A comprehensive Role-Based Access Control (RBAC) system with FastAPI backend and React frontend, designed to handle Authentication and Authorization for other services.
Start here: Getting Started
git clone <repository-url>
cd fastapi_rbac
docker-compose up -d
# Access at:
# Frontend: http://localhost:80
# Backend API: http://localhost:8000/docsAll documentation has been organized for easy navigation:
- π Getting Started - New developer onboarding
- π» Development - Development setup and workflows
- π Deployment - Production deployment guides
- π¦ Release Management - Complete release process and versioning guide
- π§ Troubleshooting - Problem-solving guides
- π Reference - Technical reference materials
- π Release Notes - Version history and changes
- π·οΈ Repository Info - GitHub description and recommended topics/tags
Utility scripts are organized by purpose in the scripts/ directory:
- Development:
scripts/dev/- Local development helpers - Docker:
scripts/docker/- Container operations & production builds - Deployment:
scripts/deployment/- Release and deployment - Database:
scripts/database/- Database management
- π JWT Authentication: Secure token-based auth with refresh tokens
- π‘οΈ CSRF Protection: Complete protection against Cross-Site Request Forgery
- 𧽠Input Sanitization: XSS prevention with comprehensive HTML cleaning
- β‘ Rate Limiting: DoS attack prevention on all critical endpoints
- π Security Headers: Strict Content Security Policy and browser protections
- π₯ Role-Based Access Control: Flexible permission system with role hierarchies
- π― User Management: Complete CRUD operations with admin oversight
- π’ Organization Management: Role groups and permission groups for enterprise use
- π§ͺ Comprehensive Testing: 90+ backend tests + 354 frontend tests across 16 files
- All async DB queries in backend and tests use SQLModelβs
.exec()idiom withAsyncSession(not.execute()). - See
backend/test/README.mdfor full test/factory/fixture/optimization details. - β‘ Frontend Testing: Complete coverage with Vitest, React Testing Library
- π API Testing: Comprehensive service layer testing with mocking
- π§ Email Integration: Notifications and password reset functionality
- β‘ Background Tasks: Celery integration for async operations
- π³ Docker Ready: Full containerization with production configs
- π API Documentation: Auto-generated OpenAPI/Swagger docs
fastapi_rbac/
βββ π backend/ # FastAPI application
β βββ app/ # Main application code
β βββ alembic/ # Database migrations
β βββ tests/ # Backend tests
βββ π react-frontend/ # React TypeScript app
β βββ src/ # Frontend source code
β βββ public/ # Static assets
βββ π docs/ # π Organized documentation
β βββ getting-started/ # New developer guides
β βββ development/ # Development workflows
β βββ deployment/ # Production guides
β βββ troubleshooting/ # Problem solving
β βββ reference/ # Technical references
βββ π scripts/ # π οΈ Utility scripts
β βββ dev/ # Development helpers
β βββ docker/ # Container operations
β βββ deployment/ # Release scripts
β β βββ production/ # Production deployment
β β βββ release/ # Release automation
β βββ database/ # DB management
βββ π docker-compose.dev.yml # Development environment
βββ π docker-compose.test.yml # Testing environment
βββ π docker-compose.prod-test.yml # Production testing environment
# Follow the comprehensive setup guide
# This covers IDE setup, dependencies, and configuration
.\docs\development\DEVELOPER_SETUP.md# Start development environment
docker-compose up -d
# Run backend tests
.\scripts\dev\run-tests.ps1
# Run frontend tests
cd react-frontend
npm test
# Access services:
# - Frontend: http://localhost:80
# - Backend: http://localhost:8000
# - API Docs: http://localhost:8000/docs# Validate production setup
.\scripts\docker\validate-config.ps1 -Validate
# Test production configuration locally
.\scripts\docker\test-production.ps1
# Create a new release
.\scripts\deployment\release\Create-Release.ps1 -Version v0.2.0| Task | Command | Documentation |
|---|---|---|
| Start development | docker-compose up -d |
Getting Started |
| Run backend tests | .οΏ½scripts\dev\run-tests.ps1 |
Testing Guide |
| Run frontend tests | cd react-frontend && npm test |
Frontend Testing |
| Security validation | python backend/test/test_csrf_implementation.py |
Security Features |
| Deploy to production | .οΏ½scripts\deployment\push-to-dockerhub.ps1 |
Deployment |
| Troubleshoot CORS | .οΏ½scripts\docker\diagnose-cors.ps1 |
CORS Guide |
| Database migration | .οΏ½scripts\database\migrate-db.ps1 |
DB Reference |
This project supports both Docker Compose-based and local integration testing for the backend.
-
Docker Compose-based testing (recommended for CI and team consistency):
- Uses
backend/.env.testfor environment variables. - Database and Redis hostnames:
DATABASE_HOST=fastapi_rbac_db_testREDIS_HOST=fastapi_rbac_redis_testREDIS_URL=redis://fastapi_rbac_redis_test:6379/0
- Run with:
docker-compose -f docker-compose.test.yml up --build --abort-on-container-exit
- Uses
-
Local testing (if you want to run tests outside Docker):
- Uses
backend/.env.test.localfor environment variables. - Database and Redis hostnames:
DATABASE_HOST=localhostREDIS_HOST=localhostREDIS_URL=redis://localhost:6379/0
- Make sure Postgres and Redis are running locally.
- Run tests with:
pytest backend/test/integration/
- Uses
See comments in backend/.env.example for more details.
All backend test running is now managed through a single script: backend/test_runner.py.
- Run all tests:
python backend/test_runner.py all - Run unit tests only:
python backend/test_runner.py unit - Run integration tests only:
python backend/test_runner.py integration - Run a specific test file:
python backend/test_runner.py specific --path backend/test/unit/test_crud_user.py
- Run the comprehensive demo suite:
python backend/test_runner.py demo - Other options: See Test Runner Help for more.
Note: All previous test scripts (
run_tests.py,run_comprehensive_tests.py,test_all_units.py,run_final_tests.py) have been removed. Use onlytest_runner.pyfor all test operations.
- For full details on test/factory/fixture usage, see Test Suite Guide.
- π Check documentation: Start with Getting Started
- π§ Browse troubleshooting: See Troubleshooting Guides
- π¬ Ask the team: Create an issue with detailed information
- π Read the code: Well-documented with inline comments
- Read the Development Setup
- Follow the Coding Standards
- Write tests for new features
- Update documentation as needed
This project is pre-configured to use the GitHub MCP server for Copilot Chat automation and repository management.
- Workspace Scope: The
.vscode/mcp.jsonfile ensures this configuration only applies to this repository. - Getting Started: Open Copilot Chat in VS Code, switch to Agent mode, and select the "github" MCP server.
- Example Prompts:
List all open issues in this repositoryCreate a new issue titled "Test MCP server connection"Show all collaboratorsList open pull requests
- Best Practices:
- Use clear, action-oriented prompts (e.g., "Create", "List", "Show").
- Reference issues, PRs, or resources by number or name when possible.
- Check the Copilot Chat tools menu for available actions.
For advanced usage and troubleshooting, see docs/development/MCP_SERVER.md.
Ready to get started? π Click here to begin!
uvicorn app.main:app --port 8001 --reload
# Navigate to frontend directory
cd react-frontend
# Install dependencies
npm install
# Run the development server
npm run devRun the entire stack:
# From project root
docker-compose up -dRun only specific components:
# Just the backend
cd backend
docker-compose up -d
# Just the frontend
cd react-frontend
docker-compose up -dThis project is licensed under the terms of the MIT license.