# Ecommerce Authentication and Inventory API A FastAPI backend that provides authentication, product management, and inventory tracking for an ecommerce application. ## Features - User authentication with JWT tokens - Role-based access control (admin, staff, customer) - Product and category management - Inventory tracking with transaction history - Admin-only routes for sensitive operations - SQLite database with SQLAlchemy ORM - Database migrations with Alembic ## Project Structure ``` ecommerceauthenticationandinventoryapi/ ├── app/ │ ├── api/ │ │ ├── endpoints/ │ │ │ ├── auth.py │ │ │ ├── inventory.py │ │ │ ├── products.py │ │ │ └── users.py │ │ ├── api.py │ │ └── deps.py │ ├── core/ │ │ ├── config.py │ │ └── security.py │ ├── crud/ │ │ ├── inventory.py │ │ ├── product.py │ │ └── user.py │ ├── db/ │ │ ├── base.py │ │ ├── deps.py │ │ └── session.py │ ├── models/ │ │ ├── inventory.py │ │ ├── product.py │ │ └── user.py │ └── schemas/ │ ├── auth.py │ ├── inventory.py │ ├── product.py │ ├── token.py │ └── user.py ├── migrations/ │ └── versions/ │ └── 00001_initial_schema.py ├── alembic.ini ├── main.py └── requirements.txt ``` ## API Endpoints ### Authentication - `POST /api/v1/auth/register` - Register a new user - `POST /api/v1/auth/login` - Login with username/password (OAuth2 form) - `POST /api/v1/auth/login/json` - Login with email/password (JSON) - `GET /api/v1/auth/me` - Get current user details ### Users - `GET /api/v1/users/` - Get all users (admin only) - `POST /api/v1/users/` - Create a new user (admin only) - `GET /api/v1/users/{user_id}` - Get user by ID - `PUT /api/v1/users/{user_id}` - Update user - `DELETE /api/v1/users/{user_id}` - Delete user (admin only) ### Products - `GET /api/v1/products/` - Get all products - `POST /api/v1/products/` - Create a new product (admin only) - `GET /api/v1/products/{product_id}` - Get product by ID - `PUT /api/v1/products/{product_id}` - Update product (admin only) - `DELETE /api/v1/products/{product_id}` - Delete product (admin only) ### Categories - `GET /api/v1/products/categories/` - Get all categories - `POST /api/v1/products/categories/` - Create a new category (admin only) - `GET /api/v1/products/categories/{category_id}` - Get category by ID - `PUT /api/v1/products/categories/{category_id}` - Update category (admin only) - `DELETE /api/v1/products/categories/{category_id}` - Delete category (admin only) ### Inventory - `GET /api/v1/inventory/items/` - Get all inventory items - `POST /api/v1/inventory/items/` - Create a new inventory item (admin only) - `GET /api/v1/inventory/items/{item_id}` - Get inventory item by ID - `PUT /api/v1/inventory/items/{item_id}` - Update inventory item (admin only) - `DELETE /api/v1/inventory/items/{item_id}` - Delete inventory item (admin only) ### Inventory Transactions - `GET /api/v1/inventory/transactions/` - Get all transactions (admin only) - `POST /api/v1/inventory/transactions/` - Create a new transaction (admin only) - `GET /api/v1/inventory/transactions/{transaction_id}` - Get transaction by ID (admin only) ## Getting Started ### Prerequisites - Python 3.8+ - SQLite ### Installation 1. Clone the repository 2. Install dependencies: ``` pip install -r requirements.txt ``` 3. Set up environment variables (see below) 4. Run database migrations: ``` alembic upgrade head ``` 5. Start the server: ``` uvicorn main:app --host 0.0.0.0 --port 8000 --reload ``` ### Environment Variables Create a `.env` file in the root directory with the following variables: ``` SECRET_KEY=your-secret-key-here ACCESS_TOKEN_EXPIRE_MINUTES=30 BACKEND_CORS_ORIGINS=["*"] # For production, specify allowed origins ``` ## Documentation API documentation is available at: - Swagger UI: `/docs` - ReDoc: `/redoc` - OpenAPI JSON: `/openapi.json` ## Authentication This API uses JWT tokens for authentication. To authenticate: 1. Register a user or login with existing credentials 2. Use the returned access token in the Authorization header for subsequent requests: ``` Authorization: Bearer ``` ## User Roles - **Admin**: Full access to all endpoints - **Staff**: Access to view products and inventory - **Customer**: Limited access to view products