A RESTful API built with FastAPI that supports user authentication via JWT, role-based access control (RBAC), and CRUD operations on projects and documents. The API leverages SQLModel with PostgreSQL for data storage and Alembic(Optional) for database migrations.
-
User Authentication: Secure user registration and login using JWT tokens.
-
Role-Based Access Control (RBAC): Granular permissions with roles and permissions (admin and user).
-
Admin: Full create, read, update, and delete permissions.
-
User: Read-only access.
-
CRUD Operations: Manage projects and documents through dedicated endpoints.
-
Database Migrations: Alembic integration to handle schema changes safely.
-
Interactive Documentation: Automatically generated API docs using Swagger UI.
- Python 3.12
- FastAPI
- SQLModel (with PostgreSQL)
- Alembic
- Uvicorn
- PostgreSQL
- Python 3.12
- PostgreSQL
- Clone the Repository:
git clone https://github.com/yourusername/your-repo-name.git
cd your-repo-name- Create a Virtual Environment & Activate It:
python -m venv venv
source venv/bin/activate # On Windows: venv\Scripts\activate- Install Dependencies:
pip install -r requirements.txt- Configure Environment Variables: Create a .env file in the project root and add:
DATABASE_URL=postgresql://username:password@localhost/yourdbname
JWT_SECRET=your_jwt_secret- Initialize the Database: Ensure your PostgreSQL server is running and the specified database exists.
- Run Migrations: Migration will run automatically but if not you can use optional Alembic migration
alembic upgrade head- Seed Roles and Permissions (Optional): Run the seeding script to populate initial roles and permissions:
python seed.py- Start the FastAPI server with:
uvicorn app.main:app --reload- Access the interactive API documentation at http://127.0.0.1:8000/docs.
⸻
-
Authentication
- POST /register: Register a new user.
- POST /login: Log in to receive a JWT token.
-
Projects
- GET /projects: Retrieve all projects.
- POST /projects: Create a new project (requires “create” permission).
- PUT /projects/{project_id}: Update an existing project (requires “update” permission).
- DELETE /projects/{project_id}: Delete a project (requires “delete” permission).
-
Documents
- GET /documents: Retrieve all documents.
- POST /documents: Create a new document (requires “create” permission).
- PUT /documents/{document_id}: Update a document (requires “update” permission).
- DELETE /documents/{document_id}: Delete a document (requires “delete” permission).
- Run your tests using pytest:
pytest- You can also import the provided Postman collection (see postman_collection.json) to manually test the endpoints.
