# Simple Todo Application API with Authentication

This is a REST API for a todo application built with FastAPI and SQLite, featuring user authentication and authorization.

## Features

- User registration and authentication with JWT tokens
- Secure password hashing with bcrypt
- User-specific todo items
- Create, read, update, and delete todo items
- User profile management
- Role-based access control
- Health endpoint for application monitoring
- API documentation via Swagger UI and ReDoc
- Database migrations using Alembic
- SQLite database for data storage

## Project Structure

```
├── app/
│   ├── api/           # API endpoints
│   ├── core/          # Core functionality, security, dependencies
│   ├── crud/          # Database CRUD operations
│   ├── db/            # Database connection and utilities
│   ├── models/        # SQLAlchemy models
│   └── schemas/       # Pydantic schemas
├── migrations/        # Alembic migration scripts
├── main.py            # FastAPI application entry point
├── alembic.ini        # Alembic configuration
└── requirements.txt   # Project dependencies
```

## Installation

1. Clone the repository
2. Install the dependencies:

```bash
pip install -r requirements.txt
```

## Running the Application

Start the application with:

```bash
uvicorn main:app --reload
```

The API will be available at http://localhost:8000

## API Documentation

- Swagger UI: http://localhost:8000/docs
- ReDoc: http://localhost:8000/redoc

## API Endpoints

### Authentication

- `POST /auth/register`: Register a new user
- `POST /auth/login`: Login and get access token
- `POST /auth/refresh`: Refresh access token
- `GET /auth/me`: Get current user information

### Users

- `GET /users/`: Get all users (requires authentication)
- `GET /users/{id}`: Get a specific user by ID (requires authentication)
- `PATCH /users/{id}`: Update a user (requires authentication and ownership)
- `DELETE /users/{id}`: Delete a user (requires authentication and ownership)

### Todo Items

- `GET /todos`: Get all todo items for the current user
- `POST /todos`: Create a new todo item
- `GET /todos/{id}`: Get a specific todo item
- `PATCH /todos/{id}`: Update a todo item
- `DELETE /todos/{id}`: Delete a todo item

**Note:** All todo operations require authentication and only access to the user's own todos is allowed.

### Other

- `GET /`: Root endpoint with API information
- `GET /health`: Health check endpoint

## Authentication Flow

1. Register a new user: `POST /auth/register`
2. Login to get a JWT token: `POST /auth/login`
3. Use the token in the Authorization header for all subsequent requests: `Authorization: Bearer {token}`

## Database Migrations

Run migrations with:

```bash
alembic upgrade head
```

## Development

This project uses Ruff for linting. Run the linter with:

```bash
ruff check .
```

To automatically fix issues:

```bash
ruff check --fix .
```