Implement small business inventory management system with FastAPI and SQLite

- Created complete RESTful API for inventory management
- Set up database models for items, categories, suppliers, and transactions
- Implemented user authentication with JWT tokens
- Added transaction tracking for inventory movements
- Created comprehensive API endpoints for all CRUD operations
- Set up Alembic for database migrations
- Added input validation and error handling
- Created detailed documentation in README

README.md

@@ -1,3 +1,135 @@
-# FastAPI Application
+# Small Business Inventory Management System
 
-This is a FastAPI application bootstrapped by BackendIM, the AI-powered backend generation platform.
+A RESTful API built with FastAPI and SQLite to help small businesses manage their inventory, track stock levels, and handle inventory transactions.
+
+## Features
+
+- User authentication with JWT tokens
+- Inventory items management with categories and suppliers
+- Stock level monitoring and low-stock alerts
+- Transaction tracking (purchases, sales, adjustments, returns)
+- Comprehensive reporting endpoints
+- Role-based access control
+
+## Technology Stack
+
+- **Framework**: FastAPI
+- **Database**: SQLite with SQLAlchemy ORM
+- **Migrations**: Alembic
+- **Authentication**: JWT tokens with password hashing
+- **Validation**: Pydantic
+- **Code Quality**: Ruff
+
+## Getting Started
+
+### Prerequisites
+
+- Python 3.8+
+- Virtual environment (recommended)
+
+### Installation
+
+1. Clone the repository:
+   ```bash
+   git clone <repository-url>
+   cd smallbusinessinventorymanagementsystem
+   ```
+
+2. Create and activate a virtual environment:
+   ```bash
+   python -m venv venv
+   source venv/bin/activate  # On Windows, use: venv\Scripts\activate
+   ```
+
+3. Install dependencies:
+   ```bash
+   pip install -r requirements.txt
+   ```
+
+4. Set up environment variables:
+   ```bash
+   export SECRET_KEY="your-secret-key-here"  # For production, use a strong random key
+   ```
+
+5. Run database migrations:
+   ```bash
+   alembic upgrade head
+   ```
+
+6. Start the application:
+   ```bash
+   uvicorn main:app --reload
+   ```
+
+The API will be available at http://localhost:8000. The interactive API documentation is available at http://localhost:8000/docs.
+
+## API Endpoints
+
+### Authentication
+- `POST /api/v1/login/access-token` - Get an access token
+- `POST /api/v1/login/test-token` - Test an access token
+
+### Users
+- `GET /api/v1/users/` - Get all users (admin only)
+- `POST /api/v1/users/` - Create a new user (admin only)
+- `GET /api/v1/users/me` - Get current user
+- `PUT /api/v1/users/me` - Update current user
+- `GET /api/v1/users/{user_id}` - Get a specific user
+- `PUT /api/v1/users/{user_id}` - Update a specific user (admin only)
+
+### Items
+- `GET /api/v1/items/` - Get all items
+- `POST /api/v1/items/` - Create a new item
+- `GET /api/v1/items/{id}` - Get an item by ID
+- `PUT /api/v1/items/{id}` - Update an item
+- `DELETE /api/v1/items/{id}` - Delete an item
+- `GET /api/v1/items/by-category/{category_id}` - Get items by category
+- `GET /api/v1/items/by-supplier/{supplier_id}` - Get items by supplier
+- `GET /api/v1/items/low-stock/` - Get items with low stock
+
+### Categories
+- `GET /api/v1/categories/` - Get all categories
+- `POST /api/v1/categories/` - Create a new category
+- `GET /api/v1/categories/{id}` - Get a category by ID
+- `PUT /api/v1/categories/{id}` - Update a category
+- `DELETE /api/v1/categories/{id}` - Delete a category
+
+### Suppliers
+- `GET /api/v1/suppliers/` - Get all suppliers
+- `POST /api/v1/suppliers/` - Create a new supplier
+- `GET /api/v1/suppliers/{id}` - Get a supplier by ID
+- `PUT /api/v1/suppliers/{id}` - Update a supplier
+- `DELETE /api/v1/suppliers/{id}` - Delete a supplier
+
+### Transactions
+- `GET /api/v1/transactions/` - Get all transactions
+- `POST /api/v1/transactions/` - Create a new transaction
+- `GET /api/v1/transactions/{id}` - Get a transaction by ID
+- `GET /api/v1/transactions/by-item/{item_id}` - Get transactions by item
+- `GET /api/v1/transactions/by-user/{user_id}` - Get transactions by user (admin only)
+- `GET /api/v1/transactions/by-type/{transaction_type}` - Get transactions by type
+- `GET /api/v1/transactions/by-date-range/` - Get transactions by date range
+
+## Environment Variables
+
+| Variable | Description | Default Value |
+|----------|-------------|---------------|
+| SECRET_KEY | Key used for JWT token generation | "your-secret-key-here-make-sure-to-change-in-production" |
+| ACCESS_TOKEN_EXPIRE_MINUTES | Token expiration time in minutes | 11520 (8 days) |
+
+## Development
+
+### Running Tests
+```bash
+pytest
+```
+
+### Linting with Ruff
+```bash
+ruff check .
+ruff format .
+```
+
+## License
+
+This project is licensed under the MIT License - see the LICENSE file for details.

