your help!\n\nThe community and I thank you for that. πŸ™‡\n" }, { "path": "backend/.dockerignore", "content": "# Python\n__pycache__\napp.egg-info\n*.pyc\n.mypy_cache\n.coverage\nhtmlcov\n.venv\n" }, { "path": "backend/.gitignore", "content": "__pycache__\napp.egg-info\n*.pyc\n.mypy_cache\n.coverage\nhtmlcov\n.cache\n.venv\n" }, { "path": "backend/Dockerfile", "content": "FROM python:3.10\n\nENV PYTHONUNBUFFERED=1\n\n# Install uv\n# Ref: https://docs.astral.sh/uv/guides/integration/docker/#installing-uv\nCOPY --from=ghcr.io/astral-sh/uv:0.9.26 /uv /uvx /bin/\n\n# Compile bytecode\n# Ref: https://docs.astral.sh/uv/guides/integration/docker/#compiling-bytecode\nENV UV_COMPILE_BYTECODE=1\n\n# uv Cache\n# Ref: https://docs.astral.sh/uv/guides/integration/docker/#caching\nENV UV_LINK_MODE=copy\n\nWORKDIR /app/\n\n# Place executables in the environment at the front of the path\n# Ref: https://docs.astral.sh/uv/guides/integration/docker/#using-the-environment\nENV PATH=\"/app/.venv/bin:$PATH\"\n\n# Install dependencies\n# Ref: https://docs.astral.sh/uv/guides/integration/docker/#intermediate-layers\nRUN --mount=type=cache,target=/root/.cache/uv \\\n --mount=type=bind,source=uv.lock,target=uv.lock \\\n --mount=type=bind,source=pyproject.toml,target=pyproject.toml \\\n uv sync --frozen --no-install-workspace --package app\n\nCOPY ./backend/scripts /app/backend/scripts\n\nCOPY ./backend/pyproject.toml ./backend/alembic.ini /app/backend/\n\nCOPY ./backend/app /app/backend/app\n\n# Sync the project\n# Ref: https://docs.astral.sh/uv/guides/integration/docker/#intermediate-layers\nRUN --mount=type=cache,target=/root/.cache/uv \\\n --mount=type=bind,source=uv.lock,target=uv.lock \\\n --mount=type=bind,source=pyproject.toml,target=pyproject.toml \\\n uv sync --frozen --package app\n\nWORKDIR /app/backend/\n\nCMD [\"fastapi\", \"run\", \"--workers\", \"4\", \"app/main.py\"]\n" }, { "path": "backend/README.md", "content": "# FastAPI Project - Backend\n\n## Requirements\n\n* [Docker](https://www.docker.com/).\n* [uv](https://docs.astral.sh/uv/) for Python package and environment management.\n\n## Docker Compose\n\nStart the local development environment with Docker Compose following the guide in [../development.md](../development.md).\n\n## General Workflow\n\nBy default, the dependencies are managed with [uv](https://docs.astral.sh/uv/), go there and install it.\n\nFrom `./backend/` you can install all the dependencies with:\n\n```console\n$ uv sync\n```\n\nThen you can activate the virtual environment with:\n\n```console\n$ source .venv/bin/activate\n```\n\nMake sure your editor is using the correct Python virtual environment, with the interpreter at `backend/.venv/bin/python`.\n\nModify or add SQLModel models for data and SQL tables in `./backend/app/models.py`, API endpoints in `./backend/app/api/`, CRUD (Create, Read, Update, Delete) utils in `./backend/app/crud.py`.\n\n## VS Code\n\nThere are already configurations in place to run the backend through the VS Code debugger, so that you can use breakpoints, pause and explore variables, etc.\n\nThe setup is also already configured so you can run the tests through the VS Code Python tests tab.\n\n## Docker Compose Override\n\nDuring development, you can change Docker Compose settings that will only affect the local development environment in the file `compose.override.yml`.\n\nThe changes to that file only affect the local development environment, not the production environment. So, you can add \"temporary\" changes that help the development workflow.\n\nFor example, the directory with the backend code is synchronized in the Docker container, copying the code you change live to the directory inside the container. That allows you to test your changes right away, without having to build the Docker image again. It should only be done during development, for production, you should build the Docker image with a recent version of the backend code. But during development, it allows you to iterate very fast.\n\nThere is also a command override that runs `fastapi run --reload` instead of the default `fastapi run`. It starts a single server process (instead of multiple, as would be for production) and reloads the process whenever the code changes. Have in mind that if you have a syntax error and save the Python file, it will break and exit, and the container will stop. After that, you can restart the container by fixing the error and running again:\n\n```console\n$ docker compose watch\n```\n\nThere is also a commented out `command` override, you can uncomment it and comment the default one. It makes the backend container run a process that does \"nothing\", but keeps the container alive. That allows you to get inside your running container and execute commands inside, for example a Python interpreter to test installed dependencies, or start the development server that reloads when it detects changes.\n\nTo get inside the container with a `bash` session you can start the stack with:\n\n```console\n$ docker compose watch\n```\n\nand then in another terminal, `exec` inside the running container:\n\n```console\n$ docker compose exec backend bash\n```\n\nYou should see an output like:\n\n```console\nroot@7f2607af31c3:/app#\n```\n\nthat means that you are in a `bash` session inside your container, as a `root` user, under the `/app` directory, this directory has another directory called \"app\" inside, that's where your code lives inside the container: `/app/app`.\n\nThere you can use the `fastapi run --reload` command to run the debug live reloading server.\n\n```console\n$ fastapi run --reload app/main.py\n```\n\n...it will look like:\n\n```console\nroot@7f2607af31c3:/app# fastapi run --reload app/main.py\n```\n\nand then hit enter. That runs the live reloading server that auto reloads when it detects code changes.\n\nNevertheless, if it doesn't detect a change but a syntax error, it will just stop with an error. But as the container is still alive and you are in a Bash session, you can quickly restart it after fixing the error, running the same command (\"up arrow\" and \"Enter\").\n\n...this previous detail is what makes it useful to have the container alive doing nothing and then, in a Bash session, make it run the live reload server.\n\n## Backend tests\n\nTo test the backend run:\n\n```console\n$ bash ./scripts/test.sh\n```\n\nThe tests run with Pytest, modify and add tests to `./backend/tests/`.\n\nIf you use GitHub Actions the tests will run automatically.\n\n### Test running stack\n\nIf your stack is already up and you just want to run the tests, you can use:\n\n```bash\ndocker compose exec backend bash scripts/tests-start.sh\n```\n\nThat `/app/scripts/tests-start.sh` script just calls `pytest` after making sure that the rest of the stack is running. If you need to pass extra arguments to `pytest`, you can pass them to that command and they will be forwarded.\n\nFor example, to stop on first error:\n\n```bash\ndocker compose exec backend bash scripts/tests-start.sh -x\n```\n\n### Test Coverage\n\nWhen the tests are run, a file `htmlcov/index.html` is generated, you can open it in your browser to see the coverage of the tests.\n\n## Migrations\n\nAs during local development your app directory is mounted as a volume inside the container, you can also run the migrations with `alembic` commands inside the container and the migration code will be in your app directory (instead of being only inside the container). So you can add it to your git repository.\n\nMake sure you create a \"revision\" of your models and that you \"upgrade\" your database with that revision every time you change them. As this is what will update the tables in your database. Otherwise, your application will have errors.\n\n* Start an interactive session in the backend container:\n\n```console\n$ docker compose exec backend bash\n```\n\n* Alembic is already configured to import your SQLModel models from `./backend/app/models.py`.\n\n* After changing a model (for example, adding a column), inside the container, create a revision, e.g.:\n\n```console\n$ alembic revision --autogenerate -m \"Add column last_name to User model\"\n```\n\n* Commit to the git repository the files generated in the alembic directory.\n\n* After creating the revision, run the migration in the database (this is what will actually change the database):\n\n```console\n$ alembic upgrade head\n```\n\nIf you don't want to use migrations at all, uncomment the lines in the file at `./backend/app/core/db.py` that end in:\n\n```python\nSQLModel.metadata.create_all(engine)\n```\n\nand comment the line in the file `scripts/prestart.sh` that contains:\n\n```console\n$ alembic upgrade head\n```\n\nIf you don't want to start with the default models and want to remove them / modify them, from the beginning, without having any previous revision, you can remove the revision files (`.py` Python files) under `./backend/app/alembic/versions/`. And then create a first migration as described above.\n\n## Email Templates\n\nThe email templates are in `./backend/app/email-templates/`. Here, there are two directories: `build` and `src`. The `src` directory contains the source files that are used to build the final email templates. The `build` directory contains the final email templates that are used by the application.\n\nBefore continuing, ensure you have the [MJML extension](https://github.com/mjmlio/vscode-mjml) installed in your VS Code.\n\nOnce you have the MJML extension installed, you can create a new email template in the `src` directory. After creating the new email template and with the `.mjml` file open in your editor, open the command palette with `Ctrl+Shift+P` and search for `MJML: Export to HTML`. This will convert the `.mjml` file to a `.html` file and now you can save it in the build directory.\n" }, { "path": "backend/alembic.ini", "content": "# A generic, single database configuration.\n\n[alembic]\n# path to migration scripts\nscript_location = app/alembic\n\n# template used to generate migration files\n# file_template = %%(rev)s_%%(slug)s\n\n# timezone to use when rendering the date\n# within the migration file as well as the filename.\n# string value is passed to dateutil.tz.gettz()\n# leave blank for localtime\n# timezone =\n\n# max length of characters to apply to the\n# \"slug\" field\n#truncate_slug_length = 40\n\n# set to 'true' to run the environment during\n# the 'revision' command, regardless of autogenerate\n# revision_environment = false\n\n# set to 'true' to allow .pyc and .pyo files without\n# a source .py file to be detected as revisions in the\n# versions/ directory\n# sourceless = false\n\n# version location specification; this defaults\n# to alembic/versions. When using multiple version\n# directories, initial revisions must be specified with --version-path\n# version_locations = %(here)s/bar %(here)s/bat alembic/versions\n\n# the output encoding used when revision files\n# are written from script.py.mako\n# output_encoding = utf-8\n\n# Logging configuration\n[loggers]\nkeys = root,sqlalchemy,alembic\n\n[handlers]\nkeys = console\n\n[formatters]\nkeys = generic\n\n[logger_root]\nlevel = WARN\nhandlers = console\nqualname =\n\n[logger_sqlalchemy]\nlevel = WARN\nhandlers =\nqualname = sqlalchemy.engine\n\n[logger_alembic]\nlevel = INFO\nhandlers =\nqualname = alembic\n\n[handler_console]\nclass = StreamHandler\nargs = (sys.stderr,)\nlevel = NOTSET\nformatter = generic\n\n[formatter_generic]\nformat = %(levelname)-5.5s [%(name)s] %(message)s\ndatefmt = %H:%M:%S\n" }, { "path": "backend/app/__init__.py", "content": "" }, { "path": "backend/app/alembic/README", "content": "Generic single-database configuration.\n" }, { "path": "backend/app/alembic/env.py", "content": "import os\nfrom logging.config import fileConfig\n\nfrom alembic import context\nfrom sqlalchemy import engine_from_config, pool\n\n# this is the Alembic Config object, which provides\n# access to the values within the .ini file in use.\nconfig = context.config\n\n# Interpret the config file for Python logging.\n# This line sets up loggers basically.\nassert config.config_file_name is not None\nfileConfig(config.config_file_name)\n\n# add your model's MetaData object here\n# for 'autogenerate' support\n# from myapp import mymodel\n# target_metadata = mymodel.Base.metadata\n# target_metadata = None\n\nfrom app.models import SQLModel # noqa\nfrom app.core.config import settings # noqa\n\ntarget_metadata = SQLModel.metadata\n\n# other values from the config, defined by the needs of env.py,\n# can be acquired:\n# my_important_option = config.get_main_option(\"my_important_option\")\n# ... etc.\n\n\ndef get_url():\n return str(settings.SQLALCHEMY_DATABASE_URI)\n\n\ndef run_migrations_offline():\n \"\"\"Run migrations in 'offline' mode.\n\n This configures the context with just a URL\n and not an Engine, though an Engine is acceptable\n here as well. By skipping the Engine creation\n we don't even need a DBAPI to be available.\n\n Calls to context.execute() here emit the given string to the\n script output.\n\n \"\"\"\n url = get_url()\n context.configure(\n url=url, target_metadata=target_metadata, literal_binds=True, compare_type=True\n )\n\n with context.begin_transaction():\n context.run_migrations()\n\n\ndef run_migrations_online():\n \"\"\"Run migrations in 'online' mode.\n\n In this scenario we need to create an Engine\n and associate a connection with the context.\n\n \"\"\"\n configuration = config.get_section(config.config_ini_section)\n configuration[\"sqlalchemy.url\"] = get_url()\n connectable = engine_from_config(\n configuration,\n prefix=\"sqlalchemy.\",\n poolclass=pool.NullPool,\n )\n\n with connectable.connect() as connection:\n context.configure(\n connection=connection, target_metadata=target_metadata, compare_type=True\n )\n\n with context.begin_transaction():\n context.run_migrations()\n\n\nif context.is_offline_mode():\n run_migrations_offline()\nelse:\n run_migrations_online()\n" }, { "path": "backend/app/alembic/script.py.mako", "content": "\"\"\"${message}\n\nRevision ID: ${up_revision}\nRevises: ${down_revision | comma,n}\nCreate Date: ${create_date}\n\n\"\"\"\nfrom alembic import op\nimport sqlalchemy as sa\nimport sqlmodel.sql.sqltypes\n${imports if imports else \"\"}\n\n# revision identifiers, used by Alembic.\nrevision = ${repr(up_revision)}\ndown_revision = ${repr(down_revision)}\nbranch_labels = ${repr(branch_labels)}\ndepends_on = ${repr(depends_on)}\n\n\ndef upgrade():\n ${upgrades if upgrades else \"pass\"}\n\n\ndef downgrade():\n ${downgrades if downgrades else \"pass\"}\n" }, { "path": "backend/app/alembic/versions/.keep", "content": "" }, { "path": "backend/app/alembic/versions/1a31ce608336_add_cascade_delete_relationships.py", "content": "\"\"\"Add cascade delete relationships\n\nRevision ID: 1a31ce608336\nRevises: d98dd8ec85a3\nCreate Date: 2024-07-31 22:24:34.447891\n\n\"\"\"\nfrom alembic import op\nimport sqlalchemy as sa\nimport sqlmodel.sql.sqltypes\n\n\n# revision identifiers, used by Alembic.\nrevision = '1a31ce608336'\ndown_revision = 'd98dd8ec85a3'\nbranch_labels = None\ndepends_on = None\n\n\ndef upgrade():\n # ### commands auto generated by Alembic - please adjust! ###\n op.alter_column('item', 'owner_id',\n existing_type=sa.UUID(),\n nullable=False)\n op.drop_constraint('item_owner_id_fkey', 'item', type_='foreignkey')\n op.create_foreign_key(None, 'item', 'user', ['owner_id'], ['id'], ondelete='CASCADE')\n # ### end Alembic commands ###\n\n\ndef downgrade():\n # ### commands auto generated by Alembic - please adjust! ###\n op.drop_constraint(None, 'item', type_='foreignkey')\n op.create_foreign_key('item_owner_id_fkey', 'item', 'user', ['owner_id'], ['id'])\n op.alter_column('item', 'owner_id',\n existing_type=sa.UUID(),\n nullable=True)\n # ### end Alembic commands ###\n" }, { "path": "backend/app/alembic/versions/9c0a54914c78_add_max_length_for_string_varchar_.py", "content": "\"\"\"Add max length for string(varchar) fields in User and Items models\n\nRevision ID: 9c0a54914c78\nRevises: e2412789c190\nCreate Date: 2024-06-17 14:42:44.639457\n\n\"\"\"\nfrom alembic import op\nimport sqlalchemy as sa\nimport sqlmodel.sql.sqltypes\n\n\n# revision identifiers, used by Alembic.\nrevision = '9c0a54914c78'\ndown_revision = 'e2412789c190'\nbranch_labels = None\ndepends_on = None\n\n\ndef upgrade():\n # Adjust the length of the email field in the User table\n op.alter_column('user', 'email',\n existing_type=sa.String(),\n type_=sa.String(length=255),\n existing_nullable=False)\n\n # Adjust the length of the full_name field in the User table\n op.alter_column('user', 'full_name',\n existing_type=sa.String(),\n type_=sa.String(length=255),\n existing_nullable=True)\n\n # Adjust the length of the title field in the Item table\n op.alter_column('item', 'title',\n existing_type=sa.String(),\n type_=sa.String(length=255),\n existing_nullable=False)\n\n # Adjust the length of the description field in the Item table\n op.alter_column('item', 'description',\n existing_type=sa.String(),\n type_=sa.String(length=255),\n existing_nullable=True)\n\n\ndef downgrade():\n # Revert the length of the email field in the User table\n op.alter_column('user', 'email',\n existing_type=sa.String(length=255),\n type_=sa.String(),\n existing_nullable=False)\n\n # Revert the length of the full_name field in the User table\n op.alter_column('user', 'full_name',\n existing_type=sa.String(length=255),\n type_=sa.String(),\n existing_nullable=True)\n\n # Revert the length of the title field in the Item table\n op.alter_column('item', 'title',\n existing_type=sa.String(length=255),\n type_=sa.String(),\n existing_nullable=False)\n\n # Revert the length of the description field in the Item table\n op.alter_column('item', 'description',\n existing_type=sa.String(length=255),\n type_=sa.String(),\n existing_nullable=True)\n" }, { "path": "backend/app/alembic/versions/d98dd8ec85a3_edit_replace_id_integers_in_all_models_.py", "content": "\"\"\"Edit replace id integers in all models to use UUID instead\n\nRevision ID: d98dd8ec85a3\nRevises: 9c0a54914c78\nCreate Date: 2024-07-19 04:08:04.000976\n\n\"\"\"\nfrom alembic import op\nimport sqlalchemy as sa\nimport sqlmodel.sql.sqltypes\nfrom sqlalchemy.dialects import postgresql\n\n\n# revision identifiers, used by Alembic.\nrevision = 'd98dd8ec85a3'\ndown_revision = '9c0a54914c78'\nbranch_labels = None\ndepends_on = None\n\n\ndef upgrade():\n # Ensure uuid-ossp extension is available\n op.execute('CREATE EXTENSION IF NOT EXISTS \"uuid-ossp\"')\n\n # Create a new UUID column with a default UUID value\n op.add_column('user', sa.Column('new_id', postgresql.UUID(as_uuid=True), default=sa.text('uuid_generate_v4()')))\n op.add_column('item', sa.Column('new_id', postgresql.UUID(as_uuid=True), default=sa.text('uuid_generate_v4()')))\n op.add_column('item', sa.Column('new_owner_id', postgresql.UUID(as_uuid=True), nullable=True))\n\n # Populate the new columns with UUIDs\n op.execute('UPDATE \"user\" SET new_id = uuid_generate_v4()')\n op.execute('UPDATE item SET new_id = uuid_generate_v4()')\n op.execute('UPDATE item SET new_owner_id = (SELECT new_id FROM \"user\" WHERE \"user\".id = item.owner_id)')\n\n # Set the new_id as not nullable\n op.alter_column('user', 'new_id', nullable=False)\n op.alter_column('item', 'new_id', nullable=False)\n\n # Drop old columns and rename new columns\n op.drop_constraint('item_owner_id_fkey', 'item', type_='foreignkey')\n op.drop_column('item', 'owner_id')\n op.alter_column('item', 'new_owner_id', new_column_name='owner_id')\n\n op.drop_column('user', 'id')\n op.alter_column('user', 'new_id', new_column_name='id')\n\n op.drop_column('item', 'id')\n op.alter_column('item', 'new_id', new_column_name='id')\n\n # Create primary key constraint\n op.create_primary_key('user_pkey', 'user', ['id'])\n op.create_primary_key('item_pkey', 'item', ['id'])\n\n # Recreate foreign key constraint\n op.create_foreign_key('item_owner_id_fkey', 'item', 'user', ['owner_id'], ['id'])\n\ndef downgrade():\n # Reverse the upgrade process\n op.add_column('user', sa.Column('old_id', sa.Integer, autoincrement=True))\n op.add_column('item', sa.Column('old_id', sa.Integer, autoincrement=True))\n op.add_column('item', sa.Column('old_owner_id', sa.Integer, nullable=True))\n\n # Populate the old columns with default values\n # Generate sequences for the integer IDs if not exist\n op.execute('CREATE SEQUENCE IF NOT EXISTS user_id_seq AS INTEGER OWNED BY \"user\".old_id')\n op.execute('CREATE SEQUENCE IF NOT EXISTS item_id_seq AS INTEGER OWNED BY item.old_id')\n\n op.execute('SELECT setval(\\'user_id_seq\\', COALESCE((SELECT MAX(old_id) + 1 FROM \"user\"), 1), false)')\n op.execute('SELECT setval(\\'item_id_seq\\', COALESCE((SELECT MAX(old_id) + 1 FROM item), 1), false)')\n\n op.execute('UPDATE \"user\" SET old_id = nextval(\\'user_id_seq\\')')\n op.execute('UPDATE item SET old_id = nextval(\\'item_id_seq\\'), old_owner_id = (SELECT old_id FROM \"user\" WHERE \"user\".id = item.owner_id)')\n\n # Drop new columns and rename old columns back\n op.drop_constraint('item_owner_id_fkey', 'item', type_='foreignkey')\n op.drop_column('item', 'owner_id')\n op.alter_column('item', 'old_owner_id', new_column_name='owner_id')\n\n op.drop_column('user', 'id')\n op.alter_column('user', 'old_id', new_column_name='id')\n\n op.drop_column('item', 'id')\n op.alter_column('item', 'old_id', new_column_name='id')\n\n # Create primary key constraint\n op.create_primary_key('user_pkey', 'user', ['id'])\n op.create_primary_key('item_pkey', 'item', ['id'])\n\n # Recreate foreign key constraint\n op.create_foreign_key('item_owner_id_fkey', 'item', 'user', ['owner_id'], ['id'])\n" }, { "path": "backend/app/alembic/versions/e2412789c190_initialize_models.py", "content": "\"\"\"Initialize models\n\nRevision ID: e2412789c190\nRevises:\nCreate Date: 2023-11-24 22:55:43.195942\n\n\"\"\"\nimport sqlalchemy as sa\nimport sqlmodel.sql.sqltypes\nfrom alembic import op\n\n# revision identifiers, used by Alembic.\nrevision = \"e2412789c190\"\ndown_revision = None\nbranch_labels = None\ndepends_on = None\n\n\ndef upgrade():\n # ### commands auto generated by Alembic - please adjust! ###\n op.create_table(\n \"user\",\n sa.Column(\"email\", sqlmodel.sql.sqltypes.AutoString(), nullable=False),\n sa.Column(\"is_active\", sa.Boolean(), nullable=False),\n sa.Column(\"is_superuser\", sa.Boolean(), nullable=False),\n sa.Column(\"full_name\", sqlmodel.sql.sqltypes.AutoString(), nullable=True),\n sa.Column(\"id\", sa.Integer(), nullable=False),\n sa.Column(\n \"hashed_password\", sqlmodel.sql.sqltypes.AutoString(), nullable=False\n ),\n sa.PrimaryKeyConstraint(\"id\"),\n )\n op.create_index(op.f(\"ix_user_email\"), \"user\", [\"email\"], unique=True)\n op.create_table(\n \"item\",\n sa.Column(\"description\", sqlmodel.sql.sqltypes.AutoString(), nullable=True),\n sa.Column(\"id\", sa.Integer(), nullable=False),\n sa.Column(\"title\", sqlmodel.sql.sqltypes.AutoString(), nullable=False),\n sa.Column(\"owner_id\", sa.Integer(), nullable=False),\n sa.ForeignKeyConstraint(\n [\"owner_id\"],\n [\"user.id\"],\n ),\n sa.PrimaryKeyConstraint(\"id\"),\n )\n # ### end Alembic commands ###\n\n\ndef downgrade():\n # ### commands auto generated by Alembic - please adjust! ###\n op.drop_table(\"item\")\n op.drop_index(op.f(\"ix_user_email\"), table_name=\"user\")\n op.drop_table(\"user\")\n # ### end Alembic commands ###\n" }, { "path": "backend/app/alembic/versions/fe56fa70289e_add_created_at_to_user_and_item.py", "content": "\"\"\"Add created_at to User and Item\n\nRevision ID: fe56fa70289e\nRevises: 1a31ce608336\nCreate Date: 2026-01-23 15:50:37.171462\n\n\"\"\"\nfrom alembic import op\nimport sqlalchemy as sa\nimport sqlmodel.sql.sqltypes\n\n\n# revision identifiers, used by Alembic.\nrevision = 'fe56fa70289e'\ndown_revision = '1a31ce608336'\nbranch_labels = None\ndepends_on = None\n\n\ndef upgrade():\n # ### commands auto generated by Alembic - please adjust! ###\n op.add_column('item', sa.Column('created_at', sa.DateTime(timezone=True), nullable=True))\n op.add_column('user', sa.Column('created_at', sa.DateTime(timezone=True), nullable=True))\n # ### end Alembic commands ###\n\n\ndef downgrade():\n # ### commands auto generated by Alembic - please adjust! ###\n op.drop_column('user', 'created_at')\n op.drop_column('item', 'created_at')\n # ### end Alembic commands ###\n" }, { "path": "backend/app/api/__init__.py", "content": "" }, { "path": "backend/app/api/deps.py", "content": "from collections.abc import Generator\nfrom typing import Annotated\n\nimport jwt\nfrom fastapi import Depends, HTTPException, status\nfrom fastapi.security import OAuth2PasswordBearer\nfrom jwt.exceptions import InvalidTokenError\nfrom pydantic import ValidationError\nfrom sqlmodel import Session\n\nfrom app.core import security\nfrom app.core.config import settings\nfrom app.core.db import engine\nfrom app.models import TokenPayload, User\n\nreusable_oauth2 = OAuth2PasswordBearer(\n tokenUrl=f\"{settings.API_V1_STR}/login/access-token\"\n)\n\n\ndef get_db() -> Generator[Session, None, None]:\n with Session(engine) as session:\n yield session\n\n\nSessionDep = Annotated[Session, Depends(get_db)]\nTokenDep = Annotated[str, Depends(reusable_oauth2)]\n\n\ndef get_current_user(session: SessionDep, token: TokenDep) -> User:\n try:\n payload = jwt.decode(\n token, settings.SECRET_KEY, algorithms=[security.ALGORITHM]\n )\n token_data = TokenPayload(**payload)\n except (InvalidTokenError, ValidationError):\n raise HTTPException(\n status_code=status.HTTP_403_FORBIDDEN,\n detail=\"Could not validate credentials\",\n )\n user = session.get(User, token_data.sub)\n if not user:\n raise HTTPException(status_code=404, detail=\"User not found\")\n if not user.is_active:\n raise HTTPException(status_code=400, detail=\"Inactive user\")\n return user\n\n\nCurrentUser = Annotated[User, Depends(get_current_user)]\n\n\ndef get_current_active_superuser(current_user: CurrentUser) -> User:\n if not current_user.is_superuser:\n raise HTTPException(\n status_code=403, detail=\"The user doesn't have enough privileges\"\n )\n return current_user\n" }, { "path": "backend/app/api/main.py", "content": "from fastapi import APIRouter\n\nfrom app.api.routes import items, login, private, users, utils\nfrom app.core.config import settings\n\napi_router = APIRouter()\napi_router.include_router(login.router)\napi_router.include_router(users.router)\napi_router.include_router(utils.router)\napi_router.include_router(items.router)\n\n\nif settings.ENVIRONMENT == \"local\":\n api_router.include_router(private.router)\n" }, { "path": "backend/app/api/routes/__init__.py", "content": "" }, { "path": "backend/app/api/routes/items.py", "content": "import uuid\nfrom typing import Any\n\nfrom fastapi import APIRouter, HTTPException\nfrom sqlmodel import col, func, select\n\nfrom app.api.deps import CurrentUser, SessionDep\nfrom app.models import Item, ItemCreate, ItemPublic, ItemsPublic, ItemUpdate, Message\n\nrouter = APIRouter(prefix=\"/items\", tags=[\"items\"])\n\n\n@router.get(\"/\", response_model=ItemsPublic)\ndef read_items(\n session: SessionDep, current_user: CurrentUser, skip: int = 0, limit: int = 100\n) -> Any:\n \"\"\"\n Retrieve items.\n \"\"\"\n\n if current_user.is_superuser:\n count_statement = select(func.count()).select_from(Item)\n count = session.exec(count_statement).one()\n statement = (\n select(Item).order_by(col(Item.created_at).desc()).offset(skip).limit(limit)\n )\n items = session.exec(statement).all()\n else:\n count_statement = (\n select(func.count())\n .select_from(Item)\n .where(Item.owner_id == current_user.id)\n )\n count = session.exec(count_statement).one()\n statement = (\n select(Item)\n .where(Item.owner_id == current_user.id)\n .order_by(col(Item.created_at).desc())\n .offset(skip)\n .limit(limit)\n )\n items = session.exec(statement).all()\n\n return ItemsPublic(data=items, count=count)\n\n\n@router.get(\"/{id}\", response_model=ItemPublic)\ndef read_item(session: SessionDep, current_user: CurrentUser, id: uuid.UUID) -> Any:\n \"\"\"\n Get item by ID.\n \"\"\"\n item = session.get(Item, id)\n if not item:\n raise HTTPException(status_code=404, detail=\"Item not found\")\n if not current_user.is_superuser and (item.owner_id != current_user.id):\n raise HTTPException(status_code=403, detail=\"Not enough permissions\")\n return item\n\n\n@router.post(\"/\", response_model=ItemPublic)\ndef create_item(\n *, session: SessionDep, current_user: CurrentUser, item_in: ItemCreate\n) -> Any:\n \"\"\"\n Create new item.\n \"\"\"\n item = Item.model_validate(item_in, update={\"owner_id\": current_user.id})\n session.add(item)\n session.commit()\n session.refresh(item)\n return item\n\n\n@router.put(\"/{id}\", response_model=ItemPublic)\ndef update_item(\n *,\n session: SessionDep,\n current_user: CurrentUser,\n id: uuid.UUID,\n item_in: ItemUpdate,\n) -> Any:\n \"\"\"\n Update an item.\n \"\"\"\n item = session.get(Item, id)\n if not item:\n raise HTTPException(status_code=404, detail=\"Item not found\")\n if not current_user.is_superuser and (item.owner_id != current_user.id):\n raise HTTPException(status_code=403, detail=\"Not enough permissions\")\n update_dict = item_in.model_dump(exclude_unset=True)\n item.sqlmodel_update(update_dict)\n session.add(item)\n session.commit()\n session.refresh(item)\n return item\n\n\n@router.delete(\"/{id}\")\ndef delete_item(\n session: SessionDep, current_user: CurrentUser, id: uuid.UUID\n) -> Message:\n \"\"\"\n Delete an item.\n \"\"\"\n item = session.get(Item, id)\n if not item:\n raise HTTPException(status_code=404, detail=\"Item not found\")\n if not current_user.is_superuser and (item.owner_id != current_user.id):\n raise HTTPException(status_code=403, detail=\"Not enough permissions\")\n session.delete(item)\n session.commit()\n return Message(message=\"Item deleted successfully\")\n" }, { "path": "backend/app/api/routes/login.py", "content": "from datetime import timedelta\nfrom typing import Annotated, Any\n\nfrom fastapi import APIRouter, Depends, HTTPException\nfrom fastapi.responses import HTMLResponse\nfrom fastapi.security import OAuth2PasswordRequestForm\n\nfrom app import crud\nfrom app.api.deps import CurrentUser, SessionDep, get_current_active_superuser\nfrom app.core import security\nfrom app.core.config import settings\nfrom app.models import Message, NewPassword, Token, UserPublic, UserUpdate\nfrom app.utils import (\n generate_password_reset_token,\n generate_reset_password_email,\n send_email,\n verify_password_reset_token,\n)\n\nrouter = APIRouter(tags=[\"login\"])\n\n\n@router.post(\"/login/access-token\")\ndef login_access_token(\n session: SessionDep, form_data: Annotated[OAuth2PasswordRequestForm, Depends()]\n) -> Token:\n \"\"\"\n OAuth2 compatible token login, get an access token for future requests\n \"\"\"\n user = crud.authenticate(\n session=session, email=form_data.username, password=form_data.password\n )\n if not user:\n raise HTTPException(status_code=400, detail=\"Incorrect email or password\")\n elif not user.is_active:\n raise HTTPException(status_code=400, detail=\"Inactive user\")\n access_token_expires = timedelta(minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES)\n return Token(\n access_token=security.create_access_token(\n user.id, expires_delta=access_token_expires\n )\n )\n\n\n@router.post(\"/login/test-token\", response_model=UserPublic)\ndef test_token(current_user: CurrentUser) -> Any:\n \"\"\"\n Test access token\n \"\"\"\n return current_user\n\n\n@router.post(\"/password-recovery/{email}\")\ndef recover_password(email: str, session: SessionDep) -> Message:\n \"\"\"\n Password Recovery\n \"\"\"\n user = crud.get_user_by_email(session=session, email=email)\n\n # Always return the same response to prevent email enumeration attacks\n # Only send email if user actually exists\n if user:\n password_reset_token = generate_password_reset_token(email=email)\n email_data = generate_reset_password_email(\n email_to=user.email, email=email, token=password_reset_token\n )\n send_email(\n email_to=user.email,\n subject=email_data.subject,\n html_content=email_data.html_content,\n )\n return Message(\n message=\"If that email is registered, we sent a password recovery link\"\n )\n\n\n@router.post(\"/reset-password/\")\ndef reset_password(session: SessionDep, body: NewPassword) -> Message:\n \"\"\"\n Reset password\n \"\"\"\n email = verify_password_reset_token(token=body.token)\n if not email:\n raise HTTPException(status_code=400, detail=\"Invalid token\")\n user = crud.get_user_by_email(session=session, email=email)\n if not user:\n # Don't reveal that the user doesn't exist - use same error as invalid token\n raise HTTPException(status_code=400, detail=\"Invalid token\")\n elif not user.is_active:\n raise HTTPException(status_code=400, detail=\"Inactive user\")\n user_in_update = UserUpdate(password=body.new_password)\n crud.update_user(\n session=session,\n db_user=user,\n user_in=user_in_update,\n )\n return Message(message=\"Password updated successfully\")\n\n\n@router.post(\n \"/password-recovery-html-content/{email}\",\n dependencies=[Depends(get_current_active_superuser)],\n response_class=HTMLResponse,\n)\ndef recover_password_html_content(email: str, session: SessionDep) -> Any:\n \"\"\"\n HTML Content for Password Recovery\n \"\"\"\n user = crud.get_user_by_email(session=session, email=email)\n\n if not user:\n raise HTTPException(\n status_code=404,\n detail=\"The user with this username does not exist in the system.\",\n )\n password_reset_token = generate_password_reset_token(email=email)\n email_data = generate_reset_password_email(\n email_to=user.email, email=email, token=password_reset_token\n )\n\n return HTMLResponse(\n content=email_data.html_content, headers={\"subject:\": email_data.subject}\n )\n" }, { "path": "backend/app/api/routes/private.py", "content": "from typing import Any\n\nfrom fastapi import APIRouter\nfrom pydantic import BaseModel\n\nfrom app.api.deps import SessionDep\nfrom app.core.security import get_password_hash\nfrom app.models import (\n User,\n UserPublic,\n)\n\nrouter = APIRouter(tags=[\"private\"], prefix=\"/private\")\n\n\nclass PrivateUserCreate(BaseModel):\n email: str\n password: str\n full_name: str\n is_verified: bool = False\n\n\n@router.post(\"/users/\", response_model=UserPublic)\ndef create_user(user_in: PrivateUserCreate, session: SessionDep) -> Any:\n \"\"\"\n Create a new user.\n \"\"\"\n\n user = User(\n email=user_in.email,\n full_name=user_in.full_name,\n hashed_password=get_password_hash(user_in.password),\n )\n\n session.add(user)\n session.commit()\n\n return user\n" }, { "path": "backend/app/api/routes/users.py", "content": "import uuid\nfrom typing import Any\n\nfrom fastapi import APIRouter, Depends, HTTPException\nfrom sqlmodel import col, delete, func, select\n\nfrom app import crud\nfrom app.api.deps import (\n CurrentUser,\n SessionDep,\n get_current_active_superuser,\n)\nfrom app.core.config import settings\nfrom app.core.security import get_password_hash, verify_password\nfrom app.models import (\n Item,\n Message,\n UpdatePassword,\n User,\n UserCreate,\n UserPublic,\n UserRegister,\n UsersPublic,\n UserUpdate,\n UserUpdateMe,\n)\nfrom app.utils import generate_new_account_email, send_email\n\nrouter = APIRouter(prefix=\"/users\", tags=[\"users\"])\n\n\n@router.get(\n \"/\",\n dependencies=[Depends(get_current_active_superuser)],\n response_model=UsersPublic,\n)\ndef read_users(session: SessionDep, skip: int = 0, limit: int = 100) -> Any:\n \"\"\"\n Retrieve users.\n \"\"\"\n\n count_statement = select(func.count()).select_from(User)\n count = session.exec(count_statement).one()\n\n statement = (\n select(User).order_by(col(User.created_at).desc()).offset(skip).limit(limit)\n )\n users = session.exec(statement).all()\n\n return UsersPublic(data=users, count=count)\n\n\n@router.post(\n \"/\", dependencies=[Depends(get_current_active_superuser)], response_model=UserPublic\n)\ndef create_user(*, session: SessionDep, user_in: UserCreate) -> Any:\n \"\"\"\n Create new user.\n \"\"\"\n user = crud.get_user_by_email(session=session, email=user_in.email)\n if user:\n raise HTTPException(\n status_code=400,\n detail=\"The user with this email already exists in the system.\",\n )\n\n user = crud.create_user(session=session, user_create=user_in)\n if settings.emails_enabled and user_in.email:\n email_data = generate_new_account_email(\n email_to=user_in.email, username=user_in.email, password=user_in.password\n )\n send_email(\n email_to=user_in.email,\n subject=email_data.subject,\n html_content=email_data.html_content,\n )\n return user\n\n\n@router.patch(\"/me\", response_model=UserPublic)\ndef update_user_me(\n *, session: SessionDep, user_in: UserUpdateMe, current_user: CurrentUser\n) -> Any:\n \"\"\"\n Update own user.\n \"\"\"\n\n if user_in.email:\n existing_user = crud.get_user_by_email(session=session, email=user_in.email)\n if existing_user and existing_user.id != current_user.id:\n raise HTTPException(\n status_code=409, detail=\"User with this email already exists\"\n )\n user_data = user_in.model_dump(exclude_unset=True)\n current_user.sqlmodel_update(user_data)\n session.add(current_user)\n session.commit()\n session.refresh(current_user)\n return current_user\n\n\n@router.patch(\"/me/password\", response_model=Message)\ndef update_password_me(\n *, session: SessionDep, body: UpdatePassword, current_user: CurrentUser\n) -> Any:\n \"\"\"\n Update own password.\n \"\"\"\n verified, _ = verify_password(body.current_password, current_user.hashed_password)\n if not verified:\n raise HTTPException(status_code=400, detail=\"Incorrect password\")\n if body.current_password == body.new_password:\n raise HTTPException(\n status_code=400, detail=\"New password cannot be the same as the current one\"\n )\n hashed_password = get_password_hash(body.new_password)\n current_user.hashed_password = hashed_password\n session.add(current_user)\n session.commit()\n return Message(message=\"Password updated successfully\")\n\n\n@router.get(\"/me\", response_model=UserPublic)\ndef read_user_me(current_user: CurrentUser) -> Any:\n \"\"\"\n Get current user.\n \"\"\"\n return current_user\n\n\n@router.delete(\"/me\", response_model=Message)\ndef delete_user_me(session: SessionDep, current_user: CurrentUser) -> Any:\n \"\"\"\n Delete own user.\n \"\"\"\n if current_user.is_superuser:\n raise HTTPException(\n status_code=403, detail=\"Super users are not allowed to delete themselves\"\n )\n session.delete(current_user)\n session.commit()\n return Message(message=\"User deleted successfully\")\n\n\n@router.post(\"/signup\", response_model=UserPublic)\ndef register_user(session: SessionDep, user_in: UserRegister) -> Any:\n \"\"\"\n Create new user without the need to be logged in.\n \"\"\"\n user = crud.get_user_by_email(session=session, email=user_in.email)\n if user:\n raise HTTPException(\n status_code=400,\n detail=\"The user with this email already exists in the system\",\n )\n user_create = UserCreate.model_validate(user_in)\n user = crud.create_user(session=session, user_create=user_create)\n return user\n\n\n@router.get(\"/{user_id}\", response_model=UserPublic)\ndef read_user_by_id(\n user_id: uuid.UUID, session: SessionDep, current_user: CurrentUser\n) -> Any:\n \"\"\"\n Get a specific user by id.\n \"\"\"\n user = session.get(User, user_id)\n if user == current_user:\n return user\n if not current_user.is_superuser:\n raise HTTPException(\n status_code=403,\n detail=\"The user doesn't have enough privileges\",\n )\n if user is None:\n raise HTTPException(status_code=404, detail=\"User not found\")\n return user\n\n\n@router.patch(\n \"/{user_id}\",\n dependencies=[Depends(get_current_active_superuser)],\n response_model=UserPublic,\n)\ndef update_user(\n *,\n session: SessionDep,\n user_id: uuid.UUID,\n user_in: UserUpdate,\n) -> Any:\n \"\"\"\n Update a user.\n \"\"\"\n\n db_user = session.get(User, user_id)\n if not db_user:\n raise HTTPException(\n status_code=404,\n detail=\"The user with this id does not exist in the system\",\n )\n if user_in.email:\n existing_user = crud.get_user_by_email(session=session, email=user_in.email)\n if existing_user and existing_user.id != user_id:\n raise HTTPException(\n status_code=409, detail=\"User with this email already exists\"\n )\n\n db_user = crud.update_user(session=session, db_user=db_user, user_in=user_in)\n return db_user\n\n\n@router.delete(\"/{user_id}\", dependencies=[Depends(get_current_active_superuser)])\ndef delete_user(\n session: SessionDep, current_user: CurrentUser, user_id: uuid.UUID\n) -> Message:\n \"\"\"\n Delete a user.\n \"\"\"\n user = session.get(User, user_id)\n if not user:\n raise HTTPException(status_code=404, detail=\"User not found\")\n if user == current_user:\n raise HTTPException(\n status_code=403, detail=\"Super users are not allowed to delete themselves\"\n )\n statement = delete(Item).where(col(Item.owner_id) == user_id)\n session.exec(statement)\n session.delete(user)\n session.commit()\n return Message(message=\"User deleted successfully\")\n" }, { "path": "backend/app/api/routes/utils.py", "content": "from fastapi import APIRouter, Depends\nfrom pydantic.networks import EmailStr\n\nfrom app.api.deps import get_current_active_superuser\nfrom app.models import Message\nfrom app.utils import generate_test_email, send_email\n\nrouter = APIRouter(prefix=\"/utils\", tags=[\"utils\"])\n\n\n@router.post(\n \"/test-email/\",\n dependencies=[Depends(get_current_active_superuser)],\n status_code=201,\n)\ndef test_email(email_to: EmailStr) -> Message:\n \"\"\"\n Test emails.\n \"\"\"\n email_data = generate_test_email(email_to=email_to)\n send_email(\n email_to=email_to,\n subject=email_data.subject,\n html_content=email_data.html_content,\n )\n return Message(message=\"Test email sent\")\n\n\n@router.get(\"/health-check/\")\nasync def health_check() -> bool:\n return True\n" }, { "path": "backend/app/backend_pre_start.py", "content": "import logging\n\nfrom sqlalchemy import Engine\nfrom sqlmodel import Session, select\nfrom tenacity import after_log, before_log, retry, stop_after_attempt, wait_fixed\n\nfrom app.core.db import engine\n\nlogging.basicConfig(level=logging.INFO)\nlogger = logging.getLogger(__name__)\n\nmax_tries = 60 * 5 # 5 minutes\nwait_seconds = 1\n\n\n@retry(\n stop=stop_after_attempt(max_tries),\n wait=wait_fixed(wait_seconds),\n before=before_log(logger, logging.INFO),\n after=after_log(logger, logging.WARN),\n)\ndef init(db_engine: Engine) -> None:\n try:\n with Session(db_engine) as session:\n # Try to create session to check if DB is awake\n session.exec(select(1))\n except Exception as e:\n logger.error(e)\n raise e\n\n\ndef main() -> None:\n logger.info(\"Initializing service\")\n init(engine)\n logger.info(\"Service finished initializing\")\n\n\nif __name__ == \"__main__\":\n main()\n" }, { "path": "backend/app/core/__init__.py", "content": "" }, { "path": "backend/app/core/config.py", "content": "import secrets\nimport warnings\nfrom typing import Annotated, Any, Literal\n\nfrom pydantic import (\n AnyUrl,\n BeforeValidator,\n EmailStr,\n HttpUrl,\n PostgresDsn,\n computed_field,\n model_validator,\n)\nfrom pydantic_settings import BaseSettings, SettingsConfigDict\nfrom typing_extensions import Self\n\n\ndef parse_cors(v: Any) -> list[str] | str:\n if isinstance(v, str) and not v.startswith(\"[\"):\n return [i.strip() for i in v.split(\",\") if i.strip()]\n elif isinstance(v, list | str):\n return v\n raise ValueError(v)\n\n\nclass Settings(BaseSettings):\n model_config = SettingsConfigDict(\n # Use top level .env file (one level above ./backend/)\n env_file=\"../.env\",\n env_ignore_empty=True,\n extra=\"ignore\",\n )\n API_V1_STR: str = \"/api/v1\"\n SECRET_KEY: str = secrets.token_urlsafe(32)\n # 60 minutes * 24 hours * 8 days = 8 days\n ACCESS_TOKEN_EXPIRE_MINUTES: int = 60 * 24 * 8\n FRONTEND_HOST: str = \"http://localhost:5173\"\n ENVIRONMENT: Literal[\"local\", \"staging\", \"production\"] = \"local\"\n\n BACKEND_CORS_ORIGINS: Annotated[\n list[AnyUrl] | str, BeforeValidator(parse_cors)\n ] = []\n\n @computed_field # type: ignore[prop-decorator]\n @property\n def all_cors_origins(self) -> list[str]:\n return [str(origin).rstrip(\"/\") for origin in self.BACKEND_CORS_ORIGINS] + [\n self.FRONTEND_HOST\n ]\n\n PROJECT_NAME: str\n SENTRY_DSN: HttpUrl | None = None\n POSTGRES_SERVER: str\n POSTGRES_PORT: int = 5432\n POSTGRES_USER: str\n POSTGRES_PASSWORD: str = \"\"\n POSTGRES_DB: str = \"\"\n\n @computed_field # type: ignore[prop-decorator]\n @property\n def SQLALCHEMY_DATABASE_URI(self) -> PostgresDsn:\n return PostgresDsn.build(\n scheme=\"postgresql+psycopg\",\n username=self.POSTGRES_USER,\n password=self.POSTGRES_PASSWORD,\n host=self.POSTGRES_SERVER,\n port=self.POSTGRES_PORT,\n path=self.POSTGRES_DB,\n )\n\n SMTP_TLS: bool = True\n SMTP_SSL: bool = False\n SMTP_PORT: int = 587\n SMTP_HOST: str | None = None\n SMTP_USER: str | None = None\n SMTP_PASSWORD: str | None = None\n EMAILS_FROM_EMAIL: EmailStr | None = None\n EMAILS_FROM_NAME: str | None = None\n\n @model_validator(mode=\"after\")\n def _set_default_emails_from(self) -> Self:\n if not self.EMAILS_FROM_NAME:\n self.EMAILS_FROM_NAME = self.PROJECT_NAME\n return self\n\n EMAIL_RESET_TOKEN_EXPIRE_HOURS: int = 48\n\n @computed_field # type: ignore[prop-decorator]\n @property\n def emails_enabled(self) -> bool:\n return bool(self.SMTP_HOST and self.EMAILS_FROM_EMAIL)\n\n EMAIL_TEST_USER: EmailStr = \"test@example.com\"\n FIRST_SUPERUSER: EmailStr\n FIRST_SUPERUSER_PASSWORD: str\n\n def _check_default_secret(self, var_name: str, value: str | None) -> None:\n if value == \"changethis\":\n message = (\n f'The value of {var_name} is \"changethis\", '\n \"for security, please change it, at least for deployments.\"\n )\n if self.ENVIRONMENT == \"local\":\n warnings.warn(message, stacklevel=1)\n else:\n raise ValueError(message)\n\n @model_validator(mode=\"after\")\n def _enforce_non_default_secrets(self) -> Self:\n self._check_default_secret(\"SECRET_KEY\", self.SECRET_KEY)\n self._check_default_secret(\"POSTGRES_PASSWORD\", self.POSTGRES_PASSWORD)\n self._check_default_secret(\n \"FIRST_SUPERUSER_PASSWORD\", self.FIRST_SUPERUSER_PASSWORD\n )\n\n return self\n\n\nsettings = Settings() # type: ignore\n" }, { "path": "backend/app/core/db.py", "content": "from sqlmodel import Session, create_engine, select\n\nfrom app import crud\nfrom app.core.config import settings\nfrom app.models import User, UserCreate\n\nengine = create_engine(str(settings.SQLALCHEMY_DATABASE_URI))\n\n\n# make sure all SQLModel models are imported (app.models) before initializing DB\n# otherwise, SQLModel might fail to initialize relationships properly\n# for more details: https://github.com/fastapi/full-stack-fastapi-template/issues/28\n\n\ndef init_db(session: Session) -> None:\n # Tables should be created with Alembic migrations\n # But if you don't want to use migrations, create\n # the tables un-commenting the next lines\n # from sqlmodel import SQLModel\n\n # This works because the models are already imported and registered from app.models\n # SQLModel.metadata.create_all(engine)\n\n user = session.exec(\n select(User).where(User.email == settings.FIRST_SUPERUSER)\n ).first()\n if not user:\n user_in = UserCreate(\n email=settings.FIRST_SUPERUSER,\n password=settings.FIRST_SUPERUSER_PASSWORD,\n is_superuser=True,\n )\n user = crud.create_user(session=session, user_create=user_in)\n" }, { "path": "backend/app/core/security.py", "content": "from datetime import datetime, timedelta, timezone\nfrom typing import Any\n\nimport jwt\nfrom pwdlib import PasswordHash\nfrom pwdlib.hashers.argon2 import Argon2Hasher\nfrom pwdlib.hashers.bcrypt import BcryptHasher\n\nfrom app.core.config import settings\n\npassword_hash = PasswordHash(\n (\n Argon2Hasher(),\n BcryptHasher(),\n )\n)\n\n\nALGORITHM = \"HS256\"\n\n\ndef create_access_token(subject: str | Any, expires_delta: timedelta) -> str:\n expire = datetime.now(timezone.utc) + expires_delta\n to_encode = {\"exp\": expire, \"sub\": str(subject)}\n encoded_jwt = jwt.encode(to_encode, settings.SECRET_KEY, algorithm=ALGORITHM)\n return encoded_jwt\n\n\ndef verify_password(\n plain_password: str, hashed_password: str\n) -> tuple[bool, str | None]:\n return password_hash.verify_and_update(plain_password, hashed_password)\n\n\ndef get_password_hash(password: str) -> str:\n return password_hash.hash(password)\n" }, { "path": "backend/app/crud.py", "content": "import uuid\nfrom typing import Any\n\nfrom sqlmodel import Session, select\n\nfrom app.core.security import get_password_hash, verify_password\nfrom app.models import Item, ItemCreate, User, UserCreate, UserUpdate\n\n\ndef create_user(*, session: Session, user_create: UserCreate) -> User:\n db_obj = User.model_validate(\n user_create, update={\"hashed_password\": get_password_hash(user_create.password)}\n )\n session.add(db_obj)\n session.commit()\n session.refresh(db_obj)\n return db_obj\n\n\ndef update_user(*, session: Session, db_user: User, user_in: UserUpdate) -> Any:\n user_data = user_in.model_dump(exclude_unset=True)\n extra_data = {}\n if \"password\" in user_data:\n password = user_data[\"password\"]\n hashed_password = get_password_hash(password)\n extra_data[\"hashed_password\"] = hashed_password\n db_user.sqlmodel_update(user_data, update=extra_data)\n session.add(db_user)\n session.commit()\n session.refresh(db_user)\n return db_user\n\n\ndef get_user_by_email(*, session: Session, email: str) -> User | None:\n statement = select(User).where(User.email == email)\n session_user = session.exec(statement).first()\n return session_user\n\n\n# Dummy hash to use for timing attack prevention when user is not found\n# This is an Argon2 hash of a random password, used to ensure constant-time comparison\nDUMMY_HASH = \"$argon2id$v=19$m=65536,t=3,p=4$MjQyZWE1MzBjYjJlZTI0Yw$YTU4NGM5ZTZmYjE2NzZlZjY0ZWY3ZGRkY2U2OWFjNjk\"\n\n\ndef authenticate(*, session: Session, email: str, password: str) -> User | None:\n db_user = get_user_by_email(session=session, email=email)\n if not db_user:\n # Prevent timing attacks by running password verification even when user doesn't exist\n # This ensures the response time is similar whether or not the email exists\n verify_password(password, DUMMY_HASH)\n return None\n verified, updated_password_hash = verify_password(password, db_user.hashed_password)\n if not verified:\n return None\n if updated_password_hash:\n db_user.hashed_password = updated_password_hash\n session.add(db_user)\n session.commit()\n session.refresh(db_user)\n return db_user\n\n\ndef create_item(*, session: Session, item_in: ItemCreate, owner_id: uuid.UUID) -> Item:\n db_item = Item.model_validate(item_in, update={\"owner_id\": owner_id})\n session.add(db_item)\n session.commit()\n session.refresh(db_item)\n return db_item\n" }, { "path": "backend/app/email-templates/build/new_account.html", "content": "
{{ project_name }} - New Account
Welcome to your new account!
Here are your account details:
Username: {{ username }}
Password: {{ password }}
Go to Dashboard

" }, { "path": "backend/app/email-templates/build/reset_password.html", "content": "
{{ project_name }} - Password Recovery
Hello {{ username }}
We've received a request to reset your password. You can do it by clicking the button below:
Reset password
Or copy and paste the following link into your browser:
This password will expire in {{ valid_hours }} hours.

If you didn't request a password recovery you can disregard this email.
