Loading repository dataβ¦
Loading repository dataβ¦
MrAfoo / repository
π Modern full-stack task manager with Next.js 14, FastAPI, PostgreSQL. Features Better Auth, JWT, dark mode & smooth animations. Production-ready with beautiful UI!
A modern full-stack web application with Better Auth (frontend) and FastAPI (backend) using shared JWT authentication.
This is a production-ready todo application featuring:
Create .env files with the SAME SECRET KEY in both:
backend/.env:
DATABASE_URL=postgresql://postgres:password@localhost:5432/todo_db
BETTER_AUTH_SECRET=your-secret-key-min-32-chars-long-change-in-production
frontend/.env.local:
NEXT_PUBLIC_API_URL=http://localhost:8000
BETTER_AUTH_SECRET=your-secret-key-min-32-chars-long-change-in-production
DATABASE_URL=postgresql://postgres:password@localhost:5432/todo_db
β οΈ CRITICAL: The BETTER_AUTH_SECRET must be identical in both files!
# Create PostgreSQL database
createdb todo_db
# Run migrations
cd backend
uv sync
uv run alembic upgrade head
cd ../frontend
npm install
npx better-auth migrate
# Terminal 1 - Backend
cd backend
uv run uvicorn app.main:app --reload --port 8000
# Terminal 2 - Frontend
cd frontend
npm run dev
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Frontend (Next.js) β
β ββββββββββββββββ ββββββββββββββββ β
β β Better Auth β βββΆ β JWT Token β β
β β Server β β (7 days) β β
β ββββββββββββββββ ββββββββββββββββ β
β β β
β βΌ β
β Authorization: Bearer <token> β
βββββββββββββββββββββββββββββββββΌββββββββββββββββββββββββββββββ
β
Shared Secret: BETTER_AUTH_SECRET
β
βββββββββββββββββββββββββββββββββΌββββββββββββββββββββββββββββββ
β βΌ β
β ββββββββββββββββ β
β β JWT Verify β β
β β Middleware β β
β ββββββββββββββββ β
β β β
β βΌ β
β ββββββββββββββββ β
β β Task Routes β β
β β (Filtered) β β
β ββββββββββββββββ β
β Backend (FastAPI) β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Flow:
Authorization header| Feature | Description |
|---|---|
| User Isolation | Each user only sees their own tasks |
| Stateless Auth | Backend doesn't need to call frontend to verify users |
| Token Expiry | JWT tokens expire after 7 days |
| Signature Verification | Tokens can't be forged without the secret key |
| Password Hashing | Better Auth handles secure bcrypt password storage |
| CORS Protection | Restricted to allowed origins |
cd backend
uv run pytest # Run all tests
uv run pytest --cov-report=html # With coverage report
Results: β 15/15 tests passing
cd frontend
npm test # Run all tests
npm run test:watch # Watch mode
Backend (Alembic):
cd backend
uv run alembic revision --autogenerate -m "description"
uv run alembic upgrade head
uv run alembic downgrade -1
Frontend (Better Auth):
cd frontend
npx better-auth migrate
Backend:
cd backend
uv run black app tests # Format
uv run flake8 app tests # Lint
uv run mypy app # Type check
Frontend:
cd frontend
npm run lint # ESLint
npm run build # Production build
POST /api/auth/register - Register new userPOST /api/auth/login - Login and get JWT tokenGET /api/auth/me - Get current user infoGET /api/{user_id}/tasks - List all tasksPOST /api/{user_id}/tasks - Create new taskGET /api/{user_id}/tasks/{task_id} - Get task by IDPUT /api/{user_id}/tasks/{task_id} - Update taskDELETE /api/{user_id}/tasks/{task_id} - Delete taskAll task endpoints require Authorization: Bearer <token> header and enforce user ownership.
BETTER_AUTH_SECRET matches in both .env filespg_isreadypsql -l | grep todo_dbcd frontend && npx better-auth migrate --force.
βββ backend/ # FastAPI backend
β βββ app/
β β βββ models/ # SQLAlchemy models
β β βββ schemas/ # Pydantic schemas
β β βββ routers/ # API endpoints
β β βββ services/ # JWT verification & auth
β β βββ config.py # Settings with BETTER_AUTH_SECRET
β β βββ main.py # FastAPI app
β βββ tests/ # 15 tests (all passing)
β βββ alembic/ # Database migrations
β
βββ frontend/ # Next.js frontend
β βββ app/ # Pages (login, register, dashboard)
β βββ components/ # React components
β βββ lib/
β β βββ auth-server.ts # Better Auth config (JWT plugin)
β β βββ auth-client.ts # Client-side auth helpers
β β βββ api.ts # Axios client (auto-attaches JWT)
β βββ hooks/ # Custom React hooks
β
βββ JWT-INTEGRATION-GUIDE.md # Comprehensive JWT guide
βββ QUICK-START.md # 5-minute setup
βββ IMPLEMENTATION-SUMMARY.md # Detailed change summary
βββ src/ # Original CLI app (legacy)
BETTER_AUTH_SECRET (32+ chars): openssl rand -base64 32ALLOWED_ORIGINS with production domainDEBUG=False in backendBackend:
DATABASE_URL=postgresql://user:pass@host:5432/todo_db
BETTER_AUTH_SECRET=<your-production-secret>
ALLOWED_ORIGINS=https://yourdomain.com
DEBUG=False
Frontend:
NEXT_PUBLIC_API_URL=https://api.yourdomain.com
BETTER_AUTH_SECRET=<same-secret-as-backend>
DATABASE_URL=postgresql://user:pass@host:5432/todo_db
This project is built following the Spec-Kit Plus methodology.