A robust authentication API built with FastAPI and PostgreSQL that provides secure user registration and login functionality.
🌐 Live API: https://login-signup-r2s9.onrender.com/
- API Documentation: https://login-signup-r2s9.onrender.com/docs
- Alternative Documentation: https://login-signup-r2s9.onrender.com/redoc
-
� User Authentication
- Email-based login
- Secure password hashing
- JWT token-based authentication
- Display name support
-
🔐 Security Features
- Password validation with strict requirements
- Email validation and normalization
- Token-based password reset
- Protection against common security threats
-
� Database
- PostgreSQL integration
- SQLAlchemy ORM
- Efficient connection management
- Data persistence
- FastAPI: Modern, fast web framework for building APIs
- PostgreSQL: Robust, open-source database
- SQLAlchemy: SQL toolkit and ORM
- Pydantic: Data validation using Python type annotations
- JWT: JSON Web Token for secure authentication
- Bcrypt: Secure password hashing
- Uvicorn: Lightning-fast ASGI server
- Python 3.10+
- PostgreSQL
- pip (Python package manager)
-
Clone the repository:
git clone https://github.com/krishnaborude/login-signup.git cd login-signup -
Create a virtual environment:
python -m venv .venv
-
Activate the virtual environment:
- Windows:
.venv\Scripts\activate
- Unix/MacOS:
source .venv/bin/activate
- Windows:
-
Install required packages:
pip install fastapi uvicorn sqlalchemy pydantic passlib python-jose python-multipart psycopg2-binary python-dotenv bcrypt email-validator requests
-
Create a
.envfile in the root directory with the following content:DATABASE_URL=postgresql://postgres:your_password@localhost:5432/auth_db SECRET_KEY=your_secret_key_here ALGORITHM=HS256 ACCESS_TOKEN_EXPIRE_MINUTES=30
Replace
your_passwordwith your PostgreSQL password and generate a secureSECRET_KEY.Generate a Secret Key in Python Run this command in PowerShell or CMD:
python -c "import secrets; print(secrets.token_hex(32))"
-
Create a PostgreSQL database named
auth_db:CREATE DATABASE auth_db;
-
The tables will be automatically created when you start the application.
-
Start the FastAPI server:
uvicorn app.main:app --reload
-
The API will be available at: http://127.0.0.1:8000
-
Access the interactive API documentation at: http://127.0.0.1:8000/docs
-
POST /api/v1/signup{ "email": "[email protected]", "display_name": "John Doe", "password": "SecurePass123!" }Response includes user details and welcome message.
-
POST /api/v1/login{ "email": "[email protected]", "password": "SecurePass123!" }Response includes access token and welcome message.
-
POST /api/v1/forgot-password{ "email": "[email protected]" }Returns password reset token.
-
POST /api/v1/reset-password{ "token": "reset_token_here", "new_password": "NewSecurePass123!" }Resets password and confirms success.
- Passwords are hashed using bcrypt before storage
- JWT tokens are used for authentication
- Token expiration time is configurable (default: 30 minutes)
- Environment variables for sensitive information
- Email format validation
- Username uniqueness check
- Password requirements enforcement
- Input data validation using Pydantic models
- Login with either username or email
- Clear error messages
- Interactive API documentation
- Example requests and responses
The API provides clear error messages for various scenarios:
- User already exists
- Invalid credentials
- Invalid email format
- Database connection issues
- Missing required fields
You can test the API using:
- Swagger UI: Visit http://127.0.0.1:8000/docs
- ReDoc: Visit http://127.0.0.1:8000/redoc
- Fork the repository
- Create your feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add some amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
- FastAPI documentation
- SQLAlchemy documentation
- PostgreSQL documentation
- Python-Jose for JWT handling
- Passlib for password hashing