alembic.ini

@@ -0,0 +1,98 @@
+# A generic, single database configuration.
+
+[alembic]
+# path to migration scripts
+script_location = migrations
+
+# template used to generate migration files
+# file_template = %%(rev)s_%%(slug)s
+
+# sys.path path, will be prepended to sys.path if present.
+# defaults to the current working directory.
+prepend_sys_path = .
+
+# timezone to use when rendering the date within the migration file
+# as well as the filename.
+# If specified, requires the python-dateutil library that can be
+# installed by adding `alembic[tz]` to the pip requirements
+# string value is passed to dateutil.tz.gettz()
+# leave blank for localtime
+# timezone =
+
+# max length of characters to apply to the
+# "slug" field
+# truncate_slug_length = 40
+
+# set to 'true' to run the environment during
+# the 'revision' command, regardless of autogenerate
+# revision_environment = false
+
+# set to 'true' to allow .pyc and .pyo files without
+# a source .py file to be detected as revisions in the
+# versions/ directory
+# sourceless = false
+
+# version location specification; This defaults
+# to migrations/versions.  When using multiple version
+# directories, initial revisions must be specified with --version-path.
+# The path separator used here should be the separator specified by "version_path_separator" below.
+# version_locations = %(here)s/bar:%(here)s/bat:migrations/versions
+
+# version path separator; The path separator used here should not be the
+# same as in the path to the migrations directory.
+# Can be used to provide a different path separator for the
+# version_locations string
+# version_path_separator = :
+
+# the output encoding used when revision files
+# are written from script.py.mako
+# output_encoding = utf-8
+
+# SQLite URL using absolute path
+sqlalchemy.url = sqlite:////app/storage/db/db.sqlite
+
+[post_write_hooks]
+# post_write_hooks defines scripts or Python functions that are run
+# on newly generated revision scripts.  See the documentation for further
+# detail and examples
+
+# format using "black" - use the console_scripts runner, against the "black" entrypoint
+# hooks = black
+# black.type = console_scripts
+# black.entrypoint = black
+# black.options = -l 79 REVISION_SCRIPT_FILENAME
+
+# Logging configuration
+[loggers]
+keys = root,sqlalchemy,alembic
+
+[handlers]
+keys = console
+
+[formatters]
+keys = generic
+
+[logger_root]
+level = WARN
+handlers = console
+qualname =
+
+[logger_sqlalchemy]
+level = WARN
+handlers =
+qualname = sqlalchemy.engine
+
+[logger_alembic]
+level = INFO
+handlers =
+qualname = alembic
+
+[handler_console]
+class = StreamHandler
+args = (sys.stderr,)
+level = NOTSET
+formatter = generic
+
+[formatter_generic]
+format = %(levelname)-5.5s [%(name)s] %(message)s
+datefmt = %H:%M:%S

app/api/api_v1/api.py

@@ -0,0 +1,10 @@
+from fastapi import APIRouter
+
+from app.api.api_v1.endpoints import items, categories, suppliers, transactions, users
+
+api_router = APIRouter()
+api_router.include_router(items.router, prefix="/items", tags=["items"])
+api_router.include_router(categories.router, prefix="/categories", tags=["categories"])
+api_router.include_router(suppliers.router, prefix="/suppliers", tags=["suppliers"])
+api_router.include_router(transactions.router, prefix="/transactions", tags=["transactions"])
+api_router.include_router(users.router, prefix="/users", tags=["users"])

