Welcome to my FastAPI Secure Login & Admin API project! 🎉 This began as a learning adventure in API security, packed with features like secure user authentication, rate limiting, and more crafted for anyone keen to understand and apply security principles in modern API development.
This project was created for learning and demonstration purposes. While it follows best practices, certain configurations may be more advanced or simplified than needed in a production setting. Use this as a foundation and adapt to your specific needs when building production-ready applications. Also, note that this project is compatible with the following versions:
- Pydantic: 2.7.0
- SQLAlchemy: 2.0.23
- FastAPI: 0.115.3
This API combines essential security features like JWT-based token authentication, rate limiting, and secure cookie handling to create a sturdy base for login and admin management. It’s designed as both a learning tool and a starting point for projects that need a solid foundation in API security. Some features may seem advanced for smaller projects, but they showcase patterns that are adaptable to real-world scenarios.
✨ Think of this as a playground for learning, testing, and evolving API security skills. The goal here is secure functionality that can grow with you. ✨
- FastAPI Power: Fast and effective API development, nobody likes a slow server! 🏃♂️
- OAuth 2.0 & JWTs: Strong session security with access and refresh tokens stored in cookies for added protection 🔒
- PostgreSQL Database: Reliable and efficient data storage to back the API 📂
- Rate Limiting: Prevents abuse by capping requests, fully customizable to meet specific needs 🚦
- SSL Ready: Secure connections for production-readiness 🔐
- Clean, Modular Code: Built to be maintainable and extendable as needed 🧹
You’ll need the following to get started:
- Python 3.11+: For the latest features 🐍
- PostgreSQL: Our database of choice for storing user data 🗄️
- Docker: To make deployment a breeze 🐳
-
Clone the Repository:
git clone https://github.com/CamiloCod3/Secure-Login-Admin-API.git cd Secure-Login-Admin-API -
Install Dependencies:
poetry install
-
Set Up Environment: Copy
.env.exampleto.env, then add your secrets 🛠️ -
Launch with Docker:
docker-compose up --build
This API is built with security at its core, showcasing techniques to protect data and enforce access controls:
- Password Hashing: Ensures passwords are stored securely 🔑
- Token-based Auth: Managed with JWT tokens for secure, verified access 🛂
- SSL Configuration: Keeps connections encrypted 🔐
- Input Validation: Blocks unwanted inputs, keeping the API secure and reliable 🛡️
For a production setting, consider adapting certain elements based on your needs:
- Token Management: A single access token might be sufficient for some use cases, or consider using providers like Auth0 or AWS Cognito 🔑
- Dynamic Rate Limiting: Tailor rate limits by user role or IP for better control 🕹️
- API Gateway: Offload tasks like rate limiting to a gateway (e.g., AWS API Gateway) to help with scalability and backend load 🚀
Licensed under the MIT License — use, learn, and build upon it!