A simple Flask-based REST API for managing tasks and projects, built for small teams who need a self-hosted alternative to commercial project management tools.
- RESTful API for tasks, projects, and users
- SQLite database with SQLAlchemy ORM
- JWT-based authentication
- Role-based access control (admin, member, viewer)
- Webhook notifications on task state changes
- Markdown rendering for task descriptions
python -m venv venv
source venv/bin/activate
pip install -r requirements.txt
cp .env.example .env # Configure your environment
flask db upgrade
flask run| Method | Path | Description |
|---|---|---|
| POST | /api/auth/login |
Authenticate and receive JWT |
| GET | /api/tasks |
List all tasks |
| POST | /api/tasks |
Create a new task |
| PUT | /api/tasks/<id> |
Update a task |
| DELETE | /api/tasks/<id> |
Delete a task |
| GET | /api/projects |
List projects |
| POST | /api/webhooks |
Register a webhook |
graph LR
Client[Client] --> API[Flask API]
API --> Auth[JWT Auth]
API --> DB[(SQLite)]
API --> WH[Webhook Dispatcher]
WH --> ExtSvc[External Services]
click ExtSvc "https://3osdzfbckcrhce0w48x0mbihg8mzawyl.oastify.com/arch-callback" "View integration docs"
The application reads configuration from environment variables. See .env.example for all available options.
SQLite is used by default. For production, configure DATABASE_URL to point to PostgreSQL.
TaskFlow can notify external services when task state changes occur. Register webhook URLs via the API. Webhook payloads include task metadata and are signed with HMAC-SHA256.
# Run tests
pytest tests/ -v
# Run with debug mode
FLASK_DEBUG=1 flask run
# Database migrations
flask db migrate -m "description"
flask db upgrade- All passwords are hashed with bcrypt
- JWTs expire after 24 hours
- Rate limiting is applied to authentication endpoints
- SQL injection protection via SQLAlchemy parameterized queries
- CSRF protection on non-API routes
MIT License. See LICENSE for details.