app/api/api_v1/endpoints/categories.py

@@ -0,0 +1,113 @@
+from typing import Any, List
+
+from fastapi import APIRouter, Depends, HTTPException
+from sqlalchemy.orm import Session
+
+from app import crud, models, schemas
+from app.api import deps
+
+router = APIRouter()
+
+
+@router.get("/", response_model=List[schemas.Category])
+def read_categories(
+    db: Session = Depends(deps.get_db),
+    skip: int = 0,
+    limit: int = 100,
+    current_user: models.User = Depends(deps.get_current_active_user),
+) -> Any:
+    """
+    Retrieve categories.
+    """
+    categories = crud.category.get_multi(db, skip=skip, limit=limit)
+    return categories
+
+
+@router.post("/", response_model=schemas.Category)
+def create_category(
+    *,
+    db: Session = Depends(deps.get_db),
+    category_in: schemas.CategoryCreate,
+    current_user: models.User = Depends(deps.get_current_active_user),
+) -> Any:
+    """
+    Create new category.
+    """
+    category = crud.category.get_by_name(db, name=category_in.name)
+    if category:
+        raise HTTPException(
+            status_code=400,
+            detail="A category with this name already exists.",
+        )
+    category = crud.category.create(db, obj_in=category_in)
+    return category
+
+
+@router.put("/{id}", response_model=schemas.Category)
+def update_category(
+    *,
+    db: Session = Depends(deps.get_db),
+    id: str,
+    category_in: schemas.CategoryUpdate,
+    current_user: models.User = Depends(deps.get_current_active_user),
+) -> Any:
+    """
+    Update a category.
+    """
+    category = crud.category.get(db, id=id)
+    if not category:
+        raise HTTPException(status_code=404, detail="Category not found")
+    
+    # Check if updating to an existing name
+    if category_in.name and category_in.name != category.name:
+        existing_category = crud.category.get_by_name(db, name=category_in.name)
+        if existing_category:
+            raise HTTPException(
+                status_code=400,
+                detail="A category with this name already exists.",
+            )
+    
+    category = crud.category.update(db, db_obj=category, obj_in=category_in)
+    return category
+
+
+@router.get("/{id}", response_model=schemas.Category)
+def read_category(
+    *,
+    db: Session = Depends(deps.get_db),
+    id: str,
+    current_user: models.User = Depends(deps.get_current_active_user),
+) -> Any:
+    """
+    Get category by ID.
+    """
+    category = crud.category.get(db, id=id)
+    if not category:
+        raise HTTPException(status_code=404, detail="Category not found")
+    return category
+
+
+@router.delete("/{id}", response_model=schemas.Category)
+def delete_category(
+    *,
+    db: Session = Depends(deps.get_db),
+    id: str,
+    current_user: models.User = Depends(deps.get_current_active_superuser),
+) -> Any:
+    """
+    Delete a category.
+    """
+    category = crud.category.get(db, id=id)
+    if not category:
+        raise HTTPException(status_code=404, detail="Category not found")
+    
+    # Check if any items are using this category
+    items = crud.item.get_by_category(db, category_id=id)
+    if items:
+        raise HTTPException(
+            status_code=400,
+            detail="Cannot delete category that is in use by items. Update or delete those items first.",
+        )
+    
+    category = crud.category.remove(db, id=id)
+    return category

