Skip to content

manupatil1318/TestManagementAPI

BranchesTags

Repository files navigation

Task Management API

A simple backend system built with FastAPI that allows users to register, login, and manage their own tasks.

Features

  • User Authentication: Register and Login with JWT tokens
  • Password Hashing: Secure password storage using bcrypt
  • Role-based Access Control: Admin and User roles
  • Task Management: Full CRUD operations for tasks
  • Input Validation: Pydantic models for request/response validation
  • Environment Variables: No hardcoded secrets

Technology Stack

  • Framework: FastAPI (Python)
  • Database: SQLite (can be changed to PostgreSQL)
  • ORM: SQLAlchemy
  • Authentication: JWT (python-jose)
  • Password Hashing: passlib with bcrypt
  • Testing: pytest

Project Structure

BackendProject/
├── src/
│   ├── auth/
│   │   ├── jwt_handler.py    # JWT token creation and verification
│   │   └── password.py       # Password hashing utilities
│   ├── models/
│   │   ├── task.py           # Task database model
│   │   └── user.py           # User database model
│   ├── routes/
│   │   ├── auth.py           # Authentication routes
│   │   ├── tasks.py          # Task CRUD routes
│   │   └── users.py          # User management routes
│   ├── schemas/
│   │   ├── task_schema.py    # Pydantic schemas for tasks
│   │   └── user_schema.py    # Pydantic schemas for users
│   ├── database.py           # Database configuration
│   └── main.py               # FastAPI app entry point
├── tests/
│   ├── test_auth.py          # Authentication tests
│   ├── test_task.py          # Task management tests
│   └── test_user.py          # User management tests
├── .env                      # Environment variables
├── .env.example              # Example environment variables
├── requirements.txt          # Python dependencies
└── README.md                 # Project documentation

Setup

1. Clone the repository

git clone <repository-url>
cd BackendProject

2. Create virtual environment (optional but recommended)

# Windows
python -m venv venv
venv\Scripts\activate

# Linux/Mac
python3 -m venv venv
source venv/bin/activate

3. Install dependencies

pip install -r requirements.txt

4. Configure environment variables

Copy .env.example to .env and update the values:

# Copy the example file
copy .env.example .env

The default configuration in .env:

SECRET_KEY=supersecretkey_change_this_in_production
DATABASE_URL=sqlite:///./tasks.db
ALGORITHM=HS256
TOKEN_EXPIRE_HOURS=2

5. Run the server

uvicorn src.main:app --reload

The API will be available at: http://127.0.0.1:8000

6. Access API Documentation

FastAPI provides automatic API documentation:

  • Swagger UI: http://127.0.0.1:8000/docs
  • ReDoc: http://127.0.0.1:8000/redoc

How to Run Tests

# Run all tests
pytest

# Run tests with verbose output
pytest -v

# Run specific test file
pytest tests/test_auth.py -v

# Run tests and show coverage (if installed)
pytest --cov=src tests/

API Endpoints

Authentication

Method Endpoint Description Auth Required
POST /auth/register Register a new user No
POST /auth/login Login and get JWT token No

Users

Method Endpoint Description Auth Required Role
GET /users/me Get own profile Yes user/admin
GET /users Get all users Yes admin
DELETE /users/{id} Delete a user Yes admin

Tasks

Method Endpoint Description Auth Required
POST /tasks Create a task Yes
GET /tasks Get all tasks (own or all if admin) Yes
PUT /tasks/{id} Update a task Yes
DELETE /tasks/{id} Delete a task Yes

Sample API Requests

1. Register a new user

curl -X POST "http://127.0.0.1:8000/auth/register" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "user@example.com",
    "password": "password123",
    "role": "user"
  }'

Response:

{
  "id": 1,
  "email": "user@example.com",
  "role": "user"
}

2. Login

curl -X POST "http://127.0.0.1:8000/auth/login" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "user@example.com",
    "password": "password123"
  }'

Response:

{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "token_type": "bearer"
}

3. Create a task (requires auth)

curl -X POST "http://127.0.0.1:8000/tasks" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
  -d '{
    "title": "Complete assignment",
    "description": "Finish the backend project"
  }'

4. Get all tasks

curl -X GET "http://127.0.0.1:8000/tasks" \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN"

5. Update a task

curl -X PUT "http://127.0.0.1:8000/tasks/1" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
  -d '{
    "title": "Updated title",
    "status": "completed"
  }'

6. Delete a task

curl -X DELETE "http://127.0.0.1:8000/tasks/1" \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN"

7. Get own profile

curl -X GET "http://127.0.0.1:8000/users/me" \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN"

8. Admin: Get all users

curl -X GET "http://127.0.0.1:8000/users" \
  -H "Authorization: Bearer ADMIN_ACCESS_TOKEN"

9. Admin: Delete a user

curl -X DELETE "http://127.0.0.1:8000/users/1" \
  -H "Authorization: Bearer ADMIN_ACCESS_TOKEN"

Security Requirements Met

  • ✅ Password hashing (bcrypt)
  • ✅ JWT authentication
  • ✅ Role-based access control (admin/user)
  • ✅ Environment variables for secrets
  • ✅ No credentials inside code

Testing Requirements Met

  • ✅ Minimum 3 unit tests (password hashing, JWT)
  • ✅ Minimum 2 API tests (auth, tasks, users)

Database

The application uses SQLite by default. To change to PostgreSQL:

  1. Update the DATABASE_URL in .env:

    DATABASE_URL=postgresql://username:password@localhost/dbname

  2. Install PostgreSQL driver:

    pip install psycopg2-binary

License

MIT License

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages