# 🚗 CarShop (FASTAPI & REACT)
A secure and scalable **FastAPI** backend for managing car listings with JWT authentication, AWS S3 image upload, and admin-based route protection.
---
## 📌 Features
- ✅ **JWT Authentication** (`Bearer Token`)
- 👤 **User Login / Registration**
- 🧑💼 Role-based access: Admin-only routes for create/update/delete
- 📷 Image uploads to **AWS S3**
- 🔐 Auto-assign current user as car owner
- 🧠 Async ORM support using **SQLAlchemy + asyncpg**
- ⚠️ Secure data handling – no sensitive fields leaked
---
## 📁 Project Structure
carshop-backend/ │ ├── app/ │ ├── auth.py # JWT token handling & user dependency │ ├── database.py # DB connection setup │ ├── models.py # SQLAlchemy models │ ├── schemas/ # Pydantic validation models │ └── routers/ │ ├── cars.py # Car-related routes │ └── users.py # User registration/login │ ├── main.py # FastAPI instance ├── requirements.txt # Required packages └── .env # Environment variables
---
## ⚙️ Technologies Used
| Tool | Purpose |
|--------------|---------|
| **FastAPI** | Asynchronous Python web framework |
| **JWT** | Token-based authentication |
| **PostgreSQL** | Database backend |
| **SQLAlchemy (AsyncSession)** | ORM with async support |
| **Boto3** | AWS S3 integration for image storage |
| **Pydantic** | Request/response model validation |
| **Uvicorn** | ASGI server |
---
## 🧪 Key Endpoints
| Method | Endpoint | Auth Required | Description |
|--------|-----------------------|---------------|-------------|
| POST | `/users/` | ❌ | Register new user |
| POST | `/users/login` | ❌ | Get JWT token |
| GET | `/cars/` | ❌ | List all cars |
| POST | `/cars/` | ✅ | Create a new car |
| PUT | `/cars/{id}` | ✅ | Update own or admin-only car |
| DELETE | `/cars/{id}` | ✅ or Admin | Delete car and S3 image |
| GET | `/users/me` | ✅ | Get current user info |
| POST | `/cars/` | ✅ | Upload image and assign owner |
---
## 🧱 Example Requests
### ✅ Register New User
```bash
POST http://localhost:8000/users/create
Body (JSON):
{
"username": "adminuser",
"password": "securepassword123",
"email": "admin@example.com"
}
POST http://localhost:8000/users/login
Form Data:
grant_type=password
username=adminuser
password=securepassword123Requires valid JWT token (Authorization Bearer)
POST http://localhost:8000/cars/
Form Data:
- car_data = JSON string of car details
- main_image = image.jpg
Example JSON:
{
"name": "Tesla Model X",
"make": "Tesla",
"year": 2024,
"price": 100000
}uvicorn app.main:app --reloadSwagger UI: http://localhost:8000/docs
ReDoc: http://localhost:8000/redoc
annotated-types==0.7.0
anyio==4.8.0
asyncpg==0.30.0
boto3==1.37.11
botocore==1.37.11
certifi==2025.1.31
charset-normalizer==3.4.1
click==8.1.8
dnspython==2.7.0
email_validator==2.2.0
fastapi==0.115.11
fastapi-cli==0.0.7
greenlet==3.1.1
h11==0.14.0
httpcore==1.0.7
httptools==0.6.4
httpx==0.28.1
idna==3.10
Jinja2==3.1.6
jmespath==1.0.1
markdown-it-py==3.0.0
MarkupSafe==3.0.2
mdurl==0.1.2
psycopg2-binary==2.9.10
pydantic==2.10.6
pydantic_core==2.27.2
Pygments==2.19.1
PyJWT==2.10.1
python-dateutil==2.9.0.post0
python-dotenv==1.0.1
python-multipart==0.0.20
PyYAML==6.0.2
requests==2.32.3
rich==13.9.4
rich-toolkit==0.13.2
s3transfer==0.11.4
shellingham==1.5.4
six==1.17.0
sniffio==1.3.1
SQLAlchemy==2.0.38
starlette==0.46.1
typer==0.15.2
typing_extensions==4.12.2
urllib3==2.3.0
uvicorn==0.34.0
uvloop==0.21.0
watchfiles==1.0.4
websockets==15.0.1
- ✅ Add refresh tokens and logout endpoint
- 🧪 Write unit tests using
pytest - 🔄 Implement password reset flow
- 📉 Pagination and filtering for
/cars - 📦 Dockerfile for containerized deployment
- 🧯 Rate limiting and IP blocking
- 📊 Admin dashboard for car management