app/api/api_v1/endpoints/items.py

@@ -0,0 +1,199 @@
+from typing import Any, List
+
+from fastapi import APIRouter, Depends, HTTPException
+from sqlalchemy.orm import Session
+
+from app import crud, models, schemas
+from app.api import deps
+
+router = APIRouter()
+
+
+@router.get("/", response_model=List[schemas.Item])
+def read_items(
+    db: Session = Depends(deps.get_db),
+    skip: int = 0,
+    limit: int = 100,
+    current_user: models.User = Depends(deps.get_current_active_user),
+) -> Any:
+    """
+    Retrieve items.
+    """
+    items = crud.item.get_multi(db, skip=skip, limit=limit)
+    return items
+
+
+@router.post("/", response_model=schemas.Item)
+def create_item(
+    *,
+    db: Session = Depends(deps.get_db),
+    item_in: schemas.ItemCreate,
+    current_user: models.User = Depends(deps.get_current_active_user),
+) -> Any:
+    """
+    Create new item.
+    """
+    # Check if SKU already exists
+    item = crud.item.get_by_sku(db, sku=item_in.sku)
+    if item:
+        raise HTTPException(
+            status_code=400,
+            detail="An item with this SKU already exists."
+        )
+    
+    # Validate category_id if provided
+    if item_in.category_id:
+        category = crud.category.get(db, id=item_in.category_id)
+        if not category:
+            raise HTTPException(
+                status_code=404,
+                detail=f"Category with ID {item_in.category_id} not found"
+            )
+    
+    # Validate supplier_id if provided
+    if item_in.supplier_id:
+        supplier = crud.supplier.get(db, id=item_in.supplier_id)
+        if not supplier:
+            raise HTTPException(
+                status_code=404,
+                detail=f"Supplier with ID {item_in.supplier_id} not found"
+            )
+    
+    item = crud.item.create(db, obj_in=item_in)
+    return item
+
+
+@router.put("/{id}", response_model=schemas.Item)
+def update_item(
+    *,
+    db: Session = Depends(deps.get_db),
+    id: str,
+    item_in: schemas.ItemUpdate,
+    current_user: models.User = Depends(deps.get_current_active_user),
+) -> Any:
+    """
+    Update an item.
+    """
+    item = crud.item.get(db, id=id)
+    if not item:
+        raise HTTPException(status_code=404, detail="Item not found")
+    
+    # Check if updating to an existing SKU
+    if item_in.sku and item_in.sku != item.sku:
+        existing_item = crud.item.get_by_sku(db, sku=item_in.sku)
+        if existing_item:
+            raise HTTPException(
+                status_code=400,
+                detail="An item with this SKU already exists."
+            )
+    
+    # Validate category_id if provided
+    if item_in.category_id and item_in.category_id != item.category_id:
+        category = crud.category.get(db, id=item_in.category_id)
+        if not category:
+            raise HTTPException(
+                status_code=404,
+                detail=f"Category with ID {item_in.category_id} not found"
+            )
+    
+    # Validate supplier_id if provided
+    if item_in.supplier_id and item_in.supplier_id != item.supplier_id:
+        supplier = crud.supplier.get(db, id=item_in.supplier_id)
+        if not supplier:
+            raise HTTPException(
+                status_code=404,
+                detail=f"Supplier with ID {item_in.supplier_id} not found"
+            )
+    
+    item = crud.item.update(db, db_obj=item, obj_in=item_in)
+    return item
+
+
+@router.get("/{id}", response_model=schemas.Item)
+def read_item(
+    *,
+    db: Session = Depends(deps.get_db),
+    id: str,
+    current_user: models.User = Depends(deps.get_current_active_user),
+) -> Any:
+    """
+    Get item by ID.
+    """
+    item = crud.item.get(db, id=id)
+    if not item:
+        raise HTTPException(status_code=404, detail="Item not found")
+    return item
+
+
+@router.delete("/{id}", response_model=schemas.Item)
+def delete_item(
+    *,
+    db: Session = Depends(deps.get_db),
+    id: str,
+    current_user: models.User = Depends(deps.get_current_active_superuser),
+) -> Any:
+    """
+    Delete an item.
+    """
+    item = crud.item.get(db, id=id)
+    if not item:
+        raise HTTPException(status_code=404, detail="Item not found")
+    item = crud.item.remove(db, id=id)
+    return item
+
+
+@router.get("/by-category/{category_id}", response_model=List[schemas.Item])
+def read_items_by_category(
+    *,
+    db: Session = Depends(deps.get_db),
+    category_id: str,
+    skip: int = 0,
+    limit: int = 100,
+    current_user: models.User = Depends(deps.get_current_active_user),
+) -> Any:
+    """
+    Get items by category.
+    """
+    # Validate category exists
+    category = crud.category.get(db, id=category_id)
+    if not category:
+        raise HTTPException(status_code=404, detail="Category not found")
+    
+    items = crud.item.get_by_category(db, category_id=category_id, skip=skip, limit=limit)
+    return items
+
+
+@router.get("/by-supplier/{supplier_id}", response_model=List[schemas.Item])
+def read_items_by_supplier(
+    *,
+    db: Session = Depends(deps.get_db),
+    supplier_id: str,
+    skip: int = 0,
+    limit: int = 100,
+    current_user: models.User = Depends(deps.get_current_active_user),
+) -> Any:
+    """
+    Get items by supplier.
+    """
+    # Validate supplier exists
+    supplier = crud.supplier.get(db, id=supplier_id)
+    if not supplier:
+        raise HTTPException(status_code=404, detail="Supplier not found")
+    
+    items = crud.item.get_by_supplier(db, supplier_id=supplier_id, skip=skip, limit=limit)
+    return items
+
+
+@router.get("/low-stock/", response_model=List[schemas.Item])
+def read_low_stock_items(
+    *,
+    db: Session = Depends(deps.get_db),
+    skip: int = 0,
+    limit: int = 100,
+    current_user: models.User = Depends(deps.get_current_active_user),
+) -> Any:
+    """
+    Get all items with stock levels at or below their minimum threshold.
+    """
+    items = crud.item.get_low_stock_items(db, skip=skip, limit=limit)
+    return items

