This is a monorepo demonstrating a fullstack application using pnpm for package management and UV for Python dependency management.
backend/: Python backend using FastAPI and Uvicorn, with UV for dependency management.frontend/: React frontend using Vite and pnpm for dependency management.
- Node.js (with pnpm installed)
- Python (with UV installed)
-
Install all dependencies (frontend and backend):
pnpm run install:all
To run both the frontend and backend development servers concurrently:
pnpm run devThis will start:
- The backend server (FastAPI/Uvicorn) with auto-reloading.
- The frontend development server (Vite).
To build both the frontend and backend:
pnpm run buildThis will:
- Build the frontend for production.
- (Note: Backend build step is currently a placeholder and not fully implemented.)
The project includes a JWT-based authentication system and a simple admin-only user management panel.
- JWT endpoints (under
/api):POST /auth/token: Login with email (username) and password usingapplication/x-www-form-urlencoded. Returnsaccess_token.POST /auth/logout: Stateless logout endpoint (for symmetry).GET /auth/me: Returns current user info usingAuthorization: Bearer <token>.POST /auth/change-password: Change password for the authenticated user. Body:{ current_password, new_password }.
- Admin-only user management endpoints:
GET /users: List users (id, email, name) — admin only.POST /users: Create user — admin only. Body:{ email, name?, password }.DELETE /users/{user_id}: Delete user — admin only. Prevents deleting[email protected].
- CORS: Configured for
http://localhost:5173andhttp://127.0.0.1:5173. - Admin bootstrap on startup:
- On app startup, if
INIT_ADMINis truthy (default: true), the backend ensures an admin user exists:- Email:
[email protected] - Password:
123456 - Name:
Admin User
- Email:
- On app startup, if
- UI features:
- Login form (centered vertically and horizontally).
- Top header displays current user after login.
- Change Password via a dialog (Radix Dialog component).
- User Management section (admin only): list, create, delete users. Delete for
[email protected]is disabled. - All operations (login, logout, change password, create/delete user) show success/error toasts.
- Data fetching:
- Migrated to TanStack Query for fetching/caching/mutations.
- Queries:
['me']: fetches/api/auth/mewhen a token is present.['users']: fetches/api/userswhen a token is present AND current user is admin.
- Mutations:
- Login:
POST /api/auth/token— saves token tolocalStorageand invalidates['me']. - Change password:
POST /api/auth/change-password— success closes dialog and toasts. - Create user:
POST /api/users— invalidates['users']. - Delete user:
DELETE /api/users/{id}— invalidates['users'].
- Login:
- Token handling:
- On login, token stored in
localStorageand used in Authorization headers. - On logout, token cleared and QueryClient cache reset.
- On login, token stored in
- UI libraries:
@tanstack/react-queryfor data fetching and mutations@radix-ui/react-dialogwith a thin wrapper underfrontend/app/components/ui/dialog.tsxreact-hot-toastfor toastsclass-variance-authority,tailwind-mergeutilities
- Layout:
- Login view is fully centered (both axes).
- Post-login panel is centered with a max width to improve readability.
-
Install dependencies:
pnpm run install:all
-
Run both servers:
pnpm run dev
-
Open
http://localhost:5173/and login with:- Email:
[email protected] - Password:
123456
- Email:
-
Notes:
- Set
INIT_ADMIN=falseto disable auto-creation of admin on startup. - Non-admin users cannot view or access the User Management module. The backend also enforces admin-only access.
- Default token expiration is 30 minutes; configurable in
backend/auth.py.
- Set