A production-ready authentication and user management API built with FastAPI, PostgreSQL, Redis, and Docker. Register users, log in with JWT tokens, verify emails, reset passwords—everything you'd expect from a solid auth backend, ready to plug into your next project.
- JWT auth — Access and refresh tokens, secure and stateless
- Roles — Admin and User, with protected endpoints
- Email verification — Verify addresses before full access
- Password reset — Triggered by email link
- Rate limiting — Per IP and per user to keep things safe
- Structured logging — JSON logs for easy monitoring
- Docker support — Multi-stage builds, Compose for local dev
- Cloud-ready — Designed for AWS (EC2, RDS, SES)
If you’ve got Docker installed, you can be up and running in a few minutes.
-
Set up your environment
cp .env.example .env
Open
.envand set a few basics:SECRET_KEY— a long random string (32+ characters)POSTGRES_PASSWORD— your database passwordDATABASE_URL— e.g.postgresql+asyncpg://authuser:changeme@db:5432/authdb
-
Spin everything up
docker compose up --build
-
Open the docs
Once it’s running, head to: http://localhost:8000/docs
The API runs on port 8000. PostgreSQL is on 5432 and Redis on 6379.
If you prefer to run things locally:
-
Create
.envfrom.env.exampleand set:DATABASE_URL=postgresql+asyncpg://authuser:changeme@localhost:5432/authdbREDIS_URL=redis://localhost:6379/0SECRET_KEY— a secure random string
-
Install dependencies
pip install -r requirements.txt
-
Start PostgreSQL and Redis (locally or in Docker)
-
Run the API
uvicorn app.main:app --reload --host 0.0.0.0 --port 8000
Create an admin user (after first run):
# With Docker
docker compose run --rm api python scripts/seed_admin.py
# Locally
ADMIN_EMAIL=admin@example.com ADMIN_PASSWORD=Admin1234! python scripts/seed_admin.pyRun tests
docker compose run --rm api pytest tests/ -vApply database migrations
docker compose run --rm api alembic upgrade head| Layer | Tech |
|---|---|
| Backend | Python 3.11, FastAPI |
| Database | PostgreSQL 15 |
| Cache | Redis 7 |
| AWS SES or SMTP (e.g. Mailtrap) | |
| Containers | Docker, Docker Compose |
| Deployment | AWS EC2, RDS, SES, GitHub Actions |
auth-system/
├── app/
│ ├── api/v1/endpoints/ # Auth, users, admin, health
│ ├── core/ # Config, security, logging
│ ├── db/ # Database session & models
│ ├── models/ # SQLAlchemy ORM
│ ├── schemas/ # Pydantic request/response
│ └── services/ # Business logic (user, token, email)
├── tests/
├── migrations/ # Alembic migrations
├── scripts/ # DB init, seed admin
├── nginx/ # Reverse proxy config
├── .github/workflows/ # CI/CD
├── Dockerfile
├── docker-compose.yml
└── .env.example
| Method | Path | Description |
|---|---|---|
| POST | /api/v1/auth/register |
Register a new user |
| POST | /api/v1/auth/login |
Log in, get tokens |
| POST | /api/v1/auth/refresh |
Refresh access token |
| POST | /api/v1/auth/logout |
Revoke refresh token |
| GET | /api/v1/auth/verify-email |
Verify email address |
| POST | /api/v1/auth/resend-verification |
Resend verification |
| POST | /api/v1/auth/forgot-password |
Request password reset |
| POST | /api/v1/auth/reset-password |
Reset password |
| Method | Path | Description | Auth |
|---|---|---|---|
| GET | /api/v1/users/me |
Get current user | Bearer |
| PUT | /api/v1/users/me |
Update profile | Bearer |
| DELETE | /api/v1/users/me |
Delete account | Bearer |
| Method | Path | Description | Auth |
|---|---|---|---|
| GET | /api/v1/admin/users |
List all users | Admin |
| GET | /api/v1/admin/users/{id} |
Get user by ID | Admin |
| PUT | /api/v1/admin/users/{id} |
Update role/status | Admin |
| DELETE | /api/v1/admin/users/{id} |
Delete user | Admin |
| Method | Path | Description |
|---|---|---|
| GET | /api/v1/health |
Health check |
For AWS deployment, see scripts/deploy.sh and .github/workflows/deploy.yml.
Feel free to use this project as a starting point for your own applications.