app/api/api_v1/endpoints/login.py

@@ -0,0 +1,44 @@
+from datetime import timedelta
+from typing import Any
+
+from fastapi import APIRouter, Depends, HTTPException
+from fastapi.security import OAuth2PasswordRequestForm
+from sqlalchemy.orm import Session
+
+from app import crud, models, schemas
+from app.api import deps
+from app.core import security
+from app.core.config import settings
+
+router = APIRouter()
+
+
+@router.post("/login/access-token", response_model=schemas.Token)
+def login_access_token(
+    db: Session = Depends(deps.get_db), form_data: OAuth2PasswordRequestForm = Depends()
+) -> Any:
+    """
+    OAuth2 compatible token login, get an access token for future requests
+    """
+    user = crud.user.authenticate(
+        db, email=form_data.username, password=form_data.password
+    )
+    if not user:
+        raise HTTPException(status_code=400, detail="Incorrect email or password")
+    elif not crud.user.is_active(user):
+        raise HTTPException(status_code=400, detail="Inactive user")
+    access_token_expires = timedelta(minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES)
+    return {
+        "access_token": security.create_access_token(
+            user.id, expires_delta=access_token_expires
+        ),
+        "token_type": "bearer",
+    }
+
+
+@router.post("/login/test-token", response_model=schemas.User)
+def test_token(current_user: models.User = Depends(deps.get_current_user)) -> Any:
+    """
+    Test access token
+    """
+    return current_user

app/api/api_v1/endpoints/suppliers.py

@@ -0,0 +1,113 @@
+from typing import Any, List
+
+from fastapi import APIRouter, Depends, HTTPException
+from sqlalchemy.orm import Session
+
+from app import crud, models, schemas
+from app.api import deps
+
+router = APIRouter()
+
+
+@router.get("/", response_model=List[schemas.Supplier])
+def read_suppliers(
+    db: Session = Depends(deps.get_db),
+    skip: int = 0,
+    limit: int = 100,
+    current_user: models.User = Depends(deps.get_current_active_user),
+) -> Any:
+    """
+    Retrieve suppliers.
+    """
+    suppliers = crud.supplier.get_multi(db, skip=skip, limit=limit)
+    return suppliers
+
+
+@router.post("/", response_model=schemas.Supplier)
+def create_supplier(
+    *,
+    db: Session = Depends(deps.get_db),
+    supplier_in: schemas.SupplierCreate,
+    current_user: models.User = Depends(deps.get_current_active_user),
+) -> Any:
+    """
+    Create new supplier.
+    """
+    supplier = crud.supplier.get_by_name(db, name=supplier_in.name)
+    if supplier:
+        raise HTTPException(
+            status_code=400,
+            detail="A supplier with this name already exists.",
+        )
+    supplier = crud.supplier.create(db, obj_in=supplier_in)
+    return supplier
+
+
+@router.put("/{id}", response_model=schemas.Supplier)
+def update_supplier(
+    *,
+    db: Session = Depends(deps.get_db),
+    id: str,
+    supplier_in: schemas.SupplierUpdate,
+    current_user: models.User = Depends(deps.get_current_active_user),
+) -> Any:
+    """
+    Update a supplier.
+    """
+    supplier = crud.supplier.get(db, id=id)
+    if not supplier:
+        raise HTTPException(status_code=404, detail="Supplier not found")
+    
+    # Check if updating to an existing name
+    if supplier_in.name and supplier_in.name != supplier.name:
+        existing_supplier = crud.supplier.get_by_name(db, name=supplier_in.name)
+        if existing_supplier:
+            raise HTTPException(
+                status_code=400,
+                detail="A supplier with this name already exists.",
+            )
+    
+    supplier = crud.supplier.update(db, db_obj=supplier, obj_in=supplier_in)
+    return supplier
+
+
+@router.get("/{id}", response_model=schemas.Supplier)
+def read_supplier(
+    *,
+    db: Session = Depends(deps.get_db),
+    id: str,
+    current_user: models.User = Depends(deps.get_current_active_user),
+) -> Any:
+    """
+    Get supplier by ID.
+    """
+    supplier = crud.supplier.get(db, id=id)
+    if not supplier:
+        raise HTTPException(status_code=404, detail="Supplier not found")
+    return supplier
+
+
+@router.delete("/{id}", response_model=schemas.Supplier)
+def delete_supplier(
+    *,
+    db: Session = Depends(deps.get_db),
+    id: str,
+    current_user: models.User = Depends(deps.get_current_active_superuser),
+) -> Any:
+    """
+    Delete a supplier.
+    """
+    supplier = crud.supplier.get(db, id=id)
+    if not supplier:
+        raise HTTPException(status_code=404, detail="Supplier not found")
+    
+    # Check if any items are using this supplier
+    items = crud.item.get_by_supplier(db, supplier_id=id)
+    if items:
+        raise HTTPException(
+            status_code=400,
+            detail="Cannot delete supplier that is in use by items. Update or delete those items first.",
+        )
+    
+    supplier = crud.supplier.remove(db, id=id)
+    return supplier