" }, { "path": "backend/app/email-templates/build/test_email.html", "content": "
{{ project_name }}
Test email for: {{ email }}

" }, { "path": "backend/app/email-templates/src/new_account.mjml", "content": "\n \n \n \n {{ project_name }} - New Account\n Welcome to your new account!\n Here are your account details:\n Username: {{ username }}\n Password: {{ password }}\n Go to Dashboard\n \n \n \n \n\n" }, { "path": "backend/app/email-templates/src/reset_password.mjml", "content": "\n \n \n \n {{ project_name }} - Password Recovery\n Hello {{ username }}\n We've received a request to reset your password. You can do it by clicking the button below:\n Reset password\n Or copy and paste the following link into your browser:\n {{ link }}\n This password will expire in {{ valid_hours }} hours.\n \n If you didn't request a password recovery you can disregard this email.\n \n \n \n\n" }, { "path": "backend/app/email-templates/src/test_email.mjml", "content": "\n \n \n \n {{ project_name }}\n Test email for: {{ email }}\n \n \n \n \n\n" }, { "path": "backend/app/initial_data.py", "content": "import logging\n\nfrom sqlmodel import Session\n\nfrom app.core.db import engine, init_db\n\nlogging.basicConfig(level=logging.INFO)\nlogger = logging.getLogger(__name__)\n\n\ndef init() -> None:\n with Session(engine) as session:\n init_db(session)\n\n\ndef main() -> None:\n logger.info(\"Creating initial data\")\n init()\n logger.info(\"Initial data created\")\n\n\nif __name__ == \"__main__\":\n main()\n" }, { "path": "backend/app/main.py", "content": "import sentry_sdk\nfrom fastapi import FastAPI\nfrom fastapi.routing import APIRoute\nfrom starlette.middleware.cors import CORSMiddleware\n\nfrom app.api.main import api_router\nfrom app.core.config import settings\n\n\ndef custom_generate_unique_id(route: APIRoute) -> str:\n return f\"{route.tags[0]}-{route.name}\"\n\n\nif settings.SENTRY_DSN and settings.ENVIRONMENT != \"local\":\n sentry_sdk.init(dsn=str(settings.SENTRY_DSN), enable_tracing=True)\n\napp = FastAPI(\n title=settings.PROJECT_NAME,\n openapi_url=f\"{settings.API_V1_STR}/openapi.json\",\n generate_unique_id_function=custom_generate_unique_id,\n)\n\n# Set all CORS enabled origins\nif settings.all_cors_origins:\n app.add_middleware(\n CORSMiddleware,\n allow_origins=settings.all_cors_origins,\n allow_credentials=True,\n allow_methods=[\"*\"],\n allow_headers=[\"*\"],\n )\n\napp.include_router(api_router, prefix=settings.API_V1_STR)\n" }, { "path": "backend/app/models.py", "content": "import uuid\nfrom datetime import datetime, timezone\n\nfrom pydantic import EmailStr\nfrom sqlalchemy import DateTime\nfrom sqlmodel import Field, Relationship, SQLModel\n\n\ndef get_datetime_utc() -> datetime:\n return datetime.now(timezone.utc)\n\n\n# Shared properties\nclass UserBase(SQLModel):\n email: EmailStr = Field(unique=True, index=True, max_length=255)\n is_active: bool = True\n is_superuser: bool = False\n full_name: str | None = Field(default=None, max_length=255)\n\n\n# Properties to receive via API on creation\nclass UserCreate(UserBase):\n password: str = Field(min_length=8, max_length=128)\n\n\nclass UserRegister(SQLModel):\n email: EmailStr = Field(max_length=255)\n password: str = Field(min_length=8, max_length=128)\n full_name: str | None = Field(default=None, max_length=255)\n\n\n# Properties to receive via API on update, all are optional\nclass UserUpdate(UserBase):\n email: EmailStr | None = Field(default=None, max_length=255) # type: ignore\n password: str | None = Field(default=None, min_length=8, max_length=128)\n\n\nclass UserUpdateMe(SQLModel):\n full_name: str | None = Field(default=None, max_length=255)\n email: EmailStr | None = Field(default=None, max_length=255)\n\n\nclass UpdatePassword(SQLModel):\n current_password: str = Field(min_length=8, max_length=128)\n new_password: str = Field(min_length=8, max_length=128)\n\n\n# Database model, database table inferred from class name\nclass User(UserBase, table=True):\n id: uuid.UUID = Field(default_factory=uuid.uuid4, primary_key=True)\n hashed_password: str\n created_at: datetime | None = Field(\n default_factory=get_datetime_utc,\n sa_type=DateTime(timezone=True), # type: ignore\n )\n items: list[\"Item\"] = Relationship(back_populates=\"owner\", cascade_delete=True)\n\n\n# Properties to return via API, id is always required\nclass UserPublic(UserBase):\n id: uuid.UUID\n created_at: datetime | None = None\n\n\nclass UsersPublic(SQLModel):\n data: list[UserPublic]\n count: int\n\n\n# Shared properties\nclass ItemBase(SQLModel):\n title: str = Field(min_length=1, max_length=255)\n description: str | None = Field(default=None, max_length=255)\n\n\n# Properties to receive on item creation\nclass ItemCreate(ItemBase):\n pass\n\n\n# Properties to receive on item update\nclass ItemUpdate(ItemBase):\n title: str | None = Field(default=None, min_length=1, max_length=255) # type: ignore\n\n\n# Database model, database table inferred from class name\nclass Item(ItemBase, table=True):\n id: uuid.UUID = Field(default_factory=uuid.uuid4, primary_key=True)\n created_at: datetime | None = Field(\n default_factory=get_datetime_utc,\n sa_type=DateTime(timezone=True), # type: ignore\n )\n owner_id: uuid.UUID = Field(\n foreign_key=\"user.id\", nullable=False, ondelete=\"CASCADE\"\n )\n owner: User | None = Relationship(back_populates=\"items\")\n\n\n# Properties to return via API, id is always required\nclass ItemPublic(ItemBase):\n id: uuid.UUID\n owner_id: uuid.UUID\n created_at: datetime | None = None\n\n\nclass ItemsPublic(SQLModel):\n data: list[ItemPublic]\n count: int\n\n\n# Generic message\nclass Message(SQLModel):\n message: str\n\n\n# JSON payload containing access token\nclass Token(SQLModel):\n access_token: str\n token_type: str = \"bearer\"\n\n\n# Contents of JWT token\nclass TokenPayload(SQLModel):\n sub: str | None = None\n\n\nclass NewPassword(SQLModel):\n token: str\n new_password: str = Field(min_length=8, max_length=128)\n" }, { "path": "backend/app/tests_pre_start.py", "content": "import logging\n\nfrom sqlalchemy import Engine\nfrom sqlmodel import Session, select\nfrom tenacity import after_log, before_log, retry, stop_after_attempt, wait_fixed\n\nfrom app.core.db import engine\n\nlogging.basicConfig(level=logging.INFO)\nlogger = logging.getLogger(__name__)\n\nmax_tries = 60 * 5 # 5 minutes\nwait_seconds = 1\n\n\n@retry(\n stop=stop_after_attempt(max_tries),\n wait=wait_fixed(wait_seconds),\n before=before_log(logger, logging.INFO),\n after=after_log(logger, logging.WARN),\n)\ndef init(db_engine: Engine) -> None:\n try:\n # Try to create session to check if DB is awake\n with Session(db_engine) as session:\n session.exec(select(1))\n except Exception as e:\n logger.error(e)\n raise e\n\n\ndef main() -> None:\n logger.info(\"Initializing service\")\n init(engine)\n logger.info(\"Service finished initializing\")\n\n\nif __name__ == \"__main__\":\n main()\n" }, { "path": "backend/app/utils.py", "content": "import logging\nfrom dataclasses import dataclass\nfrom datetime import datetime, timedelta, timezone\nfrom pathlib import Path\nfrom typing import Any\n\nimport emails # type: ignore\nimport jwt\nfrom jinja2 import Template\nfrom jwt.exceptions import InvalidTokenError\n\nfrom app.core import security\nfrom app.core.config import settings\n\nlogging.basicConfig(level=logging.INFO)\nlogger = logging.getLogger(__name__)\n\n\n@dataclass\nclass EmailData:\n html_content: str\n subject: str\n\n\ndef render_email_template(*, template_name: str, context: dict[str, Any]) -> str:\n template_str = (\n Path(__file__).parent / \"email-templates\" / \"build\" / template_name\n ).read_text()\n html_content = Template(template_str).render(context)\n return html_content\n\n\ndef send_email(\n *,\n email_to: str,\n subject: str = \"\",\n html_content: str = \"\",\n) -> None:\n assert settings.emails_enabled, \"no provided configuration for email variables\"\n message = emails.Message(\n subject=subject,\n html=html_content,\n mail_from=(settings.EMAILS_FROM_NAME, settings.EMAILS_FROM_EMAIL),\n )\n smtp_options = {\"host\": settings.SMTP_HOST, \"port\": settings.SMTP_PORT}\n if settings.SMTP_TLS:\n smtp_options[\"tls\"] = True\n elif settings.SMTP_SSL:\n smtp_options[\"ssl\"] = True\n if settings.SMTP_USER:\n smtp_options[\"user\"] = settings.SMTP_USER\n if settings.SMTP_PASSWORD:\n smtp_options[\"password\"] = settings.SMTP_PASSWORD\n response = message.send(to=email_to, smtp=smtp_options)\n logger.info(f\"send email result: {response}\")\n\n\ndef generate_test_email(email_to: str) -> EmailData:\n project_name = settings.PROJECT_NAME\n subject = f\"{project_name} - Test email\"\n html_content = render_email_template(\n template_name=\"test_email.html\",\n context={\"project_name\": settings.PROJECT_NAME, \"email\": email_to},\n )\n return EmailData(html_content=html_content, subject=subject)\n\n\ndef generate_reset_password_email(email_to: str, email: str, token: str) -> EmailData:\n project_name = settings.PROJECT_NAME\n subject = f\"{project_name} - Password recovery for user {email}\"\n link = f\"{settings.FRONTEND_HOST}/reset-password?token={token}\"\n html_content = render_email_template(\n template_name=\"reset_password.html\",\n context={\n \"project_name\": settings.PROJECT_NAME,\n \"username\": email,\n \"email\": email_to,\n \"valid_hours\": settings.EMAIL_RESET_TOKEN_EXPIRE_HOURS,\n \"link\": link,\n },\n )\n return EmailData(html_content=html_content, subject=subject)\n\n\ndef generate_new_account_email(\n email_to: str, username: str, password: str\n) -> EmailData:\n project_name = settings.PROJECT_NAME\n subject = f\"{project_name} - New account for user {username}\"\n html_content = render_email_template(\n template_name=\"new_account.html\",\n context={\n \"project_name\": settings.PROJECT_NAME,\n \"username\": username,\n \"password\": password,\n \"email\": email_to,\n \"link\": settings.FRONTEND_HOST,\n },\n )\n return EmailData(html_content=html_content, subject=subject)\n\n\ndef generate_password_reset_token(email: str) -> str:\n delta = timedelta(hours=settings.EMAIL_RESET_TOKEN_EXPIRE_HOURS)\n now = datetime.now(timezone.utc)\n expires = now + delta\n exp = expires.timestamp()\n encoded_jwt = jwt.encode(\n {\"exp\": exp, \"nbf\": now, \"sub\": email},\n settings.SECRET_KEY,\n algorithm=security.ALGORITHM,\n )\n return encoded_jwt\n\n\ndef verify_password_reset_token(token: str) -> str | None:\n try:\n decoded_token = jwt.decode(\n token, settings.SECRET_KEY, algorithms=[security.ALGORITHM]\n )\n return str(decoded_token[\"sub\"])\n except InvalidTokenError:\n return None\n" }, { "path": "backend/pyproject.toml", "content": "[project]\nname = \"app\"\nversion = \"0.1.0\"\ndescription = \"\"\nrequires-python = \">=3.10,<4.0\"\ndependencies = [\n \"fastapi[standard]<1.0.0,>=0.114.2\",\n \"python-multipart<1.0.0,>=0.0.7\",\n \"email-validator<3.0.0.0,>=2.1.0.post1\",\n \"tenacity<9.0.0,>=8.2.3\",\n \"pydantic>2.0\",\n \"emails<1.0,>=0.6\",\n \"jinja2<4.0.0,>=3.1.4\",\n \"alembic<2.0.0,>=1.12.1\",\n \"httpx<1.0.0,>=0.25.1\",\n \"psycopg[binary]<4.0.0,>=3.1.13\",\n \"sqlmodel<1.0.0,>=0.0.21\",\n \"pydantic-settings<3.0.0,>=2.2.1\",\n \"sentry-sdk[fastapi]>=2.0.0,<3.0.0\",\n \"pyjwt<3.0.0,>=2.8.0\",\n \"pwdlib[argon2,bcrypt]>=0.3.0\",\n]\n\n[dependency-groups]\ndev = [\n \"pytest<8.0.0,>=7.4.3\",\n \"mypy<2.0.0,>=1.8.0\",\n \"ruff<1.0.0,>=0.2.2\",\n \"prek>=0.2.24,<1.0.0\",\n \"coverage<8.0.0,>=7.4.3\",\n]\n\n[build-system]\nrequires = [\"hatchling\"]\nbuild-backend = \"hatchling.build\"\n\n[tool.mypy]\nstrict = true\nexclude = [\"venv\", \".venv\", \"alembic\"]\n\n[tool.ruff]\ntarget-version = \"py310\"\nexclude = [\"alembic\"]\n\n[tool.ruff.lint]\nselect = [\n \"E\", # pycodestyle errors\n \"W\", # pycodestyle warnings\n \"F\", # pyflakes\n \"I\", # isort\n \"B\", # flake8-bugbear\n \"C4\", # flake8-comprehensions\n \"UP\", # pyupgrade\n \"ARG001\", # unused arguments in functions\n \"T201\", # print statements are not allowed\n]\nignore = [\n \"E501\", # line too long, handled by black\n \"B008\", # do not perform function calls in argument defaults\n \"W191\", # indentation contains tabs\n \"B904\", # Allow raising exceptions without from e, for HTTPException\n]\n\n[tool.ruff.lint.pyupgrade]\n# Preserve types, even if a file imports `from __future__ import annotations`.\nkeep-runtime-typing = true\n\n[tool.coverage.run]\nsource = [\"app\"]\ndynamic_context = \"test_function\"\n\n[tool.coverage.report]\nshow_missing = true\nsort = \"-Cover\"\n\n[tool.coverage.html]\nshow_contexts = true\n" }, { "path": "backend/scripts/format.sh", "content": "#!/bin/sh -e\nset -x\n\nruff check app scripts --fix\nruff format app scripts\n" }, { "path": "backend/scripts/lint.sh", "content": "#!/usr/bin/env bash\n\nset -e\nset -x\n\nmypy app\nruff check app\nruff format app --check\n" }, { "path": "backend/scripts/prestart.sh", "content": "#! /usr/bin/env bash\n\nset -e\nset -x\n\n# Let the DB start\npython app/backend_pre_start.py\n\n# Run migrations\nalembic upgrade head\n\n# Create initial data in DB\npython app/initial_data.py\n" }, { "path": "backend/scripts/test.sh", "content": "#!/usr/bin/env bash\n\nset -e\nset -x\n\ncoverage run -m pytest tests/\ncoverage report\ncoverage html --title \"${@-coverage}\"\n" }, { "path": "backend/scripts/tests-start.sh", "content": "#! /usr/bin/env bash\nset -e\nset -x\n\npython app/tests_pre_start.py\n\nbash scripts/test.sh \"$@\"\n" }, { "path": "backend/tests/__init__.py", "content": "" }, { "path": "backend/tests/api/__init__.py", "content": "" }, { "path": "backend/tests/api/routes/__init__.py", "content": "" }, { "path": "backend/tests/api/routes/test_items.py", "content": "import uuid\n\nfrom fastapi.testclient import TestClient\nfrom sqlmodel import Session\n\nfrom app.core.config import settings\nfrom tests.utils.item import create_random_item\n\n\ndef test_create_item(\n client: TestClient, superuser_token_headers: dict[str, str]\n) -> None:\n data = {\"title\": \"Foo\", \"description\": \"Fighters\"}\n response = client.post(\n f\"{settings.API_V1_STR}/items/\",\n headers=superuser_token_headers,\n json=data,\n )\n assert response.status_code == 200\n content = response.json()\n assert content[\"title\"] == data[\"title\"]\n assert content[\"description\"] == data[\"description\"]\n assert \"id\" in content\n assert \"owner_id\" in content\n\n\ndef test_read_item(\n client: TestClient, superuser_token_headers: dict[str, str], db: Session\n) -> None:\n item = create_random_item(db)\n response = client.get(\n f\"{settings.API_V1_STR}/items/{item.id}\",\n headers=superuser_token_headers,\n )\n assert response.status_code == 200\n content = response.json()\n assert content[\"title\"] == item.title\n assert content[\"description\"] == item.description\n assert content[\"id\"] == str(item.id)\n assert content[\"owner_id\"] == str(item.owner_id)\n\n\ndef test_read_item_not_found(\n client: TestClient, superuser_token_headers: dict[str, str]\n) -> None:\n response = client.get(\n f\"{settings.API_V1_STR}/items/{uuid.uuid4()}\",\n headers=superuser_token_headers,\n )\n assert response.status_code == 404\n content = response.json()\n assert content[\"detail\"] == \"Item not found\"\n\n\ndef test_read_item_not_enough_permissions(\n client: TestClient, normal_user_token_headers: dict[str, str], db: Session\n) -> None:\n item = create_random_item(db)\n response = client.get(\n f\"{settings.API_V1_STR}/items/{item.id}\",\n headers=normal_user_token_headers,\n )\n assert response.status_code == 403\n content = response.json()\n assert content[\"detail\"] == \"Not enough permissions\"\n\n\ndef test_read_items(\n client: TestClient, superuser_token_headers: dict[str, str], db: Session\n) -> None:\n create_random_item(db)\n create_random_item(db)\n response = client.get(\n f\"{settings.API_V1_STR}/items/\",\n headers=superuser_token_headers,\n )\n assert response.status_code == 200\n content = response.json()\n assert len(content[\"data\"]) >= 2\n\n\ndef test_update_item(\n client: TestClient, superuser_token_headers: dict[str, str], db: Session\n) -> None:\n item = create_random_item(db)\n data = {\"title\": \"Updated title\", \"description\": \"Updated description\"}\n response = client.put(\n f\"{settings.API_V1_STR}/items/{item.id}\",\n headers=superuser_token_headers,\n json=data,\n )\n assert response.status_code == 200\n content = response.json()\n assert content[\"title\"] == data[\"title\"]\n assert content[\"description\"] == data[\"description\"]\n assert content[\"id\"] == str(item.id)\n assert content[\"owner_id\"] == str(item.owner_id)\n\n\ndef test_update_item_not_found(\n client: TestClient, superuser_token_headers: dict[str, str]\n) -> None:\n data = {\"title\": \"Updated title\", \"description\": \"Updated description\"}\n response = client.put(\n f\"{settings.API_V1_STR}/items/{uuid.uuid4()}\",\n headers=superuser_token_headers,\n json=data,\n )\n assert response.status_code == 404\n content = response.json()\n assert content[\"detail\"] == \"Item not found\"\n\n\ndef test_update_item_not_enough_permissions(\n client: TestClient, normal_user_token_headers: dict[str, str], db: Session\n) -> None:\n item = create_random_item(db)\n data = {\"title\": \"Updated title\", \"description\": \"Updated description\"}\n response = client.put(\n f\"{settings.API_V1_STR}/items/{item.id}\",\n headers=normal_user_token_headers,\n json=data,\n )\n assert response.status_code == 403\n content = response.json()\n assert content[\"detail\"] == \"Not enough permissions\"\n\n\ndef test_delete_item(\n client: TestClient, superuser_token_headers: dict[str, str], db: Session\n) -> None:\n item = create_random_item(db)\n response = client.delete(\n f\"{settings.API_V1_STR}/items/{item.id}\",\n headers=superuser_token_headers,\n )\n assert response.status_code == 200\n content = response.json()\n assert content[\"message\"] == \"Item deleted successfully\"\n\n\ndef test_delete_item_not_found(\n client: TestClient, superuser_token_headers: dict[str, str]\n) -> None:\n response = client.delete(\n f\"{settings.API_V1_STR}/items/{uuid.uuid4()}\",\n headers=superuser_token_headers,\n )\n assert response.status_code == 404\n content = response.json()\n assert content[\"detail\"] == \"Item not found\"\n\n\ndef test_delete_item_not_enough_permissions(\n client: TestClient, normal_user_token_headers: dict[str, str], db: Session\n) -> None:\n item = create_random_item(db)\n response = client.delete(\n f\"{settings.API_V1_STR}/items/{item.id}\",\n headers=normal_user_token_headers,\n )\n assert response.status_code == 403\n content = response.json()\n assert content[\"detail\"] == \"Not enough permissions\"\n" }, { "path": "backend/tests/api/routes/test_login.py", "content": "from unittest.mock import patch\n\nfrom fastapi.testclient import TestClient\nfrom pwdlib.hashers.bcrypt import BcryptHasher\nfrom sqlmodel import Session\n\nfrom app.core.config import settings\nfrom app.core.security import get_password_hash, verify_password\nfrom app.crud import create_user\nfrom app.models import User, UserCreate\nfrom app.utils import generate_password_reset_token\nfrom tests.utils.user import user_authentication_headers\nfrom tests.utils.utils import random_email, random_lower_string\n\n\ndef test_get_access_token(client: TestClient) -> None:\n login_data = {\n \"username\": settings.FIRST_SUPERUSER,\n \"password\": settings.FIRST_SUPERUSER_PASSWORD,\n }\n r = client.post(f\"{settings.API_V1_STR}/login/access-token\", data=login_data)\n tokens = r.json()\n assert r.status_code == 200\n assert \"access_token\" in tokens\n assert tokens[\"access_token\"]\n\n\ndef test_get_access_token_incorrect_password(client: TestClient) -> None:\n login_data = {\n \"username\": settings.FIRST_SUPERUSER,\n \"password\": \"incorrect\",\n }\n r = client.post(f\"{settings.API_V1_STR}/login/access-token\", data=login_data)\n assert r.status_code == 400\n\n\ndef test_use_access_token(\n client: TestClient, superuser_token_headers: dict[str, str]\n) -> None:\n r = client.post(\n f\"{settings.API_V1_STR}/login/test-token\",\n headers=superuser_token_headers,\n )\n result = r.json()\n assert r.status_code == 200\n assert \"email\" in result\n\n\ndef test_recovery_password(\n client: TestClient, normal_user_token_headers: dict[str, str]\n) -> None:\n with (\n patch(\"app.core.config.settings.SMTP_HOST\", \"smtp.example.com\"),\n patch(\"app.core.config.settings.SMTP_USER\", \"admin@example.com\"),\n ):\n email = \"test@example.com\"\n r = client.post(\n f\"{settings.API_V1_STR}/password-recovery/{email}\",\n headers=normal_user_token_headers,\n )\n assert r.status_code == 200\n assert r.json() == {\n \"message\": \"If that email is registered, we sent a password recovery link\"\n }\n\n\ndef test_recovery_password_user_not_exits(\n client: TestClient, normal_user_token_headers: dict[str, str]\n) -> None:\n email = \"jVgQr@example.com\"\n r = client.post(\n f\"{settings.API_V1_STR}/password-recovery/{email}\",\n headers=normal_user_token_headers,\n )\n # Should return 200 with generic message to prevent email enumeration attacks\n assert r.status_code == 200\n assert r.json() == {\n \"message\": \"If that email is registered, we sent a password recovery link\"\n }\n\n\ndef test_reset_password(client: TestClient, db: Session) -> None:\n email = random_email()\n password = random_lower_string()\n new_password = random_lower_string()\n\n user_create = UserCreate(\n email=email,\n full_name=\"Test User\",\n password=password,\n is_active=True,\n is_superuser=False,\n )\n user = create_user(session=db, user_create=user_create)\n token = generate_password_reset_token(email=email)\n headers = user_authentication_headers(client=client, email=email, password=password)\n data = {\"new_password\": new_password, \"token\": token}\n\n r = client.post(\n f\"{settings.API_V1_STR}/reset-password/\",\n headers=headers,\n json=data,\n )\n\n assert r.status_code == 200\n assert r.json() == {\"message\": \"Password updated successfully\"}\n\n db.refresh(user)\n verified, _ = verify_password(new_password, user.hashed_password)\n assert verified\n\n\ndef test_reset_password_invalid_token(\n client: TestClient, superuser_token_headers: dict[str, str]\n) -> None:\n data = {\"new_password\": \"changethis\", \"token\": \"invalid\"}\n r = client.post(\n f\"{settings.API_V1_STR}/reset-password/\",\n headers=superuser_token_headers,\n json=data,\n )\n response = r.json()\n\n assert \"detail\" in response\n assert r.status_code == 400\n assert response[\"detail\"] == \"Invalid token\"\n\n\ndef test_login_with_bcrypt_password_upgrades_to_argon2(\n client: TestClient, db: Session\n) -> None:\n \"\"\"Test that logging in with a bcrypt password hash upgrades it to argon2.\"\"\"\n email = random_email()\n password = random_lower_string()\n\n # Create a bcrypt hash directly (simulating legacy password)\n bcrypt_hasher = BcryptHasher()\n bcrypt_hash = bcrypt_hasher.hash(password)\n assert bcrypt_hash.startswith(\"$2\") # bcrypt hashes start with $2\n\n user = User(email=email, hashed_password=bcrypt_hash, is_active=True)\n db.add(user)\n db.commit()\n db.refresh(user)\n\n assert user.hashed_password.startswith(\"$2\")\n\n login_data = {\"username\": email, \"password\": password}\n r = client.post(f\"{settings.API_V1_STR}/login/access-token\", data=login_data)\n assert r.status_code == 200\n tokens = r.json()\n assert \"access_token\" in tokens\n\n db.refresh(user)\n\n # Verify the hash was upgraded to argon2\n assert user.hashed_password.startswith(\"$argon2\")\n\n verified, updated_hash = verify_password(password, user.hashed_password)\n assert verified\n # Should not need another update since it's already argon2\n assert updated_hash is None\n\n\ndef test_login_with_argon2_password_keeps_hash(client: TestClient, db: Session) -> None:\n \"\"\"Test that logging in with an argon2 password hash does not update it.