# SimpleTodoApp API

A FastAPI-based backend for a simple Todo application with SQLite database and user authentication.

## Features

- User registration and authentication with JWT tokens
- Create, read, update, and delete Todo items (protected by authentication)
- User-specific Todo items
- Role-based access control (regular users and superusers)
- Health check endpoint
- SQLite database with SQLAlchemy ORM
- Database migrations with Alembic
- Comprehensive API documentation with Swagger UI and ReDoc

## Project Structure

```
simpletodoapp/
├── api/                  # API-related code
│   ├── crud/             # CRUD operations
│   │   ├── todo.py       # Todo CRUD operations
│   │   └── user.py       # User CRUD operations
│   ├── routers/          # API endpoints
│   │   ├── auth_router.py     # Authentication endpoints
│   │   ├── health_router.py   # Health check endpoint
│   │   ├── todo_router.py     # Todo endpoints
│   │   └── user_router.py     # User endpoints
│   ├── schemas/          # Pydantic models for request/response validation
│   │   ├── health.py     # Health check schemas
│   │   ├── todo.py       # Todo schemas
│   │   └── user.py       # User and authentication schemas
│   └── utils/            # Utility functions
│       └── auth.py       # Authentication utilities
├── db/                   # Database-related code
│   ├── database.py       # Database connection and session
│   └── models.py         # SQLAlchemy models
├── migrations/           # Alembic migrations
├── alembic.ini           # Alembic configuration
├── main.py               # FastAPI application entry point
└── requirements.txt      # Project dependencies
```

## Installation & Setup

1. Clone this repository
2. Install dependencies:
   ```
   pip install -r requirements.txt
   ```
3. Apply database migrations:
   ```
   alembic upgrade head
   ```
4. Run the application:
   ```
   uvicorn main:app --reload
   ```

## Authentication

The API uses JWT (JSON Web Tokens) for authentication. To use protected endpoints:

1. Register a new user using `POST /api/users`
2. Get an access token using `POST /api/auth/token` with your username and password
3. Include the token in the `Authorization` header of your requests:
   ```
   Authorization: Bearer <your_token>
   ```

Access tokens expire after 30 minutes by default.

## API Documentation

Once the server is running, you can access:
- Swagger UI documentation at `/docs`
- ReDoc documentation at `/redoc`

## API Endpoints

### Authentication

- `POST /api/auth/token` - Get access token (login)
- `POST /api/users` - Register a new user

### Users

- `GET /api/users/me` - Get current user information
- `PUT /api/users/me` - Update current user information
- `GET /api/users/{id}` - Get user information by ID (current user or superuser only)
- `GET /api/users` - List all users (superuser only)
- `DELETE /api/users/{id}` - Delete a user (superuser only)

### Todos

All todo endpoints require authentication.

- `GET /api/todos` - List all todos for current user
- `GET /api/todos/{id}` - Get a single todo by ID (owned by current user)
- `POST /api/todos` - Create a new todo (owned by current user)
- `PATCH /api/todos/{id}` - Update a todo (owned by current user)
- `DELETE /api/todos/{id}` - Delete a todo (owned by current user)

### Health

- `GET /api/health` - Health check endpoint