app/api/api_v1/endpoints/transactions.py

@@ -0,0 +1,182 @@
+from typing import Any, List
+from datetime import datetime, date
+
+from fastapi import APIRouter, Depends, HTTPException, Query
+from sqlalchemy.orm import Session
+
+from app import crud, models, schemas
+from app.api import deps
+from app.models.transaction import TransactionType
+
+router = APIRouter()
+
+
+@router.get("/", response_model=List[schemas.Transaction])
+def read_transactions(
+    db: Session = Depends(deps.get_db),
+    skip: int = 0,
+    limit: int = 100,
+    current_user: models.User = Depends(deps.get_current_active_user),
+) -> Any:
+    """
+    Retrieve transactions.
+    """
+    transactions = crud.transaction.get_multi(db, skip=skip, limit=limit)
+    return transactions
+
+
+@router.post("/", response_model=schemas.Transaction)
+def create_transaction(
+    *,
+    db: Session = Depends(deps.get_db),
+    transaction_in: schemas.TransactionCreate,
+    current_user: models.User = Depends(deps.get_current_active_user),
+) -> Any:
+    """
+    Create new transaction and update item quantity.
+    """
+    # Validate item exists
+    item = crud.item.get(db, id=transaction_in.item_id)
+    if not item:
+        raise HTTPException(
+            status_code=404,
+            detail=f"Item with ID {transaction_in.item_id} not found"
+        )
+    
+    # Create the transaction
+    transaction = crud.transaction.create(db, obj_in=transaction_in)
+    
+    # Update item quantity based on transaction type
+    if transaction.transaction_type == TransactionType.PURCHASE:
+        # Increase stock
+        new_quantity = item.quantity + transaction.quantity
+    elif transaction.transaction_type == TransactionType.SALE:
+        # Decrease stock, but check if enough available
+        if item.quantity < transaction.quantity:
+            raise HTTPException(
+                status_code=400,
+                detail=f"Insufficient quantity available. Only {item.quantity} items in stock."
+            )
+        new_quantity = item.quantity - transaction.quantity
+    elif transaction.transaction_type == TransactionType.ADJUSTMENT:
+        # Direct update to specified quantity
+        new_quantity = item.quantity + transaction.quantity  # Quantity can be positive or negative
+    elif transaction.transaction_type == TransactionType.RETURN:
+        # Increase stock for returns
+        new_quantity = item.quantity + transaction.quantity
+    else:
+        raise HTTPException(
+            status_code=400,
+            detail=f"Invalid transaction type: {transaction.transaction_type}"
+        )
+    
+    # Update the item quantity
+    crud.item.update(db, db_obj=item, obj_in={"quantity": new_quantity})
+    
+    return transaction
+
+
+@router.get("/{id}", response_model=schemas.Transaction)
+def read_transaction(
+    *,
+    db: Session = Depends(deps.get_db),
+    id: str,
+    current_user: models.User = Depends(deps.get_current_active_user),
+) -> Any:
+    """
+    Get transaction by ID.
+    """
+    transaction = crud.transaction.get(db, id=id)
+    if not transaction:
+        raise HTTPException(status_code=404, detail="Transaction not found")
+    return transaction
+
+
+@router.get("/by-item/{item_id}", response_model=List[schemas.Transaction])
+def read_transactions_by_item(
+    *,
+    db: Session = Depends(deps.get_db),
+    item_id: str,
+    skip: int = 0,
+    limit: int = 100,
+    current_user: models.User = Depends(deps.get_current_active_user),
+) -> Any:
+    """
+    Get transactions by item ID.
+    """
+    # Validate item exists
+    item = crud.item.get(db, id=item_id)
+    if not item:
+        raise HTTPException(status_code=404, detail="Item not found")
+    
+    transactions = crud.transaction.get_by_item(db, item_id=item_id, skip=skip, limit=limit)
+    return transactions
+
+
+@router.get("/by-user/{user_id}", response_model=List[schemas.Transaction])
+def read_transactions_by_user(
+    *,
+    db: Session = Depends(deps.get_db),
+    user_id: str,
+    skip: int = 0,
+    limit: int = 100,
+    current_user: models.User = Depends(deps.get_current_active_superuser),
+) -> Any:
+    """
+    Get transactions by user ID. Only accessible by superusers.
+    """
+    # Validate user exists
+    user = crud.user.get(db, id=user_id)
+    if not user:
+        raise HTTPException(status_code=404, detail="User not found")
+    
+    transactions = crud.transaction.get_by_user(db, user_id=user_id, skip=skip, limit=limit)
+    return transactions
+
+
+@router.get("/by-type/{transaction_type}", response_model=List[schemas.Transaction])
+def read_transactions_by_type(
+    *,
+    db: Session = Depends(deps.get_db),
+    transaction_type: TransactionType,
+    skip: int = 0,
+    limit: int = 100,
+    current_user: models.User = Depends(deps.get_current_active_user),
+) -> Any:
+    """
+    Get transactions by transaction type.
+    """
+    transactions = crud.transaction.get_by_type(
+        db, 
+        transaction_type=transaction_type, 
+        skip=skip, 
+        limit=limit
+    )
+    return transactions
+
+
+@router.get("/by-date-range/", response_model=List[schemas.Transaction])
+def read_transactions_by_date_range(
+    *,
+    db: Session = Depends(deps.get_db),
+    start_date: date = Query(..., description="Start date in format YYYY-MM-DD"),
+    end_date: date = Query(..., description="End date in format YYYY-MM-DD"),
+    skip: int = 0,
+    limit: int = 100,
+    current_user: models.User = Depends(deps.get_current_active_user),
+) -> Any:
+    """
+    Get transactions within a date range.
+    """
+    # Convert dates to datetime objects
+    start_datetime = datetime.combine(start_date, datetime.min.time())
+    end_datetime = datetime.combine(end_date, datetime.max.time())
+    
+    transactions = crud.transaction.get_by_date_range(
+        db, 
+        start_date=start_datetime, 
+        end_date=end_datetime,
+        skip=skip, 
+        limit=limit
+    )
+    return transactions