\"\"\"\n email = random_email()\n password = random_lower_string()\n\n # Create an argon2 hash (current default)\n argon2_hash = get_password_hash(password)\n assert argon2_hash.startswith(\"$argon2\")\n\n # Create user with argon2 hash\n user = User(email=email, hashed_password=argon2_hash, is_active=True)\n db.add(user)\n db.commit()\n db.refresh(user)\n\n original_hash = user.hashed_password\n\n login_data = {\"username\": email, \"password\": password}\n r = client.post(f\"{settings.API_V1_STR}/login/access-token\", data=login_data)\n assert r.status_code == 200\n tokens = r.json()\n assert \"access_token\" in tokens\n\n db.refresh(user)\n\n assert user.hashed_password == original_hash\n assert user.hashed_password.startswith(\"$argon2\")\n" }, { "path": "backend/tests/api/routes/test_private.py", "content": "from fastapi.testclient import TestClient\nfrom sqlmodel import Session, select\n\nfrom app.core.config import settings\nfrom app.models import User\n\n\ndef test_create_user(client: TestClient, db: Session) -> None:\n r = client.post(\n f\"{settings.API_V1_STR}/private/users/\",\n json={\n \"email\": \"pollo@listo.com\",\n \"password\": \"password123\",\n \"full_name\": \"Pollo Listo\",\n },\n )\n\n assert r.status_code == 200\n\n data = r.json()\n\n user = db.exec(select(User).where(User.id == data[\"id\"])).first()\n\n assert user\n assert user.email == \"pollo@listo.com\"\n assert user.full_name == \"Pollo Listo\"\n" }, { "path": "backend/tests/api/routes/test_users.py", "content": "import uuid\nfrom unittest.mock import patch\n\nfrom fastapi.testclient import TestClient\nfrom sqlmodel import Session, select\n\nfrom app import crud\nfrom app.core.config import settings\nfrom app.core.security import verify_password\nfrom app.models import User, UserCreate\nfrom tests.utils.user import create_random_user\nfrom tests.utils.utils import random_email, random_lower_string\n\n\ndef test_get_users_superuser_me(\n client: TestClient, superuser_token_headers: dict[str, str]\n) -> None:\n r = client.get(f\"{settings.API_V1_STR}/users/me\", headers=superuser_token_headers)\n current_user = r.json()\n assert current_user\n assert current_user[\"is_active\"] is True\n assert current_user[\"is_superuser\"]\n assert current_user[\"email\"] == settings.FIRST_SUPERUSER\n\n\ndef test_get_users_normal_user_me(\n client: TestClient, normal_user_token_headers: dict[str, str]\n) -> None:\n r = client.get(f\"{settings.API_V1_STR}/users/me\", headers=normal_user_token_headers)\n current_user = r.json()\n assert current_user\n assert current_user[\"is_active\"] is True\n assert current_user[\"is_superuser\"] is False\n assert current_user[\"email\"] == settings.EMAIL_TEST_USER\n\n\ndef test_create_user_new_email(\n client: TestClient, superuser_token_headers: dict[str, str], db: Session\n) -> None:\n with (\n patch(\"app.utils.send_email\", return_value=None),\n patch(\"app.core.config.settings.SMTP_HOST\", \"smtp.example.com\"),\n patch(\"app.core.config.settings.SMTP_USER\", \"admin@example.com\"),\n ):\n username = random_email()\n password = random_lower_string()\n data = {\"email\": username, \"password\": password}\n r = client.post(\n f\"{settings.API_V1_STR}/users/\",\n headers=superuser_token_headers,\n json=data,\n )\n assert 200 <= r.status_code < 300\n created_user = r.json()\n user = crud.get_user_by_email(session=db, email=username)\n assert user\n assert user.email == created_user[\"email\"]\n\n\ndef test_get_existing_user_as_superuser(\n client: TestClient, superuser_token_headers: dict[str, str], db: Session\n) -> None:\n username = random_email()\n password = random_lower_string()\n user_in = UserCreate(email=username, password=password)\n user = crud.create_user(session=db, user_create=user_in)\n user_id = user.id\n r = client.get(\n f\"{settings.API_V1_STR}/users/{user_id}\",\n headers=superuser_token_headers,\n )\n assert 200 <= r.status_code < 300\n api_user = r.json()\n existing_user = crud.get_user_by_email(session=db, email=username)\n assert existing_user\n assert existing_user.email == api_user[\"email\"]\n\n\ndef test_get_non_existing_user_as_superuser(\n client: TestClient, superuser_token_headers: dict[str, str]\n) -> None:\n r = client.get(\n f\"{settings.API_V1_STR}/users/{uuid.uuid4()}\",\n headers=superuser_token_headers,\n )\n assert r.status_code == 404\n assert r.json() == {\"detail\": \"User not found\"}\n\n\ndef test_get_existing_user_current_user(client: TestClient, db: Session) -> None:\n username = random_email()\n password = random_lower_string()\n user_in = UserCreate(email=username, password=password)\n user = crud.create_user(session=db, user_create=user_in)\n user_id = user.id\n\n login_data = {\n \"username\": username,\n \"password\": password,\n }\n r = client.post(f\"{settings.API_V1_STR}/login/access-token\", data=login_data)\n tokens = r.json()\n a_token = tokens[\"access_token\"]\n headers = {\"Authorization\": f\"Bearer {a_token}\"}\n\n r = client.get(\n f\"{settings.API_V1_STR}/users/{user_id}\",\n headers=headers,\n )\n assert 200 <= r.status_code < 300\n api_user = r.json()\n existing_user = crud.get_user_by_email(session=db, email=username)\n assert existing_user\n assert existing_user.email == api_user[\"email\"]\n\n\ndef test_get_existing_user_permissions_error(\n db: Session,\n client: TestClient,\n normal_user_token_headers: dict[str, str],\n) -> None:\n user = create_random_user(db)\n\n r = client.get(\n f\"{settings.API_V1_STR}/users/{user.id}\",\n headers=normal_user_token_headers,\n )\n assert r.status_code == 403\n assert r.json() == {\"detail\": \"The user doesn't have enough privileges\"}\n\n\ndef test_get_non_existing_user_permissions_error(\n client: TestClient,\n normal_user_token_headers: dict[str, str],\n) -> None:\n user_id = uuid.uuid4()\n\n r = client.get(\n f\"{settings.API_V1_STR}/users/{user_id}\",\n headers=normal_user_token_headers,\n )\n assert r.status_code == 403\n assert r.json() == {\"detail\": \"The user doesn't have enough privileges\"}\n\n\ndef test_create_user_existing_username(\n client: TestClient, superuser_token_headers: dict[str, str], db: Session\n) -> None:\n username = random_email()\n # username = email\n password = random_lower_string()\n user_in = UserCreate(email=username, password=password)\n crud.create_user(session=db, user_create=user_in)\n data = {\"email\": username, \"password\": password}\n r = client.post(\n f\"{settings.API_V1_STR}/users/\",\n headers=superuser_token_headers,\n json=data,\n )\n created_user = r.json()\n assert r.status_code == 400\n assert \"_id\" not in created_user\n\n\ndef test_create_user_by_normal_user(\n client: TestClient, normal_user_token_headers: dict[str, str]\n) -> None:\n username = random_email()\n password = random_lower_string()\n data = {\"email\": username, \"password\": password}\n r = client.post(\n f\"{settings.API_V1_STR}/users/\",\n headers=normal_user_token_headers,\n json=data,\n )\n assert r.status_code == 403\n\n\ndef test_retrieve_users(\n client: TestClient, superuser_token_headers: dict[str, str], db: Session\n) -> None:\n username = random_email()\n password = random_lower_string()\n user_in = UserCreate(email=username, password=password)\n crud.create_user(session=db, user_create=user_in)\n\n username2 = random_email()\n password2 = random_lower_string()\n user_in2 = UserCreate(email=username2, password=password2)\n crud.create_user(session=db, user_create=user_in2)\n\n r = client.get(f\"{settings.API_V1_STR}/users/\", headers=superuser_token_headers)\n all_users = r.json()\n\n assert len(all_users[\"data\"]) > 1\n assert \"count\" in all_users\n for item in all_users[\"data\"]:\n assert \"email\" in item\n\n\ndef test_update_user_me(\n client: TestClient, normal_user_token_headers: dict[str, str], db: Session\n) -> None:\n full_name = \"Updated Name\"\n email = random_email()\n data = {\"full_name\": full_name, \"email\": email}\n r = client.patch(\n f\"{settings.API_V1_STR}/users/me\",\n headers=normal_user_token_headers,\n json=data,\n )\n assert r.status_code == 200\n updated_user = r.json()\n assert updated_user[\"email\"] == email\n assert updated_user[\"full_name\"] == full_name\n\n user_query = select(User).where(User.email == email)\n user_db = db.exec(user_query).first()\n assert user_db\n assert user_db.email == email\n assert user_db.full_name == full_name\n\n\ndef test_update_password_me(\n client: TestClient, superuser_token_headers: dict[str, str], db: Session\n) -> None:\n new_password = random_lower_string()\n data = {\n \"current_password\": settings.FIRST_SUPERUSER_PASSWORD,\n \"new_password\": new_password,\n }\n r = client.patch(\n f\"{settings.API_V1_STR}/users/me/password\",\n headers=superuser_token_headers,\n json=data,\n )\n assert r.status_code == 200\n updated_user = r.json()\n assert updated_user[\"message\"] == \"Password updated successfully\"\n\n user_query = select(User).where(User.email == settings.FIRST_SUPERUSER)\n user_db = db.exec(user_query).first()\n assert user_db\n assert user_db.email == settings.FIRST_SUPERUSER\n verified, _ = verify_password(new_password, user_db.hashed_password)\n assert verified\n\n # Revert to the old password to keep consistency in test\n old_data = {\n \"current_password\": new_password,\n \"new_password\": settings.FIRST_SUPERUSER_PASSWORD,\n }\n r = client.patch(\n f\"{settings.API_V1_STR}/users/me/password\",\n headers=superuser_token_headers,\n json=old_data,\n )\n db.refresh(user_db)\n\n assert r.status_code == 200\n verified, _ = verify_password(\n settings.FIRST_SUPERUSER_PASSWORD, user_db.hashed_password\n )\n assert verified\n\n\ndef test_update_password_me_incorrect_password(\n client: TestClient, superuser_token_headers: dict[str, str]\n) -> None:\n new_password = random_lower_string()\n data = {\"current_password\": new_password, \"new_password\": new_password}\n r = client.patch(\n f\"{settings.API_V1_STR}/users/me/password\",\n headers=superuser_token_headers,\n json=data,\n )\n assert r.status_code == 400\n updated_user = r.json()\n assert updated_user[\"detail\"] == \"Incorrect password\"\n\n\ndef test_update_user_me_email_exists(\n client: TestClient, normal_user_token_headers: dict[str, str], db: Session\n) -> None:\n username = random_email()\n password = random_lower_string()\n user_in = UserCreate(email=username, password=password)\n user = crud.create_user(session=db, user_create=user_in)\n\n data = {\"email\": user.email}\n r = client.patch(\n f\"{settings.API_V1_STR}/users/me\",\n headers=normal_user_token_headers,\n json=data,\n )\n assert r.status_code == 409\n assert r.json()[\"detail\"] == \"User with this email already exists\"\n\n\ndef test_update_password_me_same_password_error(\n client: TestClient, superuser_token_headers: dict[str, str]\n) -> None:\n data = {\n \"current_password\": settings.FIRST_SUPERUSER_PASSWORD,\n \"new_password\": settings.FIRST_SUPERUSER_PASSWORD,\n }\n r = client.patch(\n f\"{settings.API_V1_STR}/users/me/password\",\n headers=superuser_token_headers,\n json=data,\n )\n assert r.status_code == 400\n updated_user = r.json()\n assert (\n updated_user[\"detail\"] == \"New password cannot be the same as the current one\"\n )\n\n\ndef test_register_user(client: TestClient, db: Session) -> None:\n username = random_email()\n password = random_lower_string()\n full_name = random_lower_string()\n data = {\"email\": username, \"password\": password, \"full_name\": full_name}\n r = client.post(\n f\"{settings.API_V1_STR}/users/signup\",\n json=data,\n )\n assert r.status_code == 200\n created_user = r.json()\n assert created_user[\"email\"] == username\n assert created_user[\"full_name\"] == full_name\n\n user_query = select(User).where(User.email == username)\n user_db = db.exec(user_query).first()\n assert user_db\n assert user_db.email == username\n assert user_db.full_name == full_name\n verified, _ = verify_password(password, user_db.hashed_password)\n assert verified\n\n\ndef test_register_user_already_exists_error(client: TestClient) -> None:\n password = random_lower_string()\n full_name = random_lower_string()\n data = {\n \"email\": settings.FIRST_SUPERUSER,\n \"password\": password,\n \"full_name\": full_name,\n }\n r = client.post(\n f\"{settings.API_V1_STR}/users/signup\",\n json=data,\n )\n assert r.status_code == 400\n assert r.json()[\"detail\"] == \"The user with this email already exists in the system\"\n\n\ndef test_update_user(\n client: TestClient, superuser_token_headers: dict[str, str], db: Session\n) -> None:\n username = random_email()\n password = random_lower_string()\n user_in = UserCreate(email=username, password=password)\n user = crud.create_user(session=db, user_create=user_in)\n\n data = {\"full_name\": \"Updated_full_name\"}\n r = client.patch(\n f\"{settings.API_V1_STR}/users/{user.id}\",\n headers=superuser_token_headers,\n json=data,\n )\n assert r.status_code == 200\n updated_user = r.json()\n\n assert updated_user[\"full_name\"] == \"Updated_full_name\"\n\n user_query = select(User).where(User.email == username)\n user_db = db.exec(user_query).first()\n db.refresh(user_db)\n assert user_db\n assert user_db.full_name == \"Updated_full_name\"\n\n\ndef test_update_user_not_exists(\n client: TestClient, superuser_token_headers: dict[str, str]\n) -> None:\n data = {\"full_name\": \"Updated_full_name\"}\n r = client.patch(\n f\"{settings.API_V1_STR}/users/{uuid.uuid4()}\",\n headers=superuser_token_headers,\n json=data,\n )\n assert r.status_code == 404\n assert r.json()[\"detail\"] == \"The user with this id does not exist in the system\"\n\n\ndef test_update_user_email_exists(\n client: TestClient, superuser_token_headers: dict[str, str], db: Session\n) -> None:\n username = random_email()\n password = random_lower_string()\n user_in = UserCreate(email=username, password=password)\n user = crud.create_user(session=db, user_create=user_in)\n\n username2 = random_email()\n password2 = random_lower_string()\n user_in2 = UserCreate(email=username2, password=password2)\n user2 = crud.create_user(session=db, user_create=user_in2)\n\n data = {\"email\": user2.email}\n r = client.patch(\n f\"{settings.API_V1_STR}/users/{user.id}\",\n headers=superuser_token_headers,\n json=data,\n )\n assert r.status_code == 409\n assert r.json()[\"detail\"] == \"User with this email already exists\"\n\n\ndef test_delete_user_me(client: TestClient, db: Session) -> None:\n username = random_email()\n password = random_lower_string()\n user_in = UserCreate(email=username, password=password)\n user = crud.create_user(session=db, user_create=user_in)\n user_id = user.id\n\n login_data = {\n \"username\": username,\n \"password\": password,\n }\n r = client.post(f\"{settings.API_V1_STR}/login/access-token\", data=login_data)\n tokens = r.json()\n a_token = tokens[\"access_token\"]\n headers = {\"Authorization\": f\"Bearer {a_token}\"}\n\n r = client.delete(\n f\"{settings.API_V1_STR}/users/me\",\n headers=headers,\n )\n assert r.status_code == 200\n deleted_user = r.json()\n assert deleted_user[\"message\"] == \"User deleted successfully\"\n result = db.exec(select(User).where(User.id == user_id)).first()\n assert result is None\n\n user_query = select(User).where(User.id == user_id)\n user_db = db.execute(user_query).first()\n assert user_db is None\n\n\ndef test_delete_user_me_as_superuser(\n client: TestClient, superuser_token_headers: dict[str, str]\n) -> None:\n r = client.delete(\n f\"{settings.API_V1_STR}/users/me\",\n headers=superuser_token_headers,\n )\n assert r.status_code == 403\n response = r.json()\n assert response[\"detail\"] == \"Super users are not allowed to delete themselves\"\n\n\ndef test_delete_user_super_user(\n client: TestClient, superuser_token_headers: dict[str, str], db: Session\n) -> None:\n username = random_email()\n password = random_lower_string()\n user_in = UserCreate(email=username, password=password)\n user = crud.create_user(session=db, user_create=user_in)\n user_id = user.id\n r = client.delete(\n f\"{settings.API_V1_STR}/users/{user_id}\",\n headers=superuser_token_headers,\n )\n assert r.status_code == 200\n deleted_user = r.json()\n assert deleted_user[\"message\"] == \"User deleted successfully\"\n result = db.exec(select(User).where(User.id == user_id)).first()\n assert result is None\n\n\ndef test_delete_user_not_found(\n client: TestClient, superuser_token_headers: dict[str, str]\n) -> None:\n r = client.delete(\n f\"{settings.API_V1_STR}/users/{uuid.uuid4()}\",\n headers=superuser_token_headers,\n )\n assert r.status_code == 404\n assert r.json()[\"detail\"] == \"User not found\"\n\n\ndef test_delete_user_current_super_user_error(\n client: TestClient, superuser_token_headers: dict[str, str], db: Session\n) -> None:\n super_user = crud.get_user_by_email(session=db, email=settings.FIRST_SUPERUSER)\n assert super_user\n user_id = super_user.id\n\n r = client.delete(\n f\"{settings.API_V1_STR}/users/{user_id}\",\n headers=superuser_token_headers,\n )\n assert r.status_code == 403\n assert r.json()[\"detail\"] == \"Super users are not allowed to delete themselves\"\n\n\ndef test_delete_user_without_privileges(\n client: TestClient, normal_user_token_headers: dict[str, str], db: Session\n) -> None:\n username = random_email()\n password = random_lower_string()\n user_in = UserCreate(email=username, password=password)\n user = crud.create_user(session=db, user_create=user_in)\n\n r = client.delete(\n f\"{settings.API_V1_STR}/users/{user.id}\",\n headers=normal_user_token_headers,\n )\n assert r.status_code == 403\n assert r.json()[\"detail\"] == \"The user doesn't have enough privileges\"\n" }, { "path": "backend/tests/conftest.py", "content": "from collections.abc import Generator\n\nimport pytest\nfrom fastapi.testclient import TestClient\nfrom sqlmodel import Session, delete\n\nfrom app.core.config import settings\nfrom app.core.db import engine, init_db\nfrom app.main import app\nfrom app.models import Item, User\nfrom tests.utils.user import authentication_token_from_email\nfrom tests.utils.utils import get_superuser_token_headers\n\n\n@pytest.fixture(scope=\"session\", autouse=True)\ndef db() -> Generator[Session, None, None]:\n with Session(engine) as session:\n init_db(session)\n yield session\n statement = delete(Item)\n session.execute(statement)\n statement = delete(User)\n session.execute(statement)\n session.commit()\n\n\n@pytest.fixture(scope=\"module\")\ndef client() -> Generator[TestClient, None, None]:\n with TestClient(app) as c:\n yield c\n\n\n@pytest.fixture(scope=\"module\")\ndef superuser_token_headers(client: TestClient) -> dict[str, str]:\n return get_superuser_token_headers(client)\n\n\n@pytest.fixture(scope=\"module\")\ndef normal_user_token_headers(client: TestClient, db: Session) -> dict[str, str]:\n return authentication_token_from_email(\n client=client, email=settings.EMAIL_TEST_USER, db=db\n )\n" }, { "path": "backend/tests/crud/__init__.py", "content": "" }, { "path": "backend/tests/crud/test_user.py", "content": "from fastapi.encoders import jsonable_encoder\nfrom pwdlib.hashers.bcrypt import BcryptHasher\nfrom sqlmodel import Session\n\nfrom app import crud\nfrom app.core.security import verify_password\nfrom app.models import User, UserCreate, UserUpdate\nfrom tests.utils.utils import random_email, random_lower_string\n\n\ndef test_create_user(db: Session) -> None:\n email = random_email()\n password = random_lower_string()\n user_in = UserCreate(email=email, password=password)\n user = crud.create_user(session=db, user_create=user_in)\n assert user.email == email\n assert hasattr(user, \"hashed_password\")\n\n\ndef test_authenticate_user(db: Session) -> None:\n email = random_email()\n password = random_lower_string()\n user_in = UserCreate(email=email, password=password)\n user = crud.create_user(session=db, user_create=user_in)\n authenticated_user = crud.authenticate(session=db, email=email, password=password)\n assert authenticated_user\n assert user.email == authenticated_user.email\n\n\ndef test_not_authenticate_user(db: Session) -> None:\n email = random_email()\n password = random_lower_string()\n user = crud.authenticate(session=db, email=email, password=password)\n assert user is None\n\n\ndef test_check_if_user_is_active(db: Session) -> None:\n email = random_email()\n password = random_lower_string()\n user_in = UserCreate(email=email, password=password)\n user = crud.create_user(session=db, user_create=user_in)\n assert user.is_active is True\n\n\ndef test_check_if_user_is_active_inactive(db: Session) -> None:\n email = random_email()\n password = random_lower_string()\n user_in = UserCreate(email=email, password=password, is_active=False)\n user = crud.create_user(session=db, user_create=user_in)\n assert user.is_active is False\n\n\ndef test_check_if_user_is_superuser(db: Session) -> None:\n email = random_email()\n password = random_lower_string()\n user_in = UserCreate(email=email, password=password, is_superuser=True)\n user = crud.create_user(session=db, user_create=user_in)\n assert user.is_superuser is True\n\n\ndef test_check_if_user_is_superuser_normal_user(db: Session) -> None:\n username = random_email()\n password = random_lower_string()\n user_in = UserCreate(email=username, password=password)\n user = crud.create_user(session=db, user_create=user_in)\n assert user.is_superuser is False\n\n\ndef test_get_user(db: Session) -> None:\n password = random_lower_string()\n username = random_email()\n user_in = UserCreate(email=username, password=password, is_superuser=True)\n user = crud.create_user(session=db, user_create=user_in)\n user_2 = db.get(User, user.id)\n assert user_2\n assert user.email == user_2.email\n assert jsonable_encoder(user) == jsonable_encoder(user_2)\n\n\ndef test_update_user(db: Session) -> None:\n password = random_lower_string()\n email = random_email()\n user_in = UserCreate(email=email, password=password, is_superuser=True)\n user = crud.create_user(session=db, user_create=user_in)\n new_password = random_lower_string()\n user_in_update = UserUpdate(password=new_password, is_superuser=True)\n if user.id is not None:\n crud.update_user(session=db, db_user=user, user_in=user_in_update)\n user_2 = db.get(User, user.id)\n assert user_2\n assert user.email == user_2.email\n verified, _ = verify_password(new_password, user_2.hashed_password)\n assert verified\n\n\ndef test_authenticate_user_with_bcrypt_upgrades_to_argon2(db: Session) -> None:\n \"\"\"Test that a user with bcrypt password hash gets upgraded to argon2 on login.\"\"\"\n email = random_email()\n password = random_lower_string()\n\n # Create a bcrypt hash directly (simulating legacy password)\n bcrypt_hasher = BcryptHasher()\n bcrypt_hash = bcrypt_hasher.hash(password)\n assert bcrypt_hash.startswith(\"$2\") # bcrypt hashes start with $2\n\n # Create user with bcrypt hash directly in the database\n user = User(email=email, hashed_password=bcrypt_hash)\n db.add(user)\n db.commit()\n db.refresh(user)\n\n # Verify the hash is bcrypt before authentication\n assert user.hashed_password.startswith(\"$2\")\n\n # Authenticate - this should upgrade the hash to argon2\n authenticated_user = crud.authenticate(session=db, email=email, password=password)\n assert authenticated_user\n assert authenticated_user.email == email\n\n db.refresh(authenticated_user)\n\n # Verify the hash was upgraded to argon2\n assert authenticated_user.hashed_password.startswith(\"$argon2\")\n\n verified, updated_hash = verify_password(\n password, authenticated_user.hashed_password\n )\n assert verified\n # Should not need another update since it's already argon2\n assert updated_hash is None\n" }, { "path": "backend/tests/scripts/__init__.py", "content": "" }, { "path": "backend/tests/scripts/test_backend_pre_start.py", "content": "from unittest.mock import MagicMock, patch\n\nfrom sqlmodel import select\n\nfrom app.backend_pre_start import init, logger\n\n\ndef test_init_successful_connection() -> None:\n engine_mock = MagicMock()\n\n session_mock = MagicMock()\n session_mock.__enter__.return_value = session_mock\n\n select1 = select(1)\n\n with (\n patch(\"app.backend_pre_start.Session\", return_value=session_mock),\n patch(\"app.backend_pre_start.select\", return_value=select1),\n patch.object(logger, \"info\"),\n patch.object(logger, \"error\"),\n patch.object(logger, \"warn\"),\n ):\n try:\n init(engine_mock)\n connection_successful = True\n except Exception:\n connection_successful = False\n\n assert connection_successful, (\n \"The database connection should be successful and not raise an exception.\"\n )\n\n session_mock.exec.assert_called_once_with(select1)\n" }, { "path": "backend/tests/scripts/test_test_pre_start.py", "content": "from unittest.mock import MagicMock, patch\n\nfrom sqlmodel import select\n\nfrom app.tests_pre_start import init, logger\n\n\ndef test_init_successful_connection() -> None:\n engine_mock = MagicMock()\n\n session_mock = MagicMock()\n session_mock.__enter__.return_value = session_mock\n\n select1 = select(1)\n\n with (\n patch(\"app.tests_pre_start.Session\", return_value=session_mock),\n patch(\"app.tests_pre_start.select\", return_value=select1),\n patch.object(logger, \"info\"),\n patch.object(logger, \"error\"),\n patch.object(logger, \"warn\"),\n ):\n try:\n init(engine_mock)\n connection_successful = True\n except Exception:\n connection_successful = False\n\n assert connection_successful, (\n \"The database connection should be successful and not raise an exception.\"\n )\n\n session_mock.exec.assert_called_once_with(select1)\n" }, { "path": "backend/tests/utils/__init__.py", "content": "" }, { "path": "backend/tests/utils/item.py", "content": "from sqlmodel import Session\n\nfrom app import crud\nfrom app.models import Item, ItemCreate\nfrom tests.utils.user import create_random_user\nfrom tests.utils.utils import random_lower_string\n\n\ndef create_random_item(db: Session) -> Item:\n user = create_random_user(db)\n owner_id = user.id\n assert owner_id is not None\n title = random_lower_string()\n description = random_lower_string()\n item_in = ItemCreate(title=title, description=description)\n return crud.create_item(session=db, item_in=item_in, owner_id=owner_id)\n" }, { "path": "backend/tests/utils/user.py", "content": "from fastapi.testclient import TestClient\nfrom sqlmodel import Session\n\nfrom app import crud\nfrom app.core.config import settings\nfrom app.models import User, UserCreate, UserUpdate\nfrom tests.utils.utils import random_email, random_lower_string\n\n\ndef user_authentication_headers(\n *, client: TestClient, email: str, password: str\n) -> dict[str, str]:\n data = {\"username\": email, \"password\": password}\n\n r = client.post(f\"{settings.API_V1_STR}/login/access-token\", data=data)\n response = r.json()\n auth_token = response[\"access_token\"]\n headers = {\"Authorization\": f\"Bearer {auth_token}\"}\n return headers\n\n\ndef create_random_user(db: Session) -> User:\n email = random_email()\n password = random_lower_string()\n user_in = UserCreate(email=email, password=password)\n user = crud.create_user(session=db, user_create=user_in)\n return user\n\n\ndef authentication_token_from_email(\n *, client: TestClient, email: str, db: Session\n) -> dict[str, str]:\n \"\"\"\n Return a valid token for the user with given email.\n\n If the user doesn't exist it is created first.\n \"\"\"\n password = random_lower_string()\n user = crud.get_user_by_email(session=db, email=email)\n if not user:\n user_in_create = UserCreate(email=email, password=password)\n user = crud.create_user(session=db, user_create=user_in_create)\n else:\n user_in_update = UserUpdate(password=password)\n if not user.id:\n raise Exception(\"User id not set\")\n user = crud.update_user(session=db, db_user=user, user_in=user_in_update)\n\n return user_authentication_headers(client=client, email=email, password=password)\n" }, { "path": "backend/tests/utils/utils.py", "content": "import random\nimport string\n\nfrom fastapi.testclient import TestClient\n\nfrom app.core.config import settings\n\n\ndef random_lower_string() -> str:\n return \"\".join(random.choices(string.ascii_lowercase, k=32))\n\n\ndef random_email() -> str:\n return f\"{random_lower_string()}@{random_lower_string()}.com\"\n\n\ndef get_superuser_token_headers(client: TestClient) -> dict[str, str]:\n login_data = {\n \"username\": settings.FIRST_SUPERUSER,\n \"password\": settings.FIRST_SUPERUSER_PASSWORD,\n }\n r = client.post(f\"{settings.API_V1_STR}/login/access-token\", data=login_data)\n tokens = r.json()\n a_token = tokens[\"access_token\"]\n headers = {\"Authorization\": f\"Bearer {a_token}\"}\n return headers\n" }, { "path": "compose.override.yml", "content": "services:\n\n # Local services are available on their ports, but also available on:\n # http://api.localhost.tiangolo.com: backend\n # http://dashboard.localhost.tiangolo.com: frontend\n # etc. To enable it, update .env, set:\n # DOMAIN=localhost.tiangolo.com\n proxy:\n image: traefik:3.6\n volumes:\n - /var/run/docker.sock:/var/run/docker.sock\n ports:\n - \"80:80\"\n - \"8090:8080\"\n # Duplicate the command from compose.yml to add --api.insecure=true\n command:\n # Enable Docker in Traefik, so that it reads labels from Docker services\n - --providers.docker\n # Add a constraint to only use services with the label for this stack\n - --providers.docker.constraints=Label(`traefik.constraint-label`, `traefik-public`)\n # Do not expose all Docker services, only the ones explicitly exposed\n - --providers.docker.exposedbydefault=false\n # Create an entrypoint \"http\" listening on port 80\n - --entrypoints.http.address=:80\n # Create an entrypoint \"https\" listening on port 443\n - --entrypoints.https.address=:443\n # Enable the access log, with HTTP requests\n - --accesslog\n # Enable the Traefik log, for configurations and errors\n - --log\n # Enable debug logging for local development\n - --log.level=DEBUG\n # Enable the Dashboard and API\n - --api\n # Enable the Dashboard and API in insecure mode for local development\n - --api.insecure=true\n labels:\n # Enable Traefik for this service, to make it available in the public network\n - traefik.enable=true\n - traefik.constraint-label=traefik-public\n # Dummy https-redirect middleware that doesn't really redirect, only to\n # allow running it locally\n - traefik.http.middlewares.https-redirect.contenttype.autodetect=false\n networks:\n - traefik-public\n - default\n\n db:\n restart: \"no\"\n ports:\n - \"5432:5432\"\n\n adminer:\n restart: \"no\"\n ports:\n - \"8080:8080\"\n\n backend:\n restart: \"no\"\n ports:\n - \"8000:8000\"\n build:\n context: .