FastAPI backend for task management, with JWT authentication, refresh token rotation, logout/revoke mechanism, and PostgreSQL persistence.
The API supports:
- User registration and login
- Authentication with
access token+refresh token - Refresh token flow with:
- database persistence
- refresh token hashing
- rotation (old refresh token becomes invalid)
- expiry/revoked checks
- Logout that revokes:
- the refresh token
- the current access token (via JTI blacklist)
- Task CRUD per user
- Task pagination/filtering
- Python
- FastAPI
- SQLAlchemy
- PostgreSQL
- Alembic
- Passlib (
argon2/bcrypt) - Pytest
app/
api/ # Routers (auth, tasks)
core/ # Config, JWT, security, exceptions, logging, rate limiter
db/ # Session/base
models/ # SQLAlchemy models
schemas/ # Request/response schemas
services/ # Business logic
alembic/ # Migrations
tests/ # Test suite
- Move to the project directory:
cd task-manager-api- Create and activate a virtual environment (if it does not exist):
python -m venv .venvWindows PowerShell:
.\.venv\Scripts\activate- Install dependencies:
pip install -r requirements.txt- Create
.env:
- Copy
.env.exampleto.env - Set
DATABASE_URLandSECRET_KEY
- Apply migrations:
alembic upgrade head- Start the API:
uvicorn app.main:app --reload- Swagger UI:
http://127.0.0.1:8000/docs - Health check:
http://127.0.0.1:8000/health
Suggested test flow:
POST /auth/registerPOST /auth/loginGET /auth/mewith Bearer access tokenPOST /auth/refreshPOST /auth/logout- Task endpoints:
POST /tasks/,GET /tasks/,PUT /tasks/{id},DELETE /tasks/{id}
- Stop server:
CTRL + C - Deactivate virtual environment:
deactivaterun:
pytest -qThe project already includes:
Dockerfiledocker-compose.yml.dockerignore
When needed:
docker compose up --build