app/api/api_v1/endpoints/users.py

@@ -0,0 +1,120 @@
+from typing import Any, List
+
+from fastapi import APIRouter, Body, Depends, HTTPException
+from fastapi.encoders import jsonable_encoder
+from pydantic import EmailStr
+from sqlalchemy.orm import Session
+
+from app import crud, models, schemas
+from app.api import deps
+
+router = APIRouter()
+
+
+@router.get("/", response_model=List[schemas.User])
+def read_users(
+    db: Session = Depends(deps.get_db),
+    skip: int = 0,
+    limit: int = 100,
+    current_user: models.User = Depends(deps.get_current_active_superuser),
+) -> Any:
+    """
+    Retrieve users.
+    """
+    users = crud.user.get_multi(db, skip=skip, limit=limit)
+    return users
+
+
+@router.post("/", response_model=schemas.User)
+def create_user(
+    *,
+    db: Session = Depends(deps.get_db),
+    user_in: schemas.UserCreate,
+    current_user: models.User = Depends(deps.get_current_active_superuser),
+) -> Any:
+    """
+    Create new user.
+    """
+    user = crud.user.get_by_email(db, email=user_in.email)
+    if user:
+        raise HTTPException(
+            status_code=400,
+            detail="The user with this email already exists in the system.",
+        )
+    user = crud.user.create(db, obj_in=user_in)
+    return user
+
+
+@router.put("/me", response_model=schemas.User)
+def update_user_me(
+    *,
+    db: Session = Depends(deps.get_db),
+    password: str = Body(None),
+    full_name: str = Body(None),
+    email: EmailStr = Body(None),
+    current_user: models.User = Depends(deps.get_current_active_user),
+) -> Any:
+    """
+    Update own user.
+    """
+    current_user_data = jsonable_encoder(current_user)
+    user_in = schemas.UserUpdate(**current_user_data)
+    if password is not None:
+        user_in.password = password
+    if full_name is not None:
+        user_in.full_name = full_name
+    if email is not None:
+        user_in.email = email
+    user = crud.user.update(db, db_obj=current_user, obj_in=user_in)
+    return user
+
+
+@router.get("/me", response_model=schemas.User)
+def read_user_me(
+    db: Session = Depends(deps.get_db),
+    current_user: models.User = Depends(deps.get_current_active_user),
+) -> Any:
+    """
+    Get current user.
+    """
+    return current_user
+
+
+@router.get("/{user_id}", response_model=schemas.User)
+def read_user_by_id(
+    user_id: str,
+    current_user: models.User = Depends(deps.get_current_active_user),
+    db: Session = Depends(deps.get_db),
+) -> Any:
+    """
+    Get a specific user by id.
+    """
+    user = crud.user.get(db, id=user_id)
+    if user == current_user:
+        return user
+    if not crud.user.is_superuser(current_user):
+        raise HTTPException(
+            status_code=400, detail="The user doesn't have enough privileges"
+        )
+    return user
+
+
+@router.put("/{user_id}", response_model=schemas.User)
+def update_user(
+    *,
+    db: Session = Depends(deps.get_db),
+    user_id: str,
+    user_in: schemas.UserUpdate,
+    current_user: models.User = Depends(deps.get_current_active_superuser),
+) -> Any:
+    """
+    Update a user.
+    """
+    user = crud.user.get(db, id=user_id)
+    if not user:
+        raise HTTPException(
+            status_code=404,
+            detail="The user with this id does not exist in the system",
+        )
+    user = crud.user.update(db, db_obj=user, obj_in=user_in)
+    return user

app/api/deps.py

@@ -0,0 +1,52 @@
+
+from fastapi import Depends, HTTPException, status
+from fastapi.security import OAuth2PasswordBearer
+from jose import jwt
+from pydantic import ValidationError
+from sqlalchemy.orm import Session
+
+from app import crud, models, schemas
+from app.core import security
+from app.core.config import settings
+from app.db.session import get_db
+
+reusable_oauth2 = OAuth2PasswordBearer(
+    tokenUrl=f"{settings.API_V1_STR}/login/access-token"
+)
+
+
+def get_current_user(
+    db: Session = Depends(get_db), token: str = Depends(reusable_oauth2)
+) -> models.User:
+    try:
+        payload = jwt.decode(
+            token, settings.SECRET_KEY, algorithms=[security.ALGORITHM]
+        )
+        token_data = schemas.TokenPayload(**payload)
+    except (jwt.JWTError, ValidationError):
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN,
+            detail="Could not validate credentials",
+        )
+    user = crud.user.get(db, id=token_data.sub)
+    if not user:
+        raise HTTPException(status_code=404, detail="User not found")
+    return user
+
+
+def get_current_active_user(
+    current_user: models.User = Depends(get_current_user),
+) -> models.User:
+    if not crud.user.is_active(current_user):
+        raise HTTPException(status_code=400, detail="Inactive user")
+    return current_user
+
+
+def get_current_active_superuser(
+    current_user: models.User = Depends(get_current_user),
+) -> models.User:
+    if not crud.user.is_superuser(current_user):
+        raise HTTPException(
+            status_code=400, detail="The user doesn't have enough privileges"
+        )
+    return current_user

app/core/config.py

@@ -0,0 +1,31 @@
+import os
+from typing import List, Union
+
+from pydantic import AnyHttpUrl, BaseSettings, validator
+
+
+class Settings(BaseSettings):
+    API_V1_STR: str = "/api/v1"
+    PROJECT_NAME: str = "Small Business Inventory Management System"
+    
+    # SECURITY
+    SECRET_KEY: str = os.getenv("SECRET_KEY", "your-secret-key-here-make-sure-to-change-in-production")
+    ACCESS_TOKEN_EXPIRE_MINUTES: int = 60 * 24 * 8  # 8 days
+    
+    # CORS
+    BACKEND_CORS_ORIGINS: List[AnyHttpUrl] = []
+
+    @validator("BACKEND_CORS_ORIGINS", pre=True)
+    def assemble_cors_origins(cls, v: Union[str, List[str]]) -> Union[List[str], str]:
+        if isinstance(v, str) and not v.startswith("["):
+            return [i.strip() for i in v.split(",")]
+        if isinstance(v, (list, str)):