\n dockerfile: backend/Dockerfile\n # command: sleep infinity # Infinite loop to keep container alive doing nothing\n command:\n - fastapi\n - run\n - --reload\n - \"app/main.py\"\n develop:\n watch:\n - path: ./backend\n action: sync\n target: /app/backend\n ignore:\n - ./backend/.venv\n - .venv\n - path: ./backend/pyproject.toml\n action: rebuild\n # TODO: remove once coverage is done locally\n volumes:\n - ./backend/htmlcov:/app/backend/htmlcov\n environment:\n SMTP_HOST: \"mailcatcher\"\n SMTP_PORT: \"1025\"\n SMTP_TLS: \"false\"\n EMAILS_FROM_EMAIL: \"noreply@example.com\"\n\n mailcatcher:\n image: schickling/mailcatcher\n ports:\n - \"1080:1080\"\n - \"1025:1025\"\n\n frontend:\n restart: \"no\"\n ports:\n - \"5173:80\"\n build:\n context: .\n dockerfile: frontend/Dockerfile\n args:\n - VITE_API_URL=http://localhost:8000\n - NODE_ENV=development\n\n playwright:\n build:\n context: .\n dockerfile: frontend/Dockerfile.playwright\n args:\n - VITE_API_URL=http://backend:8000\n - NODE_ENV=production\n ipc: host\n depends_on:\n - backend\n - mailcatcher\n env_file:\n - .env\n environment:\n - VITE_API_URL=http://backend:8000\n - MAILCATCHER_HOST=http://mailcatcher:1080\n # For the reports when run locally\n - PLAYWRIGHT_HTML_HOST=0.0.0.0\n - CI=${CI}\n volumes:\n - ./frontend/blob-report:/app/frontend/blob-report\n - ./frontend/test-results:/app/frontend/test-results\n ports:\n - 9323:9323\n\nnetworks:\n traefik-public:\n # For local dev, don't expect an external Traefik network\n external: false\n" }, { "path": "compose.traefik.yml", "content": "services:\n traefik:\n image: traefik:3.6\n ports:\n # Listen on port 80, default for HTTP, necessary to redirect to HTTPS\n - 80:80\n # Listen on port 443, default for HTTPS\n - 443:443\n restart: always\n labels:\n # Enable Traefik for this service, to make it available in the public network\n - traefik.enable=true\n # Use the traefik-public network (declared below)\n - traefik.docker.network=traefik-public\n # Define the port inside of the Docker service to use\n - traefik.http.services.traefik-dashboard.loadbalancer.server.port=8080\n # Make Traefik use this domain (from an environment variable) in HTTP\n - traefik.http.routers.traefik-dashboard-http.entrypoints=http\n - traefik.http.routers.traefik-dashboard-http.rule=Host(`traefik.${DOMAIN?Variable not set}`)\n # traefik-https the actual router using HTTPS\n - traefik.http.routers.traefik-dashboard-https.entrypoints=https\n - traefik.http.routers.traefik-dashboard-https.rule=Host(`traefik.${DOMAIN?Variable not set}`)\n - traefik.http.routers.traefik-dashboard-https.tls=true\n # Use the \"le\" (Let's Encrypt) resolver created below\n - traefik.http.routers.traefik-dashboard-https.tls.certresolver=le\n # Use the special Traefik service api@internal with the web UI/Dashboard\n - traefik.http.routers.traefik-dashboard-https.service=api@internal\n # https-redirect middleware to redirect HTTP to HTTPS\n - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https\n - traefik.http.middlewares.https-redirect.redirectscheme.permanent=true\n # traefik-http set up only to use the middleware to redirect to https\n - traefik.http.routers.traefik-dashboard-http.middlewares=https-redirect\n # admin-auth middleware with HTTP Basic auth\n # Using the environment variables USERNAME and HASHED_PASSWORD\n - traefik.http.middlewares.admin-auth.basicauth.users=${USERNAME?Variable not set}:${HASHED_PASSWORD?Variable not set}\n # Enable HTTP Basic auth, using the middleware created above\n - traefik.http.routers.traefik-dashboard-https.middlewares=admin-auth\n volumes:\n # Add Docker as a mounted volume, so that Traefik can read the labels of other services\n - /var/run/docker.sock:/var/run/docker.sock:ro\n # Mount the volume to store the certificates\n - traefik-public-certificates:/certificates\n command:\n # Enable Docker in Traefik, so that it reads labels from Docker services\n - --providers.docker\n # Do not expose all Docker services, only the ones explicitly exposed\n - --providers.docker.exposedbydefault=false\n # Create an entrypoint \"http\" listening on port 80\n - --entrypoints.http.address=:80\n # Create an entrypoint \"https\" listening on port 443\n - --entrypoints.https.address=:443\n # Create the certificate resolver \"le\" for Let's Encrypt, uses the environment variable EMAIL\n - --certificatesresolvers.le.acme.email=${EMAIL?Variable not set}\n # Store the Let's Encrypt certificates in the mounted volume\n - --certificatesresolvers.le.acme.storage=/certificates/acme.json\n # Use the TLS Challenge for Let's Encrypt\n - --certificatesresolvers.le.acme.tlschallenge=true\n # Enable the access log, with HTTP requests\n - --accesslog\n # Enable the Traefik log, for configurations and errors\n - --log\n # Enable the Dashboard and API\n - --api\n networks:\n # Use the public network created to be shared between Traefik and\n # any other service that needs to be publicly available with HTTPS\n - traefik-public\n\nvolumes:\n # Create a volume to store the certificates, even if the container is recreated\n traefik-public-certificates:\n\nnetworks:\n # Use the previously created public network \"traefik-public\", shared with other\n # services that need to be publicly available via this Traefik\n traefik-public:\n external: true\n" }, { "path": "compose.yml", "content": "services:\n\n db:\n image: postgres:18\n restart: always\n healthcheck:\n test: [\"CMD-SHELL\", \"pg_isready -U ${POSTGRES_USER} -d ${POSTGRES_DB}\"]\n interval: 10s\n retries: 5\n start_period: 30s\n timeout: 10s\n volumes:\n - app-db-data:/var/lib/postgresql/data/pgdata\n env_file:\n - .env\n environment:\n - PGDATA=/var/lib/postgresql/data/pgdata\n - POSTGRES_PASSWORD=${POSTGRES_PASSWORD?Variable not set}\n - POSTGRES_USER=${POSTGRES_USER?Variable not set}\n - POSTGRES_DB=${POSTGRES_DB?Variable not set}\n\n adminer:\n image: adminer\n restart: always\n networks:\n - traefik-public\n - default\n depends_on:\n - db\n environment:\n - ADMINER_DESIGN=pepa-linha-dark\n labels:\n - traefik.enable=true\n - traefik.docker.network=traefik-public\n - traefik.constraint-label=traefik-public\n - traefik.http.routers.${STACK_NAME?Variable not set}-adminer-http.rule=Host(`adminer.${DOMAIN?Variable not set}`)\n - traefik.http.routers.${STACK_NAME?Variable not set}-adminer-http.entrypoints=http\n - traefik.http.routers.${STACK_NAME?Variable not set}-adminer-http.middlewares=https-redirect\n - traefik.http.routers.${STACK_NAME?Variable not set}-adminer-https.rule=Host(`adminer.${DOMAIN?Variable not set}`)\n - traefik.http.routers.${STACK_NAME?Variable not set}-adminer-https.entrypoints=https\n - traefik.http.routers.${STACK_NAME?Variable not set}-adminer-https.tls=true\n - traefik.http.routers.${STACK_NAME?Variable not set}-adminer-https.tls.certresolver=le\n - traefik.http.services.${STACK_NAME?Variable not set}-adminer.loadbalancer.server.port=8080\n\n prestart:\n image: '${DOCKER_IMAGE_BACKEND?Variable not set}:${TAG-latest}'\n build:\n context: .\n dockerfile: backend/Dockerfile\n networks:\n - traefik-public\n - default\n depends_on:\n db:\n condition: service_healthy\n restart: true\n command: bash scripts/prestart.sh\n env_file:\n - .env\n environment:\n - DOMAIN=${DOMAIN}\n - FRONTEND_HOST=${FRONTEND_HOST?Variable not set}\n - ENVIRONMENT=${ENVIRONMENT}\n - BACKEND_CORS_ORIGINS=${BACKEND_CORS_ORIGINS}\n - SECRET_KEY=${SECRET_KEY?Variable not set}\n - FIRST_SUPERUSER=${FIRST_SUPERUSER?Variable not set}\n - FIRST_SUPERUSER_PASSWORD=${FIRST_SUPERUSER_PASSWORD?Variable not set}\n - SMTP_HOST=${SMTP_HOST}\n - SMTP_USER=${SMTP_USER}\n - SMTP_PASSWORD=${SMTP_PASSWORD}\n - EMAILS_FROM_EMAIL=${EMAILS_FROM_EMAIL}\n - POSTGRES_SERVER=db\n - POSTGRES_PORT=${POSTGRES_PORT}\n - POSTGRES_DB=${POSTGRES_DB}\n - POSTGRES_USER=${POSTGRES_USER?Variable not set}\n - POSTGRES_PASSWORD=${POSTGRES_PASSWORD?Variable not set}\n - SENTRY_DSN=${SENTRY_DSN}\n\n backend:\n image: '${DOCKER_IMAGE_BACKEND?Variable not set}:${TAG-latest}'\n restart: always\n networks:\n - traefik-public\n - default\n depends_on:\n db:\n condition: service_healthy\n restart: true\n prestart:\n condition: service_completed_successfully\n env_file:\n - .env\n environment:\n - DOMAIN=${DOMAIN}\n - FRONTEND_HOST=${FRONTEND_HOST?Variable not set}\n - ENVIRONMENT=${ENVIRONMENT}\n - BACKEND_CORS_ORIGINS=${BACKEND_CORS_ORIGINS}\n - SECRET_KEY=${SECRET_KEY?Variable not set}\n - FIRST_SUPERUSER=${FIRST_SUPERUSER?Variable not set}\n - FIRST_SUPERUSER_PASSWORD=${FIRST_SUPERUSER_PASSWORD?Variable not set}\n - SMTP_HOST=${SMTP_HOST}\n - SMTP_USER=${SMTP_USER}\n - SMTP_PASSWORD=${SMTP_PASSWORD}\n - EMAILS_FROM_EMAIL=${EMAILS_FROM_EMAIL}\n - POSTGRES_SERVER=db\n - POSTGRES_PORT=${POSTGRES_PORT}\n - POSTGRES_DB=${POSTGRES_DB}\n - POSTGRES_USER=${POSTGRES_USER?Variable not set}\n - POSTGRES_PASSWORD=${POSTGRES_PASSWORD?Variable not set}\n - SENTRY_DSN=${SENTRY_DSN}\n\n healthcheck:\n test: [\"CMD\", \"curl\", \"-f\", \"http://localhost:8000/api/v1/utils/health-check/\"]\n interval: 10s\n timeout: 5s\n retries: 5\n\n build:\n context: .\n dockerfile: backend/Dockerfile\n labels:\n - traefik.enable=true\n - traefik.docker.network=traefik-public\n - traefik.constraint-label=traefik-public\n\n - traefik.http.services.${STACK_NAME?Variable not set}-backend.loadbalancer.server.port=8000\n\n - traefik.http.routers.${STACK_NAME?Variable not set}-backend-http.rule=Host(`api.${DOMAIN?Variable not set}`)\n - traefik.http.routers.${STACK_NAME?Variable not set}-backend-http.entrypoints=http\n\n - traefik.http.routers.${STACK_NAME?Variable not set}-backend-https.rule=Host(`api.${DOMAIN?Variable not set}`)\n - traefik.http.routers.${STACK_NAME?Variable not set}-backend-https.entrypoints=https\n - traefik.http.routers.${STACK_NAME?Variable not set}-backend-https.tls=true\n - traefik.http.routers.${STACK_NAME?Variable not set}-backend-https.tls.certresolver=le\n\n # Enable redirection for HTTP and HTTPS\n - traefik.http.routers.${STACK_NAME?Variable not set}-backend-http.middlewares=https-redirect\n\n frontend:\n image: '${DOCKER_IMAGE_FRONTEND?Variable not set}:${TAG-latest}'\n restart: always\n networks:\n - traefik-public\n - default\n build:\n context: .\n dockerfile: frontend/Dockerfile\n args:\n - VITE_API_URL=https://api.${DOMAIN?Variable not set}\n - NODE_ENV=production\n labels:\n - traefik.enable=true\n - traefik.docker.network=traefik-public\n - traefik.constraint-label=traefik-public\n\n - traefik.http.services.${STACK_NAME?Variable not set}-frontend.loadbalancer.server.port=80\n\n - traefik.http.routers.${STACK_NAME?Variable not set}-frontend-http.rule=Host(`dashboard.${DOMAIN?Variable not set}`)\n - traefik.http.routers.${STACK_NAME?Variable not set}-frontend-http.entrypoints=http\n\n - traefik.http.routers.${STACK_NAME?Variable not set}-frontend-https.rule=Host(`dashboard.${DOMAIN?Variable not set}`)\n - traefik.http.routers.${STACK_NAME?Variable not set}-frontend-https.entrypoints=https\n - traefik.http.routers.${STACK_NAME?Variable not set}-frontend-https.tls=true\n - traefik.http.routers.${STACK_NAME?Variable not set}-frontend-https.tls.certresolver=le\n\n # Enable redirection for HTTP and HTTPS\n - traefik.http.routers.${STACK_NAME?Variable not set}-frontend-http.middlewares=https-redirect\nvolumes:\n app-db-data:\n\nnetworks:\n traefik-public:\n # Allow setting it to false for testing\n external: true\n" }, { "path": "copier.yml", "content": "project_name:\n type: str\n help: The name of the project, shown to API users (in .env)\n default: FastAPI Project\n\nstack_name:\n type: str\n help: The name of the stack used for Docker Compose labels (no spaces) (in .env)\n default: fastapi-project\n\nsecret_key:\n type: str\n help: |\n 'The secret key for the project, used for security,\n stored in .env, you can generate one with:\n python -c \"import secrets; print(secrets.token_urlsafe(32))\"'\n default: changethis\n\nfirst_superuser:\n type: str\n help: The email of the first superuser (in .env)\n default: admin@example.com\n\nfirst_superuser_password:\n type: str\n help: The password of the first superuser (in .env)\n default: changethis\n\nsmtp_host:\n type: str\n help: The SMTP server host to send emails, you can set it later in .env\n default: \"\"\n\nsmtp_user:\n type: str\n help: The SMTP server user to send emails, you can set it later in .env\n default: \"\"\n\nsmtp_password:\n type: str\n help: The SMTP server password to send emails, you can set it later in .env\n default: \"\"\n\nemails_from_email:\n type: str\n help: The email account to send emails from, you can set it later in .env\n default: info@example.com\n\npostgres_password:\n type: str\n help: |\n 'The password for the PostgreSQL database, stored in .env,\n you can generate one with:\n python -c \"import secrets; print(secrets.token_urlsafe(32))\"'\n default: changethis\n\nsentry_dsn:\n type: str\n help: The DSN for Sentry, if you are using it, you can set it later in .env\n default: \"\"\n\n_exclude:\n # Global\n - .vscode\n - .mypy_cache\n # Python\n - __pycache__\n - app.egg-info\n - \"*.pyc\"\n - .mypy_cache\n - .coverage\n - htmlcov\n - .cache\n - .venv\n # Frontend\n # Logs\n - logs\n - \"*.log\"\n - npm-debug.log*\n - yarn-debug.log*\n - yarn-error.log*\n - pnpm-debug.log*\n - lerna-debug.log*\n - node_modules\n - dist\n - dist-ssr\n - \"*.local\"\n # Editor directories and files\n - .idea\n - .DS_Store\n - \"*.suo\"\n - \"*.ntvs*\"\n - \"*.njsproj\"\n - \"*.sln\"\n - \"*.sw?\"\n\n_answers_file: .copier/.copier-answers.yml\n\n_tasks:\n - [\"{{ _copier_python }}\", .copier/update_dotenv.py]\n" }, { "path": "deployment.md", "content": "# FastAPI Project - Deployment\n\nYou can deploy the project using Docker Compose to a remote server.\n\nThis project expects you to have a Traefik proxy handling communication to the outside world and HTTPS certificates.\n\nYou can use CI/CD (continuous integration and continuous deployment) systems to deploy automatically, there are already configurations to do it with GitHub Actions.\n\nBut you have to configure a couple things first. πŸ€“\n\n## Preparation\n\n* Have a remote server ready and available.\n* Configure the DNS records of your domain to point to the IP of the server you just created.\n* Configure a wildcard subdomain for your domain, so that you can have multiple subdomains for different services, e.g. `*.fastapi-project.example.com`. This will be useful for accessing different components, like `dashboard.fastapi-project.example.com`, `api.fastapi-project.example.com`, `traefik.fastapi-project.example.com`, `adminer.fastapi-project.example.com`, etc. And also for `staging`, like `dashboard.staging.fastapi-project.example.com`, `adminer.staging.fastapi-project.example.com`, etc.\n* Install and configure [Docker](https://docs.docker.com/engine/install/) on the remote server (Docker Engine, not Docker Desktop).\n\n## Public Traefik\n\nWe need a Traefik proxy to handle incoming connections and HTTPS certificates.\n\nYou need to do these next steps only once.\n\n### Traefik Docker Compose\n\n* Create a remote directory to store your Traefik Docker Compose file:\n\n```bash\nmkdir -p /root/code/traefik-public/\n```\n\nCopy the Traefik Docker Compose file to your server. You could do it by running the command `rsync` in your local terminal:\n\n```bash\nrsync -a compose.traefik.yml root@your-server.example.com:/root/code/traefik-public/\n```\n\n### Traefik Public Network\n\nThis Traefik will expect a Docker \"public network\" named `traefik-public` to communicate with your stack(s).\n\nThis way, there will be a single public Traefik proxy that handles the communication (HTTP and HTTPS) with the outside world, and then behind that, you could have one or more stacks with different domains, even if they are on the same single server.\n\nTo create a Docker \"public network\" named `traefik-public` run the following command in your remote server:\n\n```bash\ndocker network create traefik-public\n```\n\n### Traefik Environment Variables\n\nThe Traefik Docker Compose file expects some environment variables to be set in your terminal before starting it. You can do it by running the following commands in your remote server.\n\n* Create the username for HTTP Basic Auth, e.g.:\n\n```bash\nexport USERNAME=admin\n```\n\n* Create an environment variable with the password for HTTP Basic Auth, e.g.:\n\n```bash\nexport PASSWORD=changethis\n```\n\n* Use openssl to generate the \"hashed\" version of the password for HTTP Basic Auth and store it in an environment variable:\n\n```bash\nexport HASHED_PASSWORD=$(openssl passwd -apr1 $PASSWORD)\n```\n\nTo verify that the hashed password is correct, you can print it:\n\n```bash\necho $HASHED_PASSWORD\n```\n\n* Create an environment variable with the domain name for your server, e.g.:\n\n```bash\nexport DOMAIN=fastapi-project.example.com\n```\n\n* Create an environment variable with the email for Let's Encrypt, e.g.:\n\n```bash\nexport EMAIL=admin@example.com\n```\n\n**Note**: you need to set a different email, an email `@example.com` won't work.\n\n### Start the Traefik Docker Compose\n\nGo to the directory where you copied the Traefik Docker Compose file in your remote server:\n\n```bash\ncd /root/code/traefik-public/\n```\n\nNow with the environment variables set and the `compose.traefik.yml` in place, you can start the Traefik Docker Compose running the following command:\n\n```bash\ndocker compose -f compose.traefik.yml up -d\n```\n\n## Deploy the FastAPI Project\n\nNow that you have Traefik in place you can deploy your FastAPI project with Docker Compose.\n\n**Note**: You might want to jump ahead to the section about Continuous Deployment with GitHub Actions.\n\n## Copy the Code\n\n```bash\nrsync -av --filter=\":- .gitignore\" ./ root@your-server.example.com:/root/code/app/\n```\n\nNote: `--filter=\":- .gitignore\"` tells `rsync` to use the same rules as git, ignore files ignored by git, like the Python virtual environment.\n\n## Environment Variables\n\nYou need to set some environment variables first.\n\n### Generate secret keys\n\nSome environment variables in the `.env` file have a default value of `changethis`.\n\nYou have to change them with a secret key, to generate secret keys you can run the following command:\n\n```bash\npython -c \"import secrets; print(secrets.token_urlsafe(32))\"\n```\n\nCopy the content and use that as password / secret key. And run that again to generate another secure key.\n\n### Required Environment Variables\n\nSet the `ENVIRONMENT`, by default `local` (for development), but when deploying to a server you would put something like `staging` or `production`:\n\n```bash\nexport ENVIRONMENT=production\n```\n\nSet the `DOMAIN`, by default `localhost` (for development), but when deploying you would use your own domain, for example:\n\n```bash\nexport DOMAIN=fastapi-project.example.com\n```\n\nSet the `POSTGRES_PASSWORD` to something different than `changethis`:\n\n```bash\nexport POSTGRES_PASSWORD=\"changethis\"\n```\n\nSet the `SECRET_KEY`, used to sign tokens:\n\n```bash\nexport SECRET_KEY=\"changethis\"\n```\n\nNote: you can use the Python command above to generate a secure secret key.\n\nSet the `FIRST_SUPER_USER_PASSWORD` to something different than `changethis`:\n\n```bash\nexport FIRST_SUPERUSER_PASSWORD=\"changethis\"\n```\n\nSet the `BACKEND_CORS_ORIGINS` to include your domain:\n\n```bash\nexport BACKEND_CORS_ORIGINS=\"https://dashboard.${DOMAIN?Variable not set},https://api.${DOMAIN?Variable not set}\"\n```\n\nYou can set several other environment variables:\n\n* `PROJECT_NAME`: The name of the project, used in the API for the docs and emails.\n* `STACK_NAME`: The name of the stack used for Docker Compose labels and project name, this should be different for `staging`, `production`, etc. You could use the same domain replacing dots with dashes, e.g. `fastapi-project-example-com` and `staging-fastapi-project-example-com`.\n* `BACKEND_CORS_ORIGINS`: A list of allowed CORS origins separated by commas.\n* `FIRST_SUPERUSER`: The email of the first superuser, this superuser will be the one that can create new users.\n* `SMTP_HOST`: The SMTP server host to send emails, this would come from your email provider (E.g. Mailgun, Sparkpost, Sendgrid, etc).\n* `SMTP_USER`: The SMTP server user to send emails.\n* `SMTP_PASSWORD`: The SMTP server password to send emails.\n* `EMAILS_FROM_EMAIL`: The email account to send emails from.\n* `POSTGRES_SERVER`: The hostname of the PostgreSQL server. You can leave the default of `db`, provided by the same Docker Compose. You normally wouldn't need to change this unless you are using a third-party provider.\n* `POSTGRES_PORT`: The port of the PostgreSQL server. You can leave the default. You normally wouldn't need to change this unless you are using a third-party provider.\n* `POSTGRES_USER`: The Postgres user, you can leave the default.\n* `POSTGRES_DB`: The database name to use for this application. You can leave the default of `app`.\n* `SENTRY_DSN`: The DSN for Sentry, if you are using it.\n\n## GitHub Actions Environment Variables\n\nThere are some environment variables only used by GitHub Actions that you can configure:\n\n* `LATEST_CHANGES`: Used by the GitHub Action [latest-changes](https://github.com/tiangolo/latest-changes) to automatically add release notes based on the PRs merged. It's a personal access token, read the docs for details.\n* `SMOKESHOW_AUTH_KEY`: Used to handle and publish the code coverage using [Smokeshow](https://github.com/samuelcolvin/smokeshow), follow their instructions to create a (free) Smokeshow key.\n\n### Deploy with Docker Compose\n\nWith the environment variables in place, you can deploy with Docker Compose:\n\n```bash\ncd /root/code/app/\ndocker compose -f compose.yml build\ndocker compose -f compose.yml up -d\n```\n\nFor production you wouldn't want to have the overrides in `compose.override.yml`, that's why we explicitly specify `compose.yml` as the file to use.\n\n## Continuous Deployment (CD)\n\nYou can use GitHub Actions to deploy your project automatically. 😎\n\nYou can have multiple environment deployments.\n\nThere are already two environments configured, `staging` and `production`. πŸš€\n\n### Install GitHub Actions Runner\n\n* On your remote server, create a user for your GitHub Actions:\n\n```bash\nsudo adduser github\n```\n\n* Add Docker permissions to the `github` user:\n\n```bash\nsudo usermod -aG docker github\n```\n\n* Temporarily switch to the `github` user:\n\n```bash\nsudo su - github\n```\n\n* Go to the `github` user's home directory:\n\n```bash\ncd\n```\n\n* [Install a GitHub Action self-hosted runner following the official guide](https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-a-repository).\n\n* When asked about labels, add a label for the environment, e.g. `production`. You can also add labels later.\n\nAfter installing, the guide would tell you to run a command to start the runner. Nevertheless, it would stop once you terminate that process or if your local connection to your server is lost.\n\nTo make sure it runs on startup and continues running, you can install it as a service. To do that, exit the `github` user and go back to the `root` user:\n\n```bash\nexit\n```\n\nAfter you do it, you will be on the previous user again. And you will be on the previous directory, belonging to that user.\n\nBefore being able to go the `github` user directory, you need to become the `root` user (you might already be):\n\n```bash\nsudo su\n```\n\n* As the `root` user, go to the `actions-runner` directory inside of the `github` user's home directory:\n\n```bash\ncd /home/github/actions-runner\n```\n\n* Install the self-hosted runner as a service with the user `github`:\n\n```bash\n./svc.sh install github\n```\n\n* Start the service:\n\n```bash\n./svc.sh start\n```\n\n* Check the status of the service:\n\n```bash\n./svc.sh status\n```\n\nYou can read more about it in the official guide: [Configuring the self-hosted runner application as a service](https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners/configuring-the-self-hosted-runner-application-as-a-service).\n\n### Set Secrets\n\nOn your repository, configure secrets for the environment variables you need, the same ones described above, including `SECRET_KEY`, etc. Follow the [official GitHub guide for setting repository secrets](https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository).\n\nThe current Github Actions workflows expect these secrets:\n\n* `DOMAIN_PRODUCTION`\n* `DOMAIN_STAGING`\n* `STACK_NAME_PRODUCTION`\n* `STACK_NAME_STAGING`\n* `EMAILS_FROM_EMAIL`\n* `FIRST_SUPERUSER`\n* `FIRST_SUPERUSER_PASSWORD`\n* `POSTGRES_PASSWORD`\n* `SECRET_KEY`\n* `LATEST_CHANGES`\n* `SMOKESHOW_AUTH_KEY`\n\n## GitHub Action Deployment Workflows\n\nThere are GitHub Action workflows in the `.github/workflows` directory already configured for deploying to the environments (GitHub Actions runners with the labels):\n\n* `staging`: after pushing (or merging) to the branch `master`.\n* `production`: after publishing a release.\n\nIf you need to add extra environments you could use those as a starting point.\n\n## URLs\n\nReplace `fastapi-project.example.com` with your domain.\n\n### Main Traefik Dashboard\n\nTraefik UI: `https://traefik.fastapi-project.example.com`\n\n### Production\n\nFrontend: `https://dashboard.fastapi-project.example.com`\n\nBackend API docs: `https://api.fastapi-project.example.com/docs`\n\nBackend API base URL: `https://api.fastapi-project.example.com`\n\nAdminer: `https://adminer.fastapi-project.example.com`\n\n### Staging\n\nFrontend: `https://dashboard.staging.fastapi-project.example.com`\n\nBackend API docs: `https://api.staging.fastapi-project.example.com/docs`\n\nBackend API base URL: `https://api.staging.fastapi-project.example.com`\n\nAdminer: `https://adminer.staging.fastapi-project.example.com`\n" }, { "path": "development.md", "content": "# FastAPI Project - Development\n\n## Docker Compose\n\n* Start the local stack with Docker Compose:\n\n```bash\ndocker compose watch\n```\n\n* Now you can open your browser and interact with these URLs:\n\nFrontend, built with Docker, with routes handled based on the path: \n\nBackend, JSON based web API based on OpenAPI: \n\nAutomatic interactive documentation with Swagger UI (from the OpenAPI backend): \n\nAdminer, database web administration: \n\nTraefik UI, to see how the routes are being handled by the proxy: \n\n**Note**: The first time you start your stack, it might take a minute for it to be ready. While the backend waits for the database to be ready and configures everything. You can check the logs to monitor it.\n\nTo check the logs, run (in another terminal):\n\n```bash\ndocker compose logs\n```\n\nTo check the logs of a specific service, add the name of the service, e.g.:\n\n```bash\ndocker compose logs backend\n```\n\n## Mailcatcher\n\nMailcatcher is a simple SMTP server that catches all emails sent by the backend during local development. Instead of sending real emails, they are captured and displayed in a web interface.\n\nThis is useful for:\n\n* Testing email functionality during development\n* Verifying email content and formatting\n* Debugging email-related functionality without sending real emails\n\nThe backend is automatically configured to use Mailcatcher when running with Docker Compose locally (SMTP on port 1025). All captured emails can be viewed at .\n\n## Local Development\n\nThe Docker Compose files are configured so that each of the services is available in a different port in `localhost`.\n\nFor the backend and frontend, they use the same port that would be used by their local development server, so, the backend is at `http://localhost:8000` and the frontend at `http://localhost:5173`.\n\nThis way, you could turn off a Docker Compose service and start its local development service, and everything would keep working, because it all uses the same ports.\n\nFor example, you can stop that `frontend` service in the Docker Compose, in another terminal, run:\n\n```bash\ndocker compose stop frontend\n```\n\nAnd then start the local frontend development server:\n\n```bash\nbun run dev\n```\n\nOr you could stop the `backend` Docker Compose service:\n\n```bash\ndocker compose stop backend\n```\n\nAnd then you can run the local development server for the backend:\n\n```bash\ncd backend\nfastapi dev app/main.py\n```\n\n## Docker Compose in `localhost.tiangolo.com`\n\nWhen you start the Docker Compose stack, it uses `localhost` by default, with different ports for each service (backend, frontend, adminer, etc).\n\nWhen you deploy it to production (or staging), it will deploy each service in a different subdomain, like `api.example.com` for the backend and `dashboard.example.com` for the frontend.\n\nIn the guide about [deployment](deployment.md) you can read about Traefik, the configured proxy. That's the component in charge of transmitting traffic to each service based on the subdomain.\n\nIf you want to test that it's all working locally, you can edit the local `.env` file, and change:\n\n```dotenv\nDOMAIN=localhost.tiangolo.com\n```\n\nThat will be used by the Docker Compose files to configure the base domain for the services.\n\nTraefik will use this to transmit traffic at `api.localhost.tiangolo.com` to the backend, and traffic at `dashboard.localhost.tiangolo.com` to the frontend.\n\nThe domain `localhost.tiangolo.com` is a special domain that is configured (with all its subdomains) to point to `127.0.0.1`. This way you can use that for your local development.\n\nAfter you update it, run again:\n\n```bash\ndocker compose watch\n```\n\nWhen deploying, for example in production, the main Traefik is configured outside of the Docker Compose files. For local development, there's an included Traefik in `compose.override.yml`, just to let you test that the domains work as expected, for example with `api.localhost.tiangolo.com` and `dashboard.localhost.tiangolo.com`.\n\n## Docker Compose files and env vars\n\nThere is a main `compose.yml` file with all the configurations that apply to the whole stack, it is used automatically by `docker compose`.\n\nAnd there's also a `compose.override.yml` with overrides for development, for example to mount the source code as a volume. It is used automatically by `docker compose` to apply overrides on top of `compose.yml`.\n\nThese Docker Compose files use the `.env` file containing configurations to be injected as environment variables in the containers.\n\nThey also use some additional configurations taken from environment variables set in the scripts before calling the `docker compose` command.\n\nAfter changing variables, make sure you restart the stack:\n\n```bash\ndocker compose watch\n```\n\n## The .env file\n\nThe `.env` file is the one that contains all your configurations, generated keys and passwords, etc.\n\nDepending on your workflow, you could want to exclude it from Git, for example if your project is public. In that case, you would have to make sure to set up a way for your CI tools to obtain it while building or deploying your project.\n\nOne way to do it could be to add each environment variable to your CI/CD system, and updating the `compose.yml` file to read that specific env var instead of reading the `.env` file.\n\n## Pre-commits and code linting\n\nwe are using a tool called [prek](https://prek.j178.dev/) (modern alternative to [Pre-commit](https://pre-commit.com/)) for code linting and formatting.\n\nWhen you install it, it runs right before making a commit in git. This way it ensures that the code is consistent and formatted even before it is committed.\n\nYou can find a file `.pre-commit-config.yaml` with configurations at the root of the project.\n\n#### Install prek to run automatically\n\n`prek` is already part of the dependencies of the project.\n\nAfter having the `prek` tool installed and available, you need to \"install\" it in the local repository, so that it runs automatically before each commit.\n\nUsing `uv`, you could do it with (make sure you are inside `backend` folder):\n\n```bash\n❯ uv run prek install -f\nprek installed at `../.git/hooks/pre-commit`\n```\n\nThe `-f` flag forces the installation, in case there was already a `pre-commit` hook previously installed.\n\nNow whenever you try to commit, e.g. with:\n\n```bash\ngit commit\n```\n\n...prek will run and check and format the code you are about to commit, and will ask you to add that code (stage it) with git again before committing.\n\nThen you can `git add` the modified/fixed files again and now you can commit.\n\n#### Running prek hooks manually\n\nyou can also run `prek` manually on all the files, you can do it using `uv` with:\n\n```bash\n❯ uv run prek run --all-files\ncheck for added large files..............................................Passed\ncheck toml...............................................................Passed\ncheck yaml...............................................................Passed\nfix end of files.........................................................Passed\ntrim trailing whitespace.................................................Passed\nruff.....................................................................Passed\nruff-format..............................................................Passed\nbiome check..............................................................Passed\n```\n\n## URLs\n\nThe production or staging URLs would use these same paths, but with your own domain.\n\n### Development URLs\n\nDevelopment URLs, for local development.\n\nFrontend: \n\nBackend: \n\nAutomatic Interactive Docs (Swagger UI): \n\nAutomatic Alternative Docs (ReDoc): \n\nAdminer: \n\nTraefik UI: \n\nMailCatcher: \n\n### Development URLs with `localhost.tiangolo.com` Configured\n\nDevelopment URLs, for local development.\n\nFrontend: \n\nBackend: \n\nAutomatic Interactive Docs (Swagger UI): \n\nAutomatic Alternative Docs (ReDoc): \n\nAdminer: \n\nTraefik UI: \n\nMailCatcher: \n" }, { "path": "frontend/.dockerignore", "content": "node_modules\ndist\n" }, { "path": "frontend/.gitignore", "content": "# Logs\nlogs\n*.log\nnpm-debug.log*\nyarn-debug.log*\nyarn-error.log*\npnpm-debug.log*\nlerna-debug.log*\n\nnode_modules\ndist\ndist-ssr\n*.local\nopenapi.json\n\n# Editor directories and files\n.vscode/*\n!.vscode/extensions.json\n.idea\n.DS_Store\n*.suo\n*.ntvs*\n*.njsproj\n*.sln\n*.sw?\n/test-results/\n/playwright-report/\n/blob-report/\n/playwright/.cache/\n/playwright/.auth/\n" }, { "path": "frontend/Dockerfile", "content": "# Stage 0, \"build-stage\", based on Bun, to build and compile the frontend\nFROM oven/bun:1 AS build-stage\n\nWORKDIR /app\n\nCOPY package.json bun.lock /app/\n\nCOPY frontend/package.json /app/frontend/\n\nWORKDIR /app/frontend\n\nRUN bun install\n\nCOPY ./frontend /app/frontend\nARG VITE_API_URL\n\nRUN bun run build\n\n\n# Stage 1, based on Nginx, to have only the compiled app, ready for production with Nginx\nFROM nginx:1\n\nCOPY --from=build-stage /app/frontend/dist/ /usr/share/nginx/html\n\nCOPY ./frontend/nginx.conf /etc/nginx/conf.d/default.conf\nCOPY ./frontend/nginx-backend-not-found.conf /etc/nginx/extra-conf.d/backend-not-found.conf\n" }, { "path": "frontend/Dockerfile.playwright", "content": "FROM mcr.microsoft.com/playwright:v1.58.2-noble\n\nWORKDIR /app\n\nRUN apt-get update && apt-get install -y unzip \\\n && rm -rf /var/lib/apt/lists/*\n\nRUN curl -fsSL https://bun.sh/install | bash\nENV PATH=\"/root/.bun/bin:$PATH\"\n\nCOPY package.json bun.lock /app/\n\nCOPY frontend/package.json /app/frontend/\n\nWORKDIR /app/frontend\n\nRUN bun install\n\nCOPY ./frontend /app/frontend\n\nARG VITE_API_URL\n" }, { "path": "frontend/README.md", "content": "# FastAPI Project - Frontend\n\nThe frontend is built with [Vite](https://vitejs.dev/), [React](https://reactjs.org/), [TypeScript](https://www.typescriptlang.org/), [TanStack Query](https://tanstack.com/query), [TanStack Router](https://tanstack.com/router) and [Tailwind CSS](https://tailwindcss.com/).\n\n## Requirements\n\n- [Bun](https://bun.sh/) (recommended) or [Node.js](https://nodejs.org/)\n\n## Quick Start\n\n```bash\nbun install\nbun run dev\n```\n\n* Then open your browser at http://localhost:5173/.\n\nNotice that this live server is not running inside Docker, it's for local development, and that is the recommended workflow. Once you are happy with your frontend, you can build the frontend Docker image and start it, to test it in a production-like environment. But building the image at every change will not be as productive as running the local development server with live reload.\n\nCheck the file `package.json` to see other available options.\n\n### Removing the frontend\n\nIf you are developing an API-only app and want to remove the frontend, you can do it easily:\n\n* Remove the `./frontend` directory.\n\n* In the `compose.yml` file, remove the whole service / section `frontend`.\n\n* In the `compose.override.yml` file, remove the whole service / section `frontend` and `playwright`.\n\nDone, you have a frontend-less (api-only) app. πŸ€“\n\n---\n\nIf you want, you can also remove the `FRONTEND` environment variables from:\n\n* `.env`\n* `./scripts/*.sh`\n\nBut it would be only to clean them up, leaving them won't really have any effect either way.\n\n## Generate Client\n\n### Automatically\n\n* Activate the backend virtual environment.\n* From the top level project directory, run the script:\n\n```bash\nbash ./scripts/generate-client.sh\n```\n\n* Commit the changes.\n\n### Manually\n\n* Start the Docker Compose stack.\n\n* Download the OpenAPI JSON file from `http://localhost/api/v1/openapi.json` and copy it to a new file `openapi.json` at the root of the `frontend` directory.\n\n* To generate the frontend client, run:\n\n```bash\nbun run generate-client\n```\n\n* Commit the changes.\n\nNotice that everytime the backend changes (changing the OpenAPI schema), you should follow these steps again to update the frontend client.\n\n## Using a Remote API\n\nIf you want to use a remote API, you can set the environment variable `VITE_API_URL` to the URL of the remote API. For example, you can set it in the `frontend/.env` file:\n\n```env\nVITE_API_URL=https://api.my-domain.example.com\n```\n\nThen, when you run the frontend, it will use that URL as the base URL for the API.\n\n## Code Structure\n\nThe frontend code is structured as follows:\n\n* `frontend/src` - The main frontend code.\n* `frontend/src/assets` - Static assets.\n* `frontend/src/client` - The generated OpenAPI client.\n* `frontend/src/components` - The different components of the frontend.\n* `frontend/src/hooks` - Custom hooks.\n* `frontend/src/routes` - The different routes of the frontend which include the pages.\n\n## End-to-End Testing with Playwright\n\nThe frontend includes initial end-to-end tests using Playwright. To run the tests, you need to have the Docker Compose stack running. Start the stack with the following command:\n\n```bash\ndocker compose up -d --wait backend\n```\n\nThen, you can run the tests with the following command:\n\n```bash\nbunx playwright test\n```\n\nYou can also run your tests in UI mode to see the browser and interact with it running:\n\n```bash\nbunx playwright test --ui\n```\n\nTo stop and remove the Docker Compose stack and clean the data created in tests, use the following command:\n\n```bash\ndocker compose down -v\n```\n\nTo update the tests, navigate to the tests directory and modify the existing test files or add new ones as needed.\n\nFor more information on writing and running Playwright tests, refer to the official [Playwright documentation](https://playwright.dev/docs/intro).\n" }, { "path": "frontend/biome.json", "content": "{\n \"$schema\": \"https://biomejs.dev/schemas/2.3.14/schema.json\",\n \"assist\": { \"actions\": { \"source\": { \"organizeImports\": \"on\" } } },\n \"files\": {\n \"includes\": [\n \"**\",\n \"!**/dist/**/*\",\n \"!**/node_modules/**/*\",\n \"!**/src/routeTree.gen.ts\",\n \"!**/src/client/**/*\",\n \"!**/src/components/ui/**/*\",\n \"!**/playwright-report\",\n \"!**/playwright.config.ts\"\n ]\n },\n \"linter\": {\n \"enabled\": true,\n \"rules\": {\n \"recommended\": true,\n \"suspicious\": {\n \"noExplicitAny\": \"off\",\n \"noArrayIndexKey\": \"off\"\n },\n \"style\": {\n \"noNonNullAssertion\": \"off\",\n \"noParameterAssign\": \"error\",\n \"useSelfClosingElements\": \"error\",\n \"noUselessElse\": \"error\"\n }\n }\n },\n \"formatter\": {\n \"indentStyle\": \"space\"\n },\n \"javascript\": {\n \"formatter\": {\n \"quoteStyle\": \"double\",\n \"semicolons\": \"asNeeded\"\n }\n },\n \"css\": {\n \"parser\": {\n \"tailwindDirectives\": true\n }\n }\n}\n" }, { "path": "frontend/components.json", "content": "{\n \"$schema\": \"https://ui.shadcn.com/schema.json\",\n \"style\": \"new-york\",\n \"rsc\": false,\n \"tsx\": true,\n \"tailwind\": {\n \"config\": \"\",\n \"css\": \"src/index.css\",\n \"baseColor\": \"neutral\",\n \"cssVariables\": true,\n \"prefix\": \"\"\n },\n \"iconLibrary\": \"lucide\",\n \"aliases\": {\n \"components\": \"@/components\",\n \"utils\": \"@/lib/utils\",\n \"ui\": \"@/components/ui\",\n \"lib\": \"@/lib\",\n \"hooks\": \"@/hooks\"\n },\n \"registries\": {}\n}\n" }, { "path": "frontend/index.html", "content": "\n\n \n \n \n \n Full Stack FastAPI Project\n \n \n \n
\n \n \n\n" }, { "path": "frontend/nginx-backend-not-found.conf", "content": "location /api {\n return 404;\n}\nlocation /docs {\n return 404;\n}\nlocation /redoc {\n return 404;\n}\n" }, { "path": "frontend/nginx.conf", "content": "server {\n listen 80;\n\n location / {\n root /usr/share/nginx/html;\n index index.html index.htm;\n try_files $uri /index.html =404;\n }\n\n include /etc/nginx/extra-conf.d/*.conf;\n}\n" }, { "path": "frontend/openapi-ts.config.ts", "content": "import { defineConfig } from \"@hey-api/openapi-ts\"\n\nexport default defineConfig({\n input: \"./openapi.json\",\n output: \"./src/client\",\n\n plugins: [\n \"legacy/axios\",\n {\n name: \"@hey-api/sdk\",\n // NOTE: this doesn't allow tree-shaking\n asClass: true,\n operationId: true,\n classNameBuilder: \"{{name}}Service\",\n methodNameBuilder: (operation) => {\n // @ts-expect-error\n let name: string = operation.name\n // @ts-expect-error\n const service: string = operation.service\n\n if (service && name.toLowerCase().startsWith(service.toLowerCase())) {\n name = name.slice(service.length)\n }\n\n return name.charAt(0).toLowerCase() + name.slice(1)\n },\n },\n {\n name: \"@hey-api/schemas\",\n type: \"json\",\n },\n ],\n})\n" }, { "path": "frontend/package.json", "content": "{\n \"name\": \"frontend\",\n \"private\": true,\n \"version\": \"0.0.0\",\n \"type\": \"module\",\n \"scripts\": {\n \"dev\": \"vite\",\n \"build\": \"tsc -p tsconfig.build.json && vite build\",\n \"lint\": \"biome check --write --unsafe --no-errors-on-unmatched --files-ignore-unknown=true ./\",\n \"preview\": \"vite preview\",\n \"generate-client\": \"openapi-ts\",\n \"test\": \"bunx playwright test\",\n \"test:ui\": \"bunx playwright test --ui\"\n },\n \"dependencies\": {\n \"@hookform/resolvers\": \"^5.2.2\",\n \"@radix-ui/react-avatar\": \"^1.1.11\",\n \"@radix-ui/react-checkbox\": \"^1.3.3\",\n \"@radix-ui/react-dialog\": \"^1.1.15\",\n \"@radix-ui/react-dropdown-menu\": \"^2.1.16\",\n \"@radix-ui/react-label\": \"^2.1.8\",\n \"@radix-ui/react-radio-group\": \"^1.3.8\",\n \"@radix-ui/react-scroll-area\": \"^1.2.10\",\n \"@radix-ui/react-select\": \"^2.2.6\",\n \"@radix-ui/react-separator\": \"^1.1.8\",\n \"@radix-ui/react-slot\": \"^1.2.4\",\n \"@radix-ui/react-tabs\": \"^1.1.13\",\n \"@radix-ui/react-tooltip\": \"^1.2.8\",\n \"@tailwindcss/vite\": \"^4.1.18\",\n \"@tanstack/react-query\": \"^5.90.21\",\n \"@tanstack/react-query-devtools\": \"^5.91.1\",\n \"@tanstack/react-router\": \"^1.163.3\",\n \"@tanstack/react-router-devtools\": \"^1.163.3\",\n \"@tanstack/react-table\": \"^8.21.3\",\n \"axios\": \"1.13.5\",\n \"class-variance-authority\": \"^0.7.1\",\n \"clsx\": \"^2.1.1\",\n \"form-data\": \"4.0.5\",\n \"lucide-react\": \"^0.563.0\",\n \"next-themes\": \"^0.4.6\",\n \"react\": \"^19.1.1\",\n \"react-dom\": \"^19.2.3\",\n \"react-error-boundary\": \"^6.0.0\",\n \"react-hook-form\": \"^7.68.0\",\n \"react-icons\": \"^5.5.0\",\n \"sonner\": \"^2.0.7\",\n \"tailwind-merge\": \"^3.4.0\",\n \"tailwindcss\": \"^4.2.1\",\n \"zod\": \"^4.3.6\"\n },\n \"devDependencies\": {\n \"@biomejs/biome\": \"^2.3.14\",\n \"@hey-api/openapi-ts\": \"0.73.0\",\n \"@playwright/test\": \"1.58.2\",\n \"@tanstack/router-devtools\": \"^1.166.7\",\n \"@tanstack/router-plugin\": \"^1.140.0\",\n \"@types/node\": \"^25.5.0\",\n \"@types/react\": \"^19.2.7\",\n \"@types/react-dom\": \"^19.2.3\",\n \"@vitejs/plugin-react-swc\": \"^4.2.3\",\n \"dotenv\": \"^17.3.1\",\n \"tw-animate-css\": \"^1.4.0\",\n \"typescript\": \"^5.9.3\",\n \"vite\": \"^7.3.0\"\n }\n}\n" }, { "path": "frontend/playwright.config.ts", "content": "import { defineConfig, devices } from '@playwright/test';\nimport 'dotenv/config'\n\n/**\n * Read environment variables from file.\n * https://github.com/motdotla/dotenv\n */\n\n/**\n * See https://playwright.dev/docs/test-configuration.\n */\nexport default defineConfig({\n testDir: './tests',\n /* Run tests in files in parallel */\n fullyParallel: true,\n /* Fail the build on CI if you accidentally left test.only in the source code. */\n forbidOnly: !!process.env.CI,\n /* Retry on CI only */\n retries: process.env.CI ? 2 : 0,\n /* Opt out of parallel tests on CI. */\n workers: process.env.CI ? 1 : undefined,\n /* Reporter to use. See https://playwright.dev/docs/test-reporters */\n reporter: process.env.CI ? 'blob' : 'html',\n /* Shared settings for all the projects below. See https://playwright.dev/docs/api/class-testoptions. */\n use: {\n /* Base URL to use in actions like `await page.goto('/')`. */\n baseURL: 'http://localhost:5173',\n\n /* Collect trace when retrying the failed test. See https://playwright.dev/docs/trace-viewer */\n trace: 'on-first-retry',\n },\n\n /* Configure projects for major browsers */\n projects: [\n { name: 'setup', testMatch: /.*\\.setup\\.ts/ },\n\n {\n name: 'chromium',\n use: {\n ...devices['Desktop Chrome'],\n storageState: 'playwright/.auth/user.json',\n },\n dependencies: ['setup'],\n },\n\n // {\n // name: 'firefox',\n // use: {\n // ...devices['Desktop Firefox'],\n // storageState: 'playwright/.auth/user.json',\n // },\n // dependencies: ['setup'],\n // },\n\n // {\n // name: 'webkit',\n // use: {\n // ...devices['Desktop Safari'],\n // storageState: 'playwright/.auth/user.json',\n // },\n // dependencies: ['setup'],\n // },\n\n /* Test against mobile viewports. */\n // {\n // name: 'Mobile Chrome',\n // use: { ...devices['Pixel 5'] },\n // },\n // {\n // name: 'Mobile Safari',\n // use: { ...devices['iPhone 12'] },\n // },\n\n /* Test against branded browsers. */\n // {\n // name: 'Microsoft Edge',\n // use: { ...devices['Desktop Edge'], channel: 'msedge' },\n // },\n // {\n // name: 'Google Chrome',\n // use: { ...devices['Desktop Chrome'], channel: 'chrome' },\n // },\n ],\n\n /* Run your local dev server before starting the tests */\n webServer: {\n command: 'bun run dev',\n url: 'http://localhost:5173',\n reuseExistingServer: !process.env.CI,\n },\n});\n" }, { "path": "frontend/src/client/core/ApiError.ts", "content": "import type { ApiRequestOptions } from './ApiRequestOptions';\nimport type { ApiResult } from './ApiResult';\n\nexport class ApiError extends Error {\n\tpublic readonly url: string;\n\tpublic readonly status: number;\n\tpublic readonly statusText: string;\n\tpublic readonly body: unknown;\n\tpublic readonly request: ApiRequestOptions;\n\n\tconstructor(request: ApiRequestOptions, response: ApiResult, message: string) {\n\t\tsuper(message);\n\n\t\tthis.name = 'ApiError';\n\t\tthis.url = response.url;\n\t\tthis.status = response.status;\n\t\tthis.statusText = response.statusText;\n\t\tthis.body = response.body;\n\t\tthis.request = request;\n\t}\n}" }, { "path": "frontend/src/client/core/ApiRequestOptions.ts", "content": "export type ApiRequestOptions = {\n\treadonly body?: any;\n\treadonly cookies?: Record;\n\treadonly errors?: Record;\n\treadonly formData?: Record | any[] | Blob | File;\n\treadonly headers?: Record;\n\treadonly mediaType?: string;\n\treadonly method:\n\t\t| 'DELETE'\n\t\t| 'GET'\n\t\t| 'HEAD'\n\t\t| 'OPTIONS'\n\t\t| 'PATCH'\n\t\t| 'POST'\n\t\t| 'PUT';\n\treadonly path?: Record;\n\treadonly query?: Record;\n\treadonly responseHeader?: string;\n\treadonly responseTransformer?: (data: unknown) => Promise;\n\treadonly url: string;\n};" }, { "path": "frontend/src/client/core/ApiResult.ts", "content": "export type ApiResult = {\n\treadonly body: TData;\n\treadonly ok: boolean;\n\treadonly status: number;\n\treadonly statusText: string;\n\treadonly url: string;\n};" }, { "path": "frontend/src/client/core/CancelablePromise.ts", "content": "export class CancelError extends Error {\n\tconstructor(message: string) {\n\t\tsuper(message);\n\t\tthis.name = 'CancelError';\n\t}\n\n\tpublic get isCancelled(): boolean {\n\t\treturn true;\n\t}\n}\n\nexport interface OnCancel {\n\treadonly isResolved: boolean;\n\treadonly isRejected: boolean;\n\treadonly isCancelled: boolean;\n\n\t(cancelHandler: () => void): void;\n}\n\nexport class CancelablePromise implements Promise {\n\tprivate _isResolved: boolean;\n\tprivate _isRejected: boolean;\n\tprivate _isCancelled: boolean;\n\treadonly cancelHandlers: (() => void)[];\n\treadonly promise: Promise;\n\tprivate _resolve?: (value: T | PromiseLike) => void;\n\tprivate _reject?: (reason?: unknown) => void;\n\n\tconstructor(\n\t\texecutor: (\n\t\t\tresolve: (value: T | PromiseLike) => void,\n\t\t\treject: (reason?: unknown) => void,\n\t\t\tonCancel: OnCancel\n\t\t) => void\n\t) {\n\t\tthis._isResolved = false;\n\t\tthis._isRejected = false;\n\t\tthis._isCancelled = false;\n\t\tthis.cancelHandlers = [];\n\t\tthis.promise = new Promise((resolve, reject) => {\n\t\t\tthis._resolve = resolve;\n\t\t\tthis._reject = reject;\n\n\t\t\tconst onResolve = (value: T | PromiseLike): void => {\n\t\t\t\tif (this._isResolved || this._isRejected || this._isCancelled) {\n\t\t\t\t\treturn;\n\t\t\t\t}\n\t\t\t\tthis._isResolved = true;\n\t\t\t\tif (this._resolve) this._resolve(value);\n\t\t\t};\n\n\t\t\tconst onReject = (reason?: unknown): void => {\n\t\t\t\tif (this._isResolved || this._isRejected || this._isCancelled) {\n\t\t\t\t\treturn;\n\t\t\t\t}\n\t\t\t\tthis._isRejected = true;\n\t\t\t\tif (this._reject) this._reject(reason);\n\t\t\t};\n\n\t\t\tconst onCancel = (cancelHandler: () => void): void => {\n\t\t\t\tif (this._isResolved || this._isRejected || this._isCancelled) {\n\t\t\t\t\treturn;\n\t\t\t\t}\n\t\t\t\tthis.cancelHandlers.push(cancelHandler);\n\t\t\t};\n\n\t\t\tObject.defineProperty(onCancel, 'isResolved', {\n\t\t\t\tget: (): boolean => this._isResolved,\n\t\t\t});\n\n\t\t\tObject.defineProperty(onCancel, 'isRejected', {\n\t\t\t\tget: (): boolean => this._isRejected,\n\t\t\t});\n\n\t\t\tObject.defineProperty(onCancel, 'isCancelled', {\n\t\t\t\tget: (): boolean => this._isCancelled,\n\t\t\t});\n\n\t\t\treturn executor(onResolve, onReject, onCancel as OnCancel);\n\t\t});\n\t}\n\n\tget [Symbol.toStringTag]() {\n\t\treturn \"Cancellable Promise\";\n\t}\n\n\tpublic then(\n\t\tonFulfilled?: ((value: T) => TResult1 | PromiseLike) | null,\n\t\tonRejected?: ((reason: unknown) => TResult2 | PromiseLike) | null\n\t): Promise {\n\t\treturn this.promise.then(onFulfilled, onRejected);\n\t}\n\n\tpublic catch(\n\t\tonRejected?: ((reason: unknown) => TResult | PromiseLike) | null\n\t): Promise {\n\t\treturn this.promise.catch(onRejected);\n\t}\n\n\tpublic finally(onFinally?: (() => void) | null): Promise {\n\t\treturn this.promise.finally(onFinally);\n\t}\n\n\tpublic cancel(): void {\n\t\tif (this._isResolved || this._isRejected || this._isCancelled) {\n\t\t\treturn;\n\t\t}\n\t\tthis._isCancelled = true;\n\t\tif (this.cancelHandlers.length) {\n\t\t\ttry {\n\t\t\t\tfor (const cancelHandler of this.cancelHandlers) {\n\t\t\t\t\tcancelHandler();\n\t\t\t\t}\n\t\t\t} catch (error) {\n\t\t\t\tconsole.warn('Cancellation threw an error', error);\n\t\t\t\treturn;\n\t\t\t}\n\t\t}\n\t\tthis.cancelHandlers.length = 0;\n\t\tif (this._reject) this._reject(new CancelError('Request aborted'));\n\t}\n\n\tpublic get isCancelled(): boolean {\n\t\treturn this._isCancelled;\n\t}\n}" }, { "path": "frontend/src/client/core/OpenAPI.ts", "content": "import type { AxiosRequestConfig, AxiosResponse } from 'axios';\nimport type { ApiRequestOptions } from './ApiRequestOptions';\n\ntype Headers = Record;\ntype Middleware = (value: T) => T | Promise;\ntype Resolver = (options: ApiRequestOptions) => Promise;\n\nexport class Interceptors {\n _fns: Middleware[];\n\n constructor() {\n this._fns = [];\n }\n\n eject(fn: Middleware): void {\n const index = this._fns.indexOf(fn);\n if (index !== -1) {\n this._fns = [...this._fns.slice(0, index), ...this._fns.slice(index + 1)];\n }\n }\n\n use(fn: Middleware): void {\n this._fns = [...this._fns, fn];\n }\n}\n\nexport type OpenAPIConfig = {\n\tBASE: string;\n\tCREDENTIALS: 'include' | 'omit' | 'same-origin';\n\tENCODE_PATH?: ((path: string) => string) | undefined;\n\tHEADERS?: Headers | Resolver | undefined;\n\tPASSWORD?: string | Resolver | undefined;\n\tTOKEN?: string | Resolver | undefined;\n\tUSERNAME?: string | Resolver | undefined;\n\tVERSION: string;\n\tWITH_CREDENTIALS: boolean;\n\tinterceptors: {\n\t\trequest: Interceptors;\n\t\tresponse: Interceptors;\n\t};\n};\n\nexport const OpenAPI: OpenAPIConfig = {\n\tBASE: '',\n\tCREDENTIALS: 'include',\n\tENCODE_PATH: undefined,\n\tHEADERS: undefined,\n\tPASSWORD: undefined,\n\tTOKEN: undefined,\n\tUSERNAME: undefined,\n\tVERSION: '0.1.0',\n\tWITH_CREDENTIALS: false,\n\tinterceptors: {\n\t\trequest: new Interceptors(),\n\t\tresponse: new Interceptors(),\n\t},\n};" }, { "path": "frontend/src/client/core/request.ts", "content": "import axios from 'axios';\nimport type { AxiosError, AxiosRequestConfig, AxiosResponse, AxiosInstance } from 'axios';\n\nimport { ApiError } from './ApiError';\nimport type { ApiRequestOptions } from './ApiRequestOptions';\nimport type { ApiResult } from './ApiResult';\nimport { CancelablePromise } from './CancelablePromise';\nimport type { OnCancel } from './CancelablePromise';\nimport type { OpenAPIConfig } from './OpenAPI';\n\nexport const isString = (value: unknown): value is string => {\n\treturn typeof value === 'string';\n};\n\nexport const isStringWithValue = (value: unknown): value is string => {\n\treturn isString(value) && value !== '';\n};\n\nexport const isBlob = (value: any): value is Blob => {\n\treturn value instanceof Blob;\n};\n\nexport const isFormData = (value: unknown): value is FormData => {\n\treturn value instanceof FormData;\n};\n\nexport const isSuccess = (status: number): boolean => {\n\treturn status >= 200 && status < 300;\n};\n\nexport const base64 = (str: string): string => {\n\ttry {\n\t\treturn btoa(str);\n\t} catch (err) {\n\t\t// @ts-ignore\n\t\treturn Buffer.from(str).toString('base64');\n\t}\n};\n\nexport const getQueryString = (params: Record): string => {\n\tconst qs: string[] = [];\n\n\tconst append = (key: string, value: unknown) => {\n\t\tqs.push(`${encodeURIComponent(key)}=${encodeURIComponent(String(value))}`);\n\t};\n\n\tconst encodePair = (key: string, value: unknown) => {\n\t\tif (value === undefined || value === null) {\n\t\t\treturn;\n\t\t}\n\n\t\tif (value instanceof Date) {\n\t\t\tappend(key, value.toISOString());\n\t\t} else if (Array.isArray(value)) {\n\t\t\tvalue.forEach(v => encodePair(key, v));\n\t\t} else if (typeof value === 'object') {\n\t\t\tObject.entries(value).forEach(([k, v]) => encodePair(`${key}[${k}]`, v));\n\t\t} else {\n\t\t\tappend(key, value);\n\t\t}\n\t};\n\n\tObject.entries(params).forEach(([key, value]) => encodePair(key, value));\n\n\treturn qs.length ? `?${qs.join('&')}` : '';\n};\n\nconst getUrl = (config: OpenAPIConfig, options: ApiRequestOptions): string => {\n\tconst encoder = config.ENCODE_PATH || encodeURI;\n\n\tconst path = options.url\n\t\t.replace('{api-version}', config.VERSION)\n\t\t.replace(/{(.*?)}/g, (substring: string, group: string) => {\n\t\t\tif (options.path?.hasOwnProperty(group)) {\n\t\t\t\treturn encoder(String(options.path[group]));\n\t\t\t}\n\t\t\treturn substring;\n\t\t});\n\n\tconst url = config.BASE + path;\n\treturn options.query ? url + getQueryString(options.query) : url;\n};\n\nexport const getFormData = (options: ApiRequestOptions): FormData | undefined => {\n\tif (options.formData) {\n\t\tconst formData = new FormData();\n\n\t\tconst process = (key: string, value: unknown) => {\n\t\t\tif (isString(value) || isBlob(value)) {\n\t\t\t\tformData.append(key, value);\n\t\t\t} else {\n\t\t\t\tformData.append(key, JSON.stringify(value));\n\t\t\t}\n\t\t};\n\n\t\tObject.entries(options.formData)\n\t\t\t.filter(([, value]) => value !== undefined && value !== null)\n\t\t\t.forEach(([key, value]) => {\n\t\t\t\tif (Array.isArray(value)) {\n\t\t\t\t\tvalue.forEach(v => process(key, v));\n\t\t\t\t} else {\n\t\t\t\t\tprocess(key, value);\n\t\t\t\t}\n\t\t\t});\n\n\t\treturn formData;\n\t}\n\treturn undefined;\n};\n\ntype Resolver = (options: ApiRequestOptions) => Promise;\n\nexport const resolve = async (options: ApiRequestOptions, resolver?: T | Resolver): Promise => {\n\tif (typeof resolver === 'function') {\n\t\treturn (resolver as Resolver)(options);\n\t}\n\treturn resolver;\n};\n\nexport const getHeaders = async (config: OpenAPIConfig, options: ApiRequestOptions): Promise> => {\n\tconst [token, username, password, additionalHeaders] = await Promise.all([\n\t\t// @ts-ignore\n\t\tresolve(options, config.TOKEN),\n\t\t// @ts-ignore\n\t\tresolve(options, config.USERNAME),\n\t\t// @ts-ignore\n\t\tresolve(options, config.PASSWORD),\n\t\t// @ts-ignore\n\t\tresolve(options, config.HEADERS),\n\t]);\n\n\tconst headers = Object.entries({\n\t\tAccept: 'application/json',\n\t\t...additionalHeaders,\n\t\t...options.headers,\n\t})\n\t.filter(([, value]) => value !== undefined && value !== null)\n\t.reduce((headers, [key, value]) => ({\n\t\t...headers,\n\t\t[key]: String(value),\n\t}), {} as Record);\n\n\tif (isStringWithValue(token)) {\n\t\theaders['Authorization'] = `Bearer ${token}`;\n\t}\n\n\tif (isStringWithValue(username) && isStringWithValue(password)) {\n\t\tconst credentials = base64(`${username}:${password}`);\n\t\theaders['Authorization'] = `Basic ${credentials}`;\n\t}\n\n\tif (options.body !== undefined) {\n\t\tif (options.mediaType) {\n\t\t\theaders['Content-Type'] = options.mediaType;\n\t\t} else if (isBlob(options.body)) {\n\t\t\theaders['Content-Type'] = options.body.type || 'application/octet-stream';\n\t\t} else if (isString(options.body)) {\n\t\t\theaders['Content-Type'] = 'text/plain';\n\t\t} else if (!isFormData(options.body)) {\n\t\t\theaders['Content-Type'] = 'application/json';\n\t\t}\n\t} else if (options.formData !== undefined) {\n\t\tif (options.mediaType) {\n\t\t\theaders['Content-Type'] = options.mediaType;\n\t\t}\n\t}\n\n\treturn headers;\n};\n\nexport const getRequestBody = (options: ApiRequestOptions): unknown => {\n\tif (options.body) {\n\t\treturn options.body;\n\t}\n\treturn undefined;\n};\n\nexport const sendRequest = async (\n\tconfig: OpenAPIConfig,\n\toptions: ApiRequestOptions,\n\turl: string,\n\tbody: unknown,\n\tformData: FormData | undefined,\n\theaders: Record,\n\tonCancel: OnCancel,\n\taxiosClient: AxiosInstance\n): Promise> => {\n\tconst controller = new AbortController();\n\n\tlet requestConfig: AxiosRequestConfig = {\n\t\tdata: body ?? formData,\n\t\theaders,\n\t\tmethod: options.method,\n\t\tsignal: controller.signal,\n\t\turl,\n\t\twithCredentials: config.WITH_CREDENTIALS,\n\t};\n\n\tonCancel(() => controller.abort());\n\n\tfor (const fn of config.interceptors.request._fns) {\n\t\trequestConfig = await fn(requestConfig);\n\t}\n\n\ttry {\n\t\treturn await axiosClient.request(requestConfig);\n\t} catch (error) {\n\t\tconst axiosError = error as AxiosError;\n\t\tif (axiosError.response) {\n\t\t\treturn axiosError.response;\n\t\t}\n\t\tthrow error;\n\t}\n};\n\nexport const getResponseHeader = (response: AxiosResponse, responseHeader?: string): string | undefined => {\n\tif (responseHeader) {\n\t\tconst content = response.headers[responseHeader];\n\t\tif (isString(content)) {\n\t\t\treturn content;\n\t\t}\n\t}\n\treturn undefined;\n};\n\nexport const getResponseBody = (response: AxiosResponse): unknown => {\n\tif (response.status !== 204) {\n\t\treturn response.data;\n\t}\n\treturn undefined;\n};\n\nexport const catchErrorCodes = (options: ApiRequestOptions, result: ApiResult): void => {\n\tconst errors: Record = {\n\t\t400: 'Bad Request',\n\t\t401: 'Unauthorized',\n\t\t402: 'Payment Required',\n\t\t403: 'Forbidden',\n\t\t404: 'Not Found',\n\t\t405: 'Method Not Allowed',\n\t\t406: 'Not Acceptable',\n\t\t407: 'Proxy Authentication Required',\n\t\t408: 'Request Timeout',\n\t\t409: 'Conflict',\n\t\t410: 'Gone',\n\t\t411: 'Length Required',\n\t\t412: 'Precondition Failed',\n\t\t413: 'Payload Too Large',\n\t\t414: 'URI Too Long',\n\t\t415: 'Unsupported Media Type',\n\t\t416: 'Range Not Satisfiable',\n\t\t417: 'Expectation Failed',\n\t\t418: 'Im a teapot',\n\t\t421: 'Misdirected Request',\n\t\t422: 'Unprocessable Content',\n\t\t423: 'Locked',\n\t\t424: 'Failed Dependency',\n\t\t425: 'Too Early',\n\t\t426: 'Upgrade Required',\n\t\t428: 'Precondition Required',\n\t\t429: 'Too Many Requests',\n\t\t431: 'Request Header Fields Too Large',\n\t\t451: 'Unavailable For Legal Reasons',\n\t\t500: 'Internal Server Error',\n\t\t501: 'Not Implemented',\n\t\t502: 'Bad Gateway',\n\t\t503: 'Service Unavailable',\n\t\t504: 'Gateway Timeout',\n\t\t505: 'HTTP Version Not Supported',\n\t\t506: 'Variant Also Negotiates',\n\t\t507: 'Insufficient Storage',\n\t\t508: 'Loop Detected',\n\t\t510: 'Not Extended',\n\t\t511: 'Network Authentication Required',\n\t\t...options.errors,\n\t}\n\n\tconst error = errors[result.status];\n\tif (error) {\n\t\tthrow new ApiError(options, result, error);\n\t}\n\n\tif (!result.ok) {\n\t\tconst errorStatus = result.status ?? 'unknown';\n\t\tconst errorStatusText = result.statusText ?? 'unknown';\n\t\tconst errorBody = (() => {\n\t\t\ttry {\n\t\t\t\treturn JSON.stringify(result.body, null, 2);\n\t\t\t} catch (e) {\n\t\t\t\treturn undefined;\n\t\t\t}\n\t\t})();\n\n\t\tthrow new ApiError(options, result,\n\t\t\t`Generic Error: status: ${errorStatus}; status text: ${errorStatusText}; body: ${errorBody}`\n\t\t);\n\t}\n};\n\n/**\n * Request method\n * @param config The OpenAPI configuration object\n * @param options The request options from the service\n * @param axiosClient The axios client instance to use\n * @returns CancelablePromise\n * @throws ApiError\n */\nexport const request = (config: OpenAPIConfig, options: ApiRequestOptions, axiosClient: AxiosInstance = axios): CancelablePromise => {\n\treturn new CancelablePromise(async (resolve, reject, onCancel) => {\n\t\ttry {\n\t\t\tconst url = getUrl(config, options);\n\t\t\tconst formData = getFormData(options);\n\t\t\tconst body = getRequestBody(options);\n\t\t\tconst headers = await getHeaders(config, options);\n\n\t\t\tif (!onCancel.isCancelled) {\n\t\t\t\tlet response = await sendRequest(config, options, url, body, formData, headers, onCancel, axiosClient);\n\n\t\t\t\tfor (const fn of config.interceptors.response._fns) {\n\t\t\t\t\tresponse = await fn(response);\n\t\t\t\t}\n\n\t\t\t\tconst responseBody = getResponseBody(response);\n\t\t\t\tconst responseHeader = getResponseHeader(response, options.responseHeader);\n\n\t\t\t\tlet transformedBody = responseBody;\n\t\t\t\tif (options.responseTransformer && isSuccess(response.status)) {\n\t\t\t\t\ttransformedBody = await options.responseTransformer(responseBody)\n\t\t\t\t}\n\n\t\t\t\tconst result: ApiResult = {\n\t\t\t\t\turl,\n\t\t\t\t\tok: isSuccess(response.status),\n\t\t\t\t\tstatus: response.status,\n\t\t\t\t\tstatusText: response.statusText,\n\t\t\t\t\tbody: responseHeader ?? transformedBody,\n\t\t\t\t};\n\n\t\t\t\tcatchErrorCodes(options, result);\n\n\t\t\t\tresolve(result.body);\n\t\t\t}\n\t\t} catch (error) {\n\t\t\treject(error);\n\t\t}\n\t});\n};" }, { "path": "frontend/src/client/index.ts", "content": "// This file is auto-generated by @hey-api/openapi-ts\nexport { ApiError } from './core/ApiError';\nexport { CancelablePromise, CancelError } from './core/CancelablePromise';\nexport { OpenAPI, type OpenAPIConfig } from './core/OpenAPI';\nexport * from './sdk.gen';\nexport * from './types.gen';" }, { "path": "frontend/src/client/schemas.gen.ts", "content": "// This file is auto-generated by @hey-api/openapi-ts\n\nexport const Body_login_login_access_tokenSchema = {\n properties: {\n grant_type: {\n anyOf: [\n {\n type: 'string',\n pattern: '^password$'\n },\n {\n type: 'null'\n }\n ],\n title: 'Grant Type'\n },\n username: {\n type: 'string',\n title: 'Username'\n },\n password: {\n type: 'string',\n format: 'password',\n title: 'Password'\n },\n scope: {\n type: 'string',\n title: 'Scope',\n default: ''\n },\n client_id: {\n anyOf: [\n {\n type: 'string'\n },\n {\n type: 'null'\n }\n ],\n title: 'Client Id'\n },\n client_secret: {\n anyOf: [\n {\n type: 'string'\n },\n {\n type: 'null'\n }\n ],\n format: 'password',\n title: 'Client Secret'\n }\n },\n type: 'object',\n required: ['username', 'password'],\n title: 'Body_login-login_access_token'\n} as const;\n\nexport const HTTPValidationErrorSchema = {\n properties: {\n detail: {\n items: {\n '$ref': '#/components/schemas/ValidationError'\n },\n type: 'array',\n title: 'Detail'\n }\n },\n type: 'object',\n title: 'HTTPValidationError'\n} as const;\n\nexport const ItemCreateSchema = {\n properties: {\n title: {\n type: 'string',\n maxLength: 255,\n minLength: 1,\n title: 'Title'\n },\n description: {\n anyOf: [\n {\n type: 'string',\n maxLength: 255\n },\n {\n type: 'null'\n }\n ],\n title: 'Description'\n }\n },\n type: 'object',\n required: ['title'],\n title: 'ItemCreate'\n} as const;\n\nexport const ItemPublicSchema = {\n properties: {\n title: {\n type: 'string',\n maxLength: 255,\n minLength: 1,\n title: 'Title'\n },\n description: {\n anyOf: [\n {\n type: 'string',\n maxLength: 255\n },\n {\n type: 'null'\n }\n ],\n title: 'Description'\n },\n id: {\n type: 'string',\n format: 'uuid',\n title: 'Id'\n },\n owner_id: {\n type: 'string',\n format: 'uuid',\n title: 'Owner Id'\n },\n created_at: {\n anyOf: [\n {\n type: 'string',\n format: 'date-time'\n },\n {\n type: 'null'\n }\n ],\n title: 'Created At'\n }\n },\n type: 'object',\n required: ['title', 'id', 'owner_id'],\n title: 'ItemPublic'\n} as const;\n\nexport const ItemUpdateSchema = {\n properties: {\n title: {\n anyOf: [\n {\n type: 'string',\n maxLength: 255,\n minLength: 1\n },\n {\n type: 'null'\n }\n ],\n title: 'Title'\n },\n description: {\n anyOf: [\n {\n type: 'string',\n maxLength: 255\n },\n {\n type: 'null'\n }\n ],\n title: 'Description'\n }\n },\n type: 'object',\n title: 'ItemUpdate'\n} as const;\n\nexport const ItemsPublicSchema = {\n properties: {\n data: {\n items: {\n '$ref': '#/components/schemas/ItemPublic'\n },\n type: 'array',\n title: 'Data'\n },\n count: {\n type: 'integer',\n title: 'Count'\n }\n },\n type: 'object',\n required: ['data', 'count'],\n title: 'ItemsPublic'\n} as const;\n\nexport const MessageSchema = {\n properties: {\n message: {\n type: 'string',\n title: 'Message'\n }\n },\n type: 'object',\n required: ['message'],\n title: 'Message'\n} as const;\n\nexport const NewPasswordSchema = {\n properties: {\n token: {\n type: 'string',\n title: 'Token'\n },\n new_password: {\n type: 'string',\n maxLength: 128,\n minLength: 8,\n title: 'New Password'\n }\n },\n type: 'object',\n required: ['token', 'new_password'],\n title: 'NewPassword'\n} as const;\n\nexport const PrivateUserCreateSchema = {\n properties: {\n email: {\n type: 'string',\n title: 'Email'\n },\n password: {\n type: 'string',\n title: 'Password'\n },\n full_name: {\n type: 'string',\n title: 'Full Name'\n },\n is_verified: {\n type: 'boolean',\n title: 'Is Verified',\n default: false\n }\n },\n type: 'object',\n required: ['email', 'password', 'full_name'],\n title: 'PrivateUserCreate'\n} as const;\n\nexport const TokenSchema = {\n properties: {\n access_token: {\n type: 'string',\n title: 'Access Token'\n },\n token_type: {\n type: 'string',\n title: 'Token Type',\n default: 'bearer'\n }\n },\n type: 'object',\n required: ['access_token'],\n title: 'Token'\n} as const;\n\nexport const UpdatePasswordSchema = {\n properties: {\n current_password: {\n type: 'string',\n maxLength: 128,\n minLength: 8,\n title: 'Current Password'\n },\n new_password: {\n type: 'string',\n maxLength: 128,\n minLength: 8,\n title: 'New Password'\n }\n },\n type: 'object',\n required: ['current_password', 'new_password'],\n title: 'UpdatePassword'\n} as const;\n\nexport const UserCreateSchema = {\n properties: {\n email: {\n type: 'string',\n maxLength: 255,\n format: 'email',\n title: 'Email'\n },\n is_active: {\n type: 'boolean',\n title: 'Is Active',\n default: true\n },\n is_superuser: {\n type: 'boolean',\n title: 'Is Superuser',\n default: false\n },\n full_name: {\n anyOf: [\n {\n type: 'string',\n maxLength: 255\n },\n {\n type: 'null'\n }\n ],\n title: 'Full Name'\n },\n password: {\n type: 'string',\n maxLength: 128,\n minLength: 8,\n title: 'Password'\n }\n },\n type: 'object',\n required: ['email', 'password'],\n title: 'UserCreate'\n} as const;\n\nexport const UserPublicSchema = {\n properties: {\n email: {\n type: 'string',\n maxLength: 255,\n format: 'email',\n title: 'Email'\n },\n is_active: {\n type: 'boolean',\n title: 'Is Active',\n default: true\n },\n is_superuser: {\n type: 'boolean',\n title: 'Is Superuser',\n default: false\n },\n full_name: {\n anyOf: [\n {\n type: 'string',\n maxLength: 255\n },\n {\n type: 'null'\n }\n ],\n title: 'Full Name'\n },\n id: {\n type: 'string',\n format: 'uuid',\n title: 'Id'\n },\n created_at: {\n anyOf: [\n {\n type: 'string',\n format: 'date-time'\n },\n {\n type: 'null'\n }\n ],\n title: 'Created At'\n }\n },\n type: 'object',\n required: ['email', 'id'],\n title: 'UserPublic'\n} as const;\n\nexport const UserRegisterSchema = {\n properties: {\n email: {\n type: 'string',\n maxLength: 255,\n format: 'email',\n title: 'Email'\n },\n password: {\n type: 'string',\n maxLength: 128,\n minLength: 8,\n title: 'Password'\n },\n full_name: {\n anyOf: [\n {\n type: 'string',\n maxLength: 255\n },\n {\n type: 'null'\n }\n ],\n title: 'Full Name'\n }\n },\n type: 'object',\n required: ['email', 'password'],\n title: 'UserRegister'\n} as const;\n\nexport const UserUpdateSchema = {\n properties: {\n email: {\n anyOf: [\n {\n type: 'string',\n maxLength: 255,\n format: 'email'\n },\n {\n type: 'null'\n }\n ],\n title: 'Email'\n },\n is_active: {\n type: 'boolean',\n title: 'Is Active',\n default: true\n },\n is_superuser: {\n type: 'boolean',\n title: 'Is Superuser',\n default: false\n },\n full_name: {\n anyOf: [\n {\n type: 'string',\n maxLength: 255\n },\n {\n type: 'null'\n }\n ],\n title: 'Full Name'\n },\n password: {\n anyOf: [\n {\n type: 'string',\n maxLength: 128,\n minLength: 8\n },\n {\n type: 'null'\n }\n ],\n title: 'Password'\n }\n },\n type: 'object',\n title: 'UserUpdate'\n} as const;\n\nexport const UserUpdateMeSchema = {\n properties: {\n full_name: {\n anyOf: [\n {\n type: 'string',\n maxLength: 255\n },\n {\n type: 'null'\n }\n ],\n title: 'Full Name'\n },\n email: {\n anyOf: [\n {\n type: 'string',\n maxLength: 255,\n format: 'email'\n },\n {\n type: 'null'\n }\n ],\n title: 'Email'\n }\n },\n type: 'object',\n title: 'UserUpdateMe'\n} as const;\n\nexport const UsersPublicSchema = {\n properties: {\n data: {\n items: {\n '$ref': '#/components/schemas/UserPublic'\n },\n type: 'array',\n title: 'Data'\n },\n count: {\n type: 'integer',\n title: 'Count'\n }\n },\n type: 'object',\n required: ['data', 'count'],\n title: 'UsersPublic'\n} as const;\n\nexport const ValidationErrorSchema = {\n properties: {\n loc: {\n items: {\n anyOf: [\n {\n type: 'string'\n },\n {\n type: 'integer'\n }\n ]\n },\n type: 'array',\n title: 'Location'\n },\n msg: {\n type: 'string',\n title: 'Message'\n },\n type: {\n type: 'string',\n title: 'Error Type'\n },\n input: {\n title: 'Input'\n },\n ctx: {\n type: 'object',\n title: 'Context'\n }\n },\n type: 'object',\n required: ['loc', 'msg', 'type'],\n title: 'ValidationError'\n} as const;" }, { "path": "frontend/src/client/sdk.gen.ts", "content": "// This file is auto-generated by @hey-api/openapi-ts\n\nimport type { CancelablePromise } from './core/CancelablePromise';\nimport { OpenAPI } from './core/OpenAPI';\nimport { request as __request } from './core/request';\nimport type { ItemsReadItemsData, ItemsReadItemsResponse, ItemsCreateItemData, ItemsCreateItemResponse, ItemsReadItemData, ItemsReadItemResponse, ItemsUpdateItemData, ItemsUpdateItemResponse, ItemsDeleteItemData, ItemsDeleteItemResponse, LoginLoginAccessTokenData, LoginLoginAccessTokenResponse, LoginTestTokenResponse, LoginRecoverPasswordData, LoginRecoverPasswordResponse, LoginResetPasswordData, LoginResetPasswordResponse, LoginRecoverPasswordHtmlContentData, LoginRecoverPasswordHtmlContentResponse, PrivateCreateUserData, PrivateCreateUserResponse, UsersReadUsersData, UsersReadUsersResponse, UsersCreateUserData, UsersCreateUserResponse, UsersReadUserMeResponse, UsersDeleteUserMeResponse, UsersUpdateUserMeData, UsersUpdateUserMeResponse, UsersUpdatePasswordMeData, UsersUpdatePasswordMeResponse, UsersRegisterUserData, UsersRegisterUserResponse, UsersReadUserByIdData, UsersReadUserByIdResponse, UsersUpdateUserData, UsersUpdateUserResponse, UsersDeleteUserData, UsersDeleteUserResponse, UtilsTestEmailData, UtilsTestEmailResponse, UtilsHealthCheckResponse } from './types.gen';\n\nexport class ItemsService {\n /**\n * Read Items\n * Retrieve items.\n * @param data The data for the request.\n * @param data.skip\n * @param data.limit\n * @returns ItemsPublic Successful Response\n * @throws ApiError\n */\n public static readItems(data: ItemsReadItemsData = {}): CancelablePromise {\n return __request(OpenAPI, {\n method: 'GET',\n url: '/api/v1/items/',\n query: {\n skip: data.skip,\n limit: data.limit\n },\n errors: {\n 422: 'Validation Error'\n }\n });\n }\n \n /**\n * Create Item\n * Create new item.\n * @param data The data for the request.\n * @param data.requestBody\n * @returns ItemPublic Successful Response\n * @throws ApiError\n */\n public static createItem(data: ItemsCreateItemData): CancelablePromise {\n return __request(OpenAPI, {\n method: 'POST',\n url: '/api/v1/items/',\n body: data.requestBody,\n mediaType: 'application/json',\n errors: {\n 422: 'Validation Error'\n }\n });\n }\n \n /**\n * Read Item\n * Get item by ID.\n * @param data The data for the request.\n * @param data.id\n * @returns ItemPublic Successful Response\n * @throws ApiError\n */\n public static readItem(data: ItemsReadItemData): CancelablePromise {\n return __request(OpenAPI, {\n method: 'GET',\n url: '/api/v1/items/{id}',\n path: {\n id: data.id\n },\n errors: {\n 422: 'Validation Error'\n }\n });\n }\n \n /**\n * Update Item\n * Update an item.\n * @param data The data for the request.\n * @param data.id\n * @param data.requestBody\n * @returns ItemPublic Successful Response\n * @throws ApiError\n */\n public static updateItem(data: ItemsUpdateItemData): CancelablePromise {\n return __request(OpenAPI, {\n method: 'PUT',\n url: '/api/v1/items/{id}',\n path: {\n id: data.id\n },\n body: data.requestBody,\n mediaType: 'application/json',\n errors: {\n 422: 'Validation Error'\n }\n });\n }\n \n /**\n * Delete Item\n * Delete an item.\n * @param data The data for the request.\n * @param data.id\n * @returns Message Successful Response\n * @throws ApiError\n */\n public static deleteItem(data: ItemsDeleteItemData): CancelablePromise {\n return __request(OpenAPI, {\n method: 'DELETE',\n url: '/api/v1/items/{id}',\n path: {\n id: data.id\n },\n errors: {\n 422: 'Validation Error'\n }\n });\n }\n}\n\nexport class LoginService {\n /**\n * Login Access Token\n * OAuth2 compatible token login, get an access token for future requests\n * @param data The data for the request.\n * @param data.formData\n * @returns Token Successful Response\n * @throws ApiError\n */\n public static loginAccessToken(data: LoginLoginAccessTokenData): CancelablePromise {\n return __request(OpenAPI, {\n method: 'POST',\n url: '/api/v1/login/access-token',\n formData: data.formData,\n mediaType: 'application/x-www-form-urlencoded',\n errors: {\n 422: 'Validation Error'\n }\n });\n }\n \n /**\n * Test Token\n * Test access token\n * @returns UserPublic Successful Response\n * @throws ApiError\n */\n public static testToken(): CancelablePromise {\n return __request(OpenAPI, {\n method: 'POST',\n url: '/api/v1/login/test-token'\n });\n }\n \n /**\n * Recover Password\n * Password Recovery\n * @param data The data for the request.\n * @param data.email\n * @returns Message Successful Response\n * @throws ApiError\n */\n public static recoverPassword(data: LoginRecoverPasswordData): CancelablePromise {\n return __request(OpenAPI, {\n method: 'POST',\n url: '/api/v1/password-recovery/{email}',\n path: {\n email: data.email\n },\n errors: {\n 422: 'Validation Error'\n }\n });\n }\n \n /**\n * Reset Password\n * Reset password\n * @param data The data for the request.\n * @param data.requestBody\n * @returns Message Successful Response\n * @throws ApiError\n */\n public static resetPassword(data: LoginResetPasswordData): CancelablePromise {\n return __request(OpenAPI, {\n method: 'POST',\n url: '/api/v1/reset-password/',\n body: data.requestBody,\n mediaType: 'application/json',\n errors: {\n 422: 'Validation Error'\n }\n });\n }\n \n /**\n * Recover Password Html Content\n * HTML Content for Password Recovery\n * @param data The data for the request.\n * @param data.email\n * @returns string Successful Response\n * @throws ApiError\n */\n public static recoverPasswordHtmlContent(data: LoginRecoverPasswordHtmlContentData): CancelablePromise {\n return __request(OpenAPI, {\n method: 'POST',\n url: '/api/v1/password-recovery-html-content/{email}',\n path: {\n email: data.email\n },\n errors: {\n 422: 'Validation Error'\n }\n });\n }\n}\n\nexport class PrivateService {\n /**\n * Create User\n * Create a new user.\n * @param data The data for the request.\n * @param data.requestBody\n * @returns UserPublic Successful Response\n * @throws ApiError\n */\n public static createUser(data: PrivateCreateUserData): CancelablePromise {\n return __request(OpenAPI, {\n method: 'POST',\n url: '/api/v1/private/users/',\n body: data.requestBody,\n mediaType: 'application/json',\n errors: {\n 422: 'Validation Error'\n }\n });\n }\n}\n\nexport class UsersService {\n /**\n * Read Users\n * Retrieve users.\n * @param data The data for the request.\n * @param data.skip\n * @param data.limit\n * @returns UsersPublic Successful Response\n * @throws ApiError\n */\n public static readUsers(data: UsersReadUsersData = {}): CancelablePromise {\n return __request(OpenAPI, {\n method: 'GET',\n url: '/api/v1/users/',\n query: {\n skip: data.skip,\n limit: data.limit\n },\n errors: {\n 422: 'Validation Error'\n }\n });\n }\n \n /**\n * Create User\n * Create new user.\n * @param data The data for the request.\n * @param data.requestBody\n * @returns UserPublic Successful Response\n * @throws ApiError\n */\n public static createUser(data: UsersCreateUserData): CancelablePromise {\n return __request(OpenAPI, {\n method: 'POST',\n url: '/api/v1/users/',\n body: data.requestBody,\n mediaType: 'application/json',\n errors: {\n 422: 'Validation Error'\n }\n });\n }\n \n /**\n * Read User Me\n * Get current user.\n * @returns UserPublic Successful Response\n * @throws ApiError\n */\n public static readUserMe(): CancelablePromise {\n return __request(OpenAPI, {\n method: 'GET',\n url: '/api/v1/users/me'\n });\n }\n \n /**\n * Delete User Me\n * Delete own user.\n * @returns Message Successful Response\n * @throws ApiError\n */\n public static deleteUserMe(): CancelablePromise {\n return __request(OpenAPI, {\n method: 'DELETE',\n url: '/api/v1/users/me'\n });\n }\n \n /**\n * Update User Me\n * Update own user.\n * @param data The data for the request.\n * @param data.requestBody\n * @returns UserPublic Successful Response\n * @throws ApiError\n */\n public static updateUserMe(data: UsersUpdateUserMeData): CancelablePromise {\n return __request(OpenAPI, {\n method: 'PATCH',\n url: '/api/v1/users/me',\n body: data.requestBody,\n mediaType: 'application/json',\n errors: {\n 422: 'Validation Error'\n }\n });\n }\n \n /**\n * Update Password Me\n * Update own password.\n * @param data The data for the request.\n * @param data.requestBody\n * @returns Message Successful Response\n * @throws ApiError\n */\n public static updatePasswordMe(data: UsersUpdatePasswordMeData): CancelablePromise {\n return __request(OpenAPI, {\n method: 'PATCH',\n url: '/api/v1/users/me/password',\n body: data.requestBody,\n mediaType: 'application/json',\n errors: {\n 422: 'Validation Error'\n }\n });\n }\n \n /**\n * Register User\n * Create new user without the need to be logged in.\n * @param data The data for the request.\n * @param data.requestBody\n * @returns UserPublic Successful Response\n * @throws ApiError\n */\n public static registerUser(data: UsersRegisterUserData): CancelablePromise {\n return __request(OpenAPI, {\n method: 'POST',\n url: '/api/v1/users/signup',\n body: data.requestBody,\n mediaType: 'application/json',\n errors: {\n 422: 'Validation Error'\n }\n });\n }\n \n /**\n * Read User By Id\n * Get a specific user by id.\n * @param data The data for the request.\n * @param data.userId\n * @returns UserPublic Successful Response\n * @throws ApiError\n */\n public static readUserById(data: UsersReadUserByIdData): CancelablePromise {\n return __request(OpenAPI, {\n method: 'GET',\n url: '/api/v1/users/{user_id}',\n path: {\n user_id: data.userId\n },\n errors: {\n 422: 'Validation Error'\n }\n });\n }\n \n /**\n * Update User\n * Update a user.\n * @param data The data for the request.\n * @param data.userId\n * @param data.requestBody\n * @returns UserPublic Successful Response\n * @throws ApiError\n */\n public static updateUser(data: UsersUpdateUserData): CancelablePromise {\n return __request(OpenAPI, {\n method: 'PATCH',\n url: '/api/v1/users/{user_id}',\n path: {\n user_id: data.userId\n },\n body: data.requestBody,\n mediaType: 'application/json',\n errors: {\n 422: 'Validation Error'\n }\n });\n }\n \n /**\n * Delete User\n * Delete a user.\n * @param data The data for the request.\n * @param data.userId\n * @returns Message Successful Response\n * @throws ApiError\n */\n public static deleteUser(data: UsersDeleteUserData): CancelablePromise {\n return __request(OpenAPI, {\n method: 'DELETE',\n url: '/api/v1/users/{user_id}',\n path: {\n user_id: data.userId\n },\n errors: {\n 422: 'Validation Error'\n }\n });\n }\n}\n\nexport class UtilsService {\n /**\n * Test Email\n * Test emails.\n * @param data The data for the request.\n * @param data.emailTo\n * @returns Message Successful Response\n * @throws ApiError\n */\n public static testEmail(data: UtilsTestEmailData): CancelablePromise {\n return __request(OpenAPI, {\n method: 'POST',\n url: '/api/v1/utils/test-email/',\n query: {\n email_to: data.emailTo\n },\n errors: {\n 422: 'Validation Error'\n }\n });\n }\n \n /**\n * Health Check\n * @returns boolean Successful Response\n * @throws ApiError\n */\n public static healthCheck(): CancelablePromise {\n return __request(OpenAPI, {\n method: 'GET',\n url: '/api/v1/utils/health-check/'\n });\n }\n}" }, { "path": "frontend/src/client/types.gen.ts", "content": "// This file is auto-generated by @hey-api/openapi-ts\n\nexport type Body_login_login_access_token = {\n grant_type?: (string | null);\n username: string;\n password: string;\n scope?: string;\n client_id?: (string | null);\n client_secret?: (string | null);\n};\n\nexport type HTTPValidationError = {\n detail?: Array;\n};\n\nexport type ItemCreate = {\n title: string;\n description?: (string | null);\n};\n\nexport type ItemPublic = {\n title: string;\n description?: (string | null);\n id: string;\n owner_id: string;\n created_at?: (string | null);\n};\n\nexport type ItemsPublic = {\n data: Array;\n count: number;\n};\n\nexport type ItemUpdate = {\n title?: (string | null);\n description?: (string | null);\n};\n\nexport type Message = {\n message: string;\n};\n\nexport type NewPassword = {\n token: string;\n new_password: string;\n};\n\nexport type PrivateUserCreate = {\n email: string;\n password: string;\n full_name: string;\n is_verified?: boolean;\n};\n\nexport type Token = {\n access_token: string;\n token_type?: string;\n};\n\nexport type UpdatePassword = {\n current_password: string;\n new_password: string;\n};\n\nexport type UserCreate = {\n email: string;\n is_active?: boolean;\n is_superuser?: boolean;\n full_name?: (string | null);\n password: string;\n};\n\nexport type UserPublic = {\n email: string;\n is_active?: boolean;\n is_superuser?: boolean;\n full_name?: (string | null);\n id: string;\n created_at?: (string | null);\n};\n\nexport type UserRegister = {\n email: string;\n password: string;\n full_name?: (string | null);\n};\n\nexport type UsersPublic = {\n data: Array;\n count: number;\n};\n\nexport type UserUpdate = {\n email?: (string | null);\n is_active?: boolean;\n is_superuser?: boolean;\n full_name?: (string | null);\n password?: (string | null);\n};\n\nexport type UserUpdateMe = {\n full_name?: (string | null);\n email?: (string | null);\n};\n\nexport type ValidationError = {\n loc: Array<(string | number)>;\n msg: string;\n type: string;\n input?: unknown;\n ctx?: {\n [key: string]: unknown;\n };\n};\n\nexport type ItemsReadItemsData = {\n limit?: number;\n skip?: number;\n};\n\nexport type ItemsReadItemsResponse = (ItemsPublic);\n\nexport type ItemsCreateItemData = {\n requestBody: ItemCreate;\n};\n\nexport type ItemsCreateItemResponse = (ItemPublic);\n\nexport type ItemsReadItemData = {\n id: string;\n};\n\nexport type ItemsReadItemResponse = (ItemPublic);\n\nexport type ItemsUpdateItemData = {\n id: string;\n requestBody: ItemUpdate;\n};\n\nexport type ItemsUpdateItemResponse = (ItemPublic);\n\nexport type ItemsDeleteItemData = {\n id: string;\n};\n\nexport type ItemsDeleteItemResponse = (Message);\n\nexport type LoginLoginAccessTokenData = {\n formData: Body_login_login_access_token;\n};\n\nexport type LoginLoginAccessTokenResponse = (Token);\n\nexport type LoginTestTokenResponse = (UserPublic);\n\nexport type LoginRecoverPasswordData = {\n email: string;\n};\n\nexport type LoginRecoverPasswordResponse = (Message);\n\nexport type LoginResetPasswordData = {\n requestBody: NewPassword;\n};\n\nexport type LoginResetPasswordResponse = (Message);\n\nexport type LoginRecoverPasswordHtmlContentData = {\n email: string;\n};\n\nexport type LoginRecoverPasswordHtmlContentResponse = (string);\n\nexport type PrivateCreateUserData = {\n requestBody: PrivateUserCreate;\n};\n\nexport type PrivateCreateUserResponse = (UserPublic);\n\nexport type UsersReadUsersData = {\n limit?: number;\n skip?: number;\n};\n\nexport type UsersReadUsersResponse = (UsersPublic);\n\nexport type UsersCreateUserData = {\n requestBody: UserCreate;\n};\n\nexport type UsersCreateUserResponse = (UserPublic);\n\nexport type UsersReadUserMeResponse = (UserPublic);\n\nexport type UsersDeleteUserMeResponse = (Message);\n\nexport type UsersUpdateUserMeData = {\n requestBody: UserUpdateMe;\n};\n\nexport type UsersUpdateUserMeResponse = (UserPublic);\n\nexport type UsersUpdatePasswordMeData = {\n requestBody: UpdatePassword;\n};\n\nexport type UsersUpdatePasswordMeResponse = (Message);\n\nexport type UsersRegisterUserData = {\n requestBody: UserRegister;\n};\n\nexport type UsersRegisterUserResponse = (UserPublic);\n\nexport type UsersReadUserByIdData = {\n userId: string;\n};\n\nexport type UsersReadUserByIdResponse = (UserPublic);\n\nexport type UsersUpdateUserData = {\n requestBody: UserUpdate;\n userId: string;\n};\n\nexport type UsersUpdateUserResponse = (UserPublic);\n\nexport type UsersDeleteUserData = {\n userId: string;\n};\n\nexport type UsersDeleteUserResponse = (Message);\n\nexport type UtilsTestEmailData = {\n emailTo: string;\n};\n\nexport type UtilsTestEmailResponse = (Message);\n\nexport type UtilsHealthCheckResponse = (boolean);" }, { "path": "frontend/src/components/Admin/AddUser.tsx", "content": "import { zodResolver } from \"@hookform/resolvers/zod\"\nimport { useMutation, useQueryClient } from \"@tanstack/react-query\"\nimport { Plus } from \"lucide-react\"\nimport { useState } from \"react\"\nimport { useForm } from \"react-hook-form\"\nimport { z } from \"zod\"\n\nimport { type UserCreate, UsersService } from \"@/client\"\nimport { Button } from \"@/components/ui/button\"\nimport { Checkbox } from \"@/components/ui/checkbox\"\nimport {\n Dialog,\n DialogClose,\n DialogContent,\n DialogDescription,\n DialogFooter,\n DialogHeader,\n DialogTitle,\n DialogTrigger,\n} from \"@/components/ui/dialog\"\nimport {\n Form,\n FormControl,\n FormField,\n FormItem,\n FormLabel,\n FormMessage,\n} from \"@/components/ui/form\"\nimport { Input } from \"@/components/ui/input\"\nimport { LoadingButton } from \"@/components/ui/loading-button\"\nimport useCustomToast from \"@/hooks/useCustomToast\"\nimport { handleError } from \"@/utils\"\n\nconst formSchema = z\n .object({\n email: z.email({ message: \"Invalid email address\" }),\n full_name: z.string().optional(),\n password: z\n .string()\n .min(1, { message: \"Password is required\" })\n .min(8, { message: \"Password must be at least 8 characters\" }),\n confirm_password: z\n .string()\n .min(1, { message: \"Please confirm your password\" }),\n is_superuser: z.boolean(),\n is_active: z.boolean(),\n })\n .refine((data) => data.password === data.confirm_password, {\n message: \"The passwords don't match\",\n path: [\"confirm_password\"],\n })\n\ntype FormData = z.infer\n\nconst AddUser = () => {\n const [isOpen, setIsOpen] = useState(false)\n const queryClient = useQueryClient()\n const { showSuccessToast, showErrorToast } = useCustomToast()\n\n const form = useForm({\n resolver: zodResolver(formSchema),\n mode: \"onBlur\",\n criteriaMode: \"all\",\n defaultValues: {\n email: \"\",\n full_name: \"\",\n password: \"\",\n confirm_password: \"\",\n is_superuser: false,\n is_active: false,\n },\n })\n\n const mutation = useMutation({\n mutationFn: (data: UserCreate) =>\n UsersService.createUser({ requestBody: data }),\n onSuccess: () => {\n showSuccessToast(\"User created successfully\")\n form.reset()\n setIsOpen(false)\n },\n onError: handleError.bind(showErrorToast),\n onSettled: () => {\n queryClient.invalidateQueries({ queryKey: [\"users\"] })\n },\n })\n\n const onSubmit = (data: FormData) => {\n mutation.mutate(data)\n }\n\n return (\n \n \n \n \n \n \n Add User\n \n Fill in the form below to add a new user to the system.\n \n \n
\n \n
\n (\n \n \n Email *\n \n \n \n \n \n \n )}\n />\n\n (\n \n Full Name\n \n \n \n \n \n )}\n />\n\n (\n \n \n Set Password *\n \n \n \n \n \n \n )}\n />\n\n (\n \n \n Confirm Password{\" \"}\n *\n \n \n \n \n \n \n )}\n />\n\n (\n \n \n \n \n Is superuser?\n \n )}\n />\n\n (\n \n \n \n \n Is active?\n \n )}\n />\n
\n\n \n \n \n \n \n Save\n \n \n
\n \n \n \n )\n}\n\nexport default AddUser\n" }, { "path": "frontend/src/components/Admin/DeleteUser.tsx", "content": "import { useMutation, useQueryClient } from \"@tanstack/react-query\"\nimport { Trash2 } from \"lucide-react\"\nimport { useState } from \"react\"\nimport { useForm } from \"react-hook-form\"\n\nimport { UsersService } from \"@/client\"\nimport { Button } from \"@/components/ui/button\"\nimport {\n Dialog,\n DialogClose,\n DialogContent,\n DialogDescription,\n DialogFooter,\n DialogHeader,\n DialogTitle,\n} from \"@/components/ui/dialog\"\nimport { DropdownMenuItem } from \"@/components/ui/dropdown-menu\"\nimport { LoadingButton } from \"@/components/ui/loading-button\"\nimport useCustomToast from \"@/hooks/useCustomToast\"\nimport { handleError } from \"@/utils\"\n\ninterface DeleteUserProps {\n id: string\n onSuccess: () => void\n}\n\nconst DeleteUser = ({ id, onSuccess }: DeleteUserProps) => {\n const [isOpen, setIsOpen] = useState(false)\n const queryClient = useQueryClient()\n const { showSuccessToast, showErrorToast } = useCustomToast()\n const { handleSubmit } = useForm()\n\n const deleteUser = async (id: string) => {\n await UsersService.deleteUser({ userId: id })\n }\n\n const mutation = useMutation({\n mutationFn: deleteUser,\n onSuccess: () => {\n showSuccessToast(\"The user was deleted successfully\")\n setIsOpen(false)\n onSuccess()\n },\n onError: handleError.bind(showErrorToast),\n onSettled: () => {\n queryClient.invalidateQueries()\n },\n })\n\n const onSubmit = async () => {\n mutation.mutate(id)\n }\n\n return (\n \n e.preventDefault()}\n onClick={() => setIsOpen(true)}\n >\n \n Delete User\n \n \n
\n \n Delete User\n \n All items associated with this user will also be{\" \"}\n permanently deleted. Are you sure? You will not\n be able to undo this action.\n \n \n\n \n \n \n \n \n Delete\n \n \n
\n \n \n )\n}\n\nexport default DeleteUser\n" }, { "path": "frontend/src/components/Admin/EditUser.tsx", "content": "import { zodResolver } from \"@hookform/resolvers/zod\"\nimport { useMutation, useQueryClient } from \"@tanstack/react-query\"\nimport { Pencil } from \"lucide-react\"\nimport { useState } from \"react\"\nimport { useForm } from \"react-hook-form\"\nimport { z } from \"zod\"\n\nimport { type UserPublic, UsersService } from \"@/client\"\nimport { Button } from \"@/components/ui/button\"\nimport { Checkbox } from \"@/components/ui/checkbox\"\nimport {\n Dialog,\n DialogClose,\n DialogContent,\n DialogDescription,\n DialogFooter,\n DialogHeader,\n DialogTitle,\n} from \"@/components/ui/dialog\"\nimport { DropdownMenuItem } from \"@/components/ui/dropdown-menu\"\nimport {\n Form,\n FormControl,\n FormField,\n FormItem,\n FormLabel,\n FormMessage,\n} from \"@/components/ui/form\"\nimport { Input } from \"@/components/ui/input\"\nimport { LoadingButton } from \"@/components/ui/loading-button\"\nimport useCustomToast from \"@/hooks/useCustomToast\"\nimport { handleError } from \"@/utils\"\n\nconst formSchema = z\n .object({\n email: z.email({ message: \"Invalid email address\" }),\n full_name: z.string().optional(),\n password: z\n .string()\n .min(8, { message: \"Password must be at least 8 characters\" })\n .optional()\n .or(z.literal(\"\")),\n confirm_password: z.string().optional(),\n is_superuser: z.boolean().optional(),\n is_active: z.boolean().optional(),\n })\n .refine((data) => !data.password || data.password === data.confirm_password, {\n message: \"The passwords don't match\",\n path: [\"confirm_password\"],\n })\n\ntype FormData = z.infer\n\ninterface EditUserProps {\n user: UserPublic\n onSuccess: () => void\n}\n\nconst EditUser = ({ user, onSuccess }: EditUserProps) => {\n const [isOpen, setIsOpen] = useState(false)\n const queryClient = useQueryClient()\n const { showSuccessToast, showErrorToast } = useCustomToast()\n\n const form = useForm({\n resolver: zodResolver(formSchema),\n mode: \"onBlur\",\n criteriaMode: \"all\",\n defaultValues: {\n email: user.email,\n full_name: user.full_name ?? undefined,\n is_superuser: user.is_superuser,\n is_active: user.is_active,\n },\n })\n\n const mutation = useMutation({\n mutationFn: (data: FormData) =>\n UsersService.updateUser({ userId: user.id, requestBody: data }),\n onSuccess: () => {\n showSuccessToast(\"User updated successfully\")\n setIsOpen(false)\n onSuccess()\n },\n onError: handleError.bind(showErrorToast),\n onSettled: () => {\n queryClient.invalidateQueries({ queryKey: [\"users\"] })\n },\n })\n\n const onSubmit = (data: FormData) => {\n // exclude confirm_password from submission data and remove password if empty\n const { confirm_password: _, ...submitData } = data\n if (!submitData.password) {\n delete submitData.password\n }\n mutation.mutate(submitData)\n }\n\n return (\n \n e.preventDefault()}\n onClick={() => setIsOpen(true)}\n >\n \n Edit User\n \n \n
\n \n \n Edit User\n \n Update the user details below.\n \n \n
\n (\n \n \n Email *\n \n \n \n \n \n \n )}\n />\n\n (\n \n Full Name\n \n \n \n \n \n )}\n />\n\n (\n \n Set Password\n \n \n \n \n \n )}\n />\n\n (\n \n Confirm Password\n \n \n \n \n \n )}\n />\n\n (\n \n \n \n \n Is superuser?\n \n )}\n />\n\n (\n \n \n \n \n Is active?\n \n )}\n />\n
\n\n \n \n \n \n \n Save\n \n \n
\n \n \n \n )\n}\n\nexport default EditUser\n" }, { "path": "frontend/src/components/Admin/UserActionsMenu.tsx", "content": "import { EllipsisVertical } from \"lucide-react\"\nimport { useState } from \"react\"\n\nimport type { UserPublic } from \"@/client\"\nimport { Button } from \"@/components/ui/button\"\nimport {\n DropdownMenu,\n DropdownMenuContent,\n DropdownMenuTrigger,\n} from \"@/components/ui/dropdown-menu\"\nimport useAuth from \"@/hooks/useAuth\"\nimport DeleteUser from \"./DeleteUser\"\nimport EditUser from \"./EditUser\"\n\ninterface UserActionsMenuProps {\n user: UserPublic\n}\n\nexport const UserActionsMenu = ({ user }: UserActionsMenuProps) => {\n const [open, setOpen] = useState(false)\n const { user: currentUser } = useAuth()\n\n if (user.id === currentUser?.id) {\n return null\n }\n\n return (\n \n \n \n \n \n setOpen(false)} />\n setOpen(false)} />\n \n \n )\n}\n" }, { "path": "frontend/src/components/Admin/columns.tsx", "content": "import type { ColumnDef } from \"@tanstack/react-table\"\n\nimport type { UserPublic } from \"@/client\"\nimport { Badge } from \"@/components/ui/badge\"\nimport { cn } from \"@/lib/utils\"\nimport { UserActionsMenu } from \"./UserActionsMenu\"\n\nexport type UserTableData = UserPublic & {\n isCurrentUser: boolean\n}\n\nexport const columns: ColumnDef[] = [\n {\n accessorKey: \"full_name\",\n header: \"Full Name\",\n cell: ({ row }) => {\n const fullName = row.original.full_name\n return (\n
\n \n {fullName || \"N/A\"}\n \n {row.original.isCurrentUser && (\n \n You\n \n )}\n
\n )\n },\n },\n {\n accessorKey: \"email\",\n header: \"Email\",\n cell: ({ row }) => (\n {row.original.email}\n ),\n },\n {\n accessorKey: \"is_superuser\",\n header: \"Role\",\n cell: ({ row }) => (\n \n {row.original.is_superuser ? \"Superuser\" : \"User\"}\n \n ),\n },\n {\n accessorKey: \"is_active\",\n header: \"Status\",\n cell: ({ row }) => (\n
\n \n \n {row.original.is_active ? \"Active\" : \"Inactive\"}\n \n
\n ),\n },\n {\n id: \"actions\",\n header: () => Actions,\n cell: ({ row }) => (\n
\n \n
\n ),\n },\n]\n" }, { "path": "frontend/src/components/Common/Appearance.tsx", "content": "import { Monitor, Moon, Sun } from \"lucide-react\"\n\nimport { type Theme, useTheme } from \"@/components/theme-provider\"\nimport { Button } from \"@/components/ui/button\"\nimport {\n DropdownMenu,\n DropdownMenuContent,\n DropdownMenuItem,\n DropdownMenuTrigger,\n} from \"@/components/ui/dropdown-menu\"\nimport {\n SidebarMenuButton,\n SidebarMenuItem,\n useSidebar,\n} from \"@/components/ui/sidebar\"\n\ntype LucideIcon = React.FC>\n\nconst ICON_MAP: Record = {\n system: Monitor,\n light: Sun,\n dark: Moon,\n}\n\nexport const SidebarAppearance = () => {\n const { isMobile } = useSidebar()\n const { setTheme, theme } = useTheme()\n const Icon = ICON_MAP[theme]\n\n return (\n \n \n \n \n \n Appearance\n Toggle theme\n \n \n \n setTheme(\"light\")}\n >\n \n Light\n \n setTheme(\"dark\")}\n >\n \n Dark\n \n setTheme(\"system\")}>\n \n System\n \n \n \n \n )\n}\n\nexport const Appearance = () => {\n const { setTheme } = useTheme()\n\n return (\n
\n \n \n \n \n \n setTheme(\"light\")}\n >\n \n Light\n \n setTheme(\"dark\")}\n >\n \n Dark\n \n setTheme(\"system\")}>\n \n System\n \n \n \n
\n )\n}\n" }, { "path": "frontend/src/components/Common/AuthLayout.tsx", "content": "import { Appearance } from \"@/components/Common/Appearance\"\nimport { Logo } from \"@/components/Common/Logo\"\nimport { Footer } from \"./Footer\"\n\ninterface AuthLayoutProps {\n children: React.ReactNode\n}\n\nexport function AuthLayout({ children }: AuthLayoutProps) {\n return (\n
\n \n
\n
\n \n
\n
\n
{children}
\n
\n
\n
\n
\n )\n}\n" }, { "path": "frontend/src/components/Common/DataTable.tsx", "content": "import {\n type ColumnDef,\n flexRender,\n getCoreRowModel,\n getPaginationRowModel,\n useReactTable,\n} from \"@tanstack/react-table\"\nimport {\n ChevronLeft,\n ChevronRight,\n ChevronsLeft,\n ChevronsRight,\n} from \"lucide-react\"\n\nimport { Button } from \"@/components/ui/button\"\nimport {\n Select,\n SelectContent,\n SelectItem,\n SelectTrigger,\n SelectValue,\n} from \"@/components/ui/select\"\nimport {\n Table,\n TableBody,\n TableCell,\n TableHead,\n TableHeader,\n TableRow,\n} from \"@/components/ui/table\"\n\ninterface DataTableProps {\n columns: ColumnDef[]\n data: TData[]\n}\n\nexport function DataTable({\n columns,\n data,\n}: DataTableProps) {\n const table = useReactTable({\n data,\n columns,\n getCoreRowModel: getCoreRowModel(),\n getPaginationRowModel: getPaginationRowModel(),\n })\n\n return (\n
\n \n \n {table.getHeaderGroups().map((headerGroup) => (\n \n {headerGroup.headers.map((header) => {\n return (\n \n {header.isPlaceholder\n ? null\n : flexRender(\n header.column.columnDef.header,\n header.getContext(),\n )}\n \n )\n })}\n \n ))}\n \n \n {table.getRowModel().rows.length ? (\n table.getRowModel().rows.map((row) => (\n \n {row.getVisibleCells().map((cell) => (\n \n {flexRender(cell.column.columnDef.cell, cell.getContext())}\n \n ))}\n \n ))\n ) : (\n \n \n No results found.\n \n \n )}\n \n
\n\n {table.getPageCount() > 1 && (\n
\n
\n
\n Showing{\" \"}\n {table.getState().pagination.pageIndex *\n table.getState().pagination.pageSize +\n 1}{\" \"}\n to{\" \"}\n {Math.min(\n (table.getState().pagination.pageIndex + 1) *\n table.getState().pagination.pageSize,\n data.length,\n )}{\" \"}\n of{\" \"}\n {data.length}{\" \"}\n entries\n
\n
\n

Rows per page

\n {\n table.setPageSize(Number(value))\n }}\n >\n \n \n \n \n {[5, 10, 25, 50].map((pageSize) => (\n \n {pageSize}\n \n ))}\n \n \n
\n
\n\n
\n
\n Page\n \n {table.getState().pagination.pageIndex + 1}\n \n of\n \n {table.getPageCount()}\n \n
\n\n
\n table.setPageIndex(0)}\n disabled={!table.getCanPreviousPage()}\n >\n Go to first page\n \n \n table.previousPage()}\n disabled={!table.getCanPreviousPage()}\n >\n Go to previous page\n \n \n table.nextPage()}\n disabled={!table.getCanNextPage()}\n >\n Go to next page\n \n \n table.setPageIndex(table.getPageCount() - 1)}\n disabled={!table.getCanNextPage()}\n >\n Go to last page\n \n \n
\n
\n
\n )}\n
\n )\n}\n" }, { "path": "frontend/src/components/Common/ErrorComponent.tsx", "content": "import { Link } from \"@tanstack/react-router\"\nimport { Button } from \"@/components/ui/button\"\n\nconst ErrorComponent = () => {\n return (\n \n
\n
\n \n Error\n \n Oops!\n
\n
\n\n

\n Something went wrong. Please try again.\n

\n \n \n \n \n )\n}\n\nexport default ErrorComponent\n" }, { "path": "frontend/src/components/Common/Footer.tsx", "content": "import { FaGithub, FaLinkedinIn } from \"react-icons/fa\"\nimport { FaXTwitter } from \"react-icons/fa6\"\n\nconst socialLinks = [\n {\n icon: FaGithub,\n href: \"https://github.com/fastapi/fastapi\",\n label: \"GitHub\",\n },\n { icon: FaXTwitter, href: \"https://x.com/fastapi\", label: \"X\" },\n {\n icon: FaLinkedinIn,\n href: \"https://linkedin.com/company/fastapi\",\n label: \"LinkedIn\",\n },\n]\n\nexport function Footer() {\n const currentYear = new Date().getFullYear()\n\n return (\n
\n
\n

\n Full Stack FastAPI Template - {currentYear}\n

\n
\n {socialLinks.map(({ icon: Icon, href, label }) => (\n \n \n \n ))}\n
\n
\n
\n )\n}\n" }, { "path": "frontend/src/components/Common/Logo.tsx", "content": "import { Link } from \"@tanstack/react-router\"\n\nimport { useTheme } from \"@/components/theme-provider\"\nimport { cn } from \"@/lib/utils\"\nimport icon from \"/assets/images/fastapi-icon.svg\"\nimport iconLight from \"/assets/images/fastapi-icon-light.svg\"\nimport logo from \"/assets/images/fastapi-logo.svg\"\nimport logoLight from \"/assets/images/fastapi-logo-light.svg\"\n\ninterface LogoProps {\n variant?: \"full\" | \"icon\" | \"responsive\"\n className?: string\n asLink?: boolean\n}\n\nexport function Logo({\n variant = \"full\",\n className,\n asLink = true,\n}: LogoProps) {\n const { resolvedTheme } = useTheme()\n const isDark = resolvedTheme === \"dark\"\n\n const fullLogo = isDark ? logoLight : logo\n const iconLogo = isDark ? iconLight : icon\n\n const content =\n variant === \"responsive\" ? (\n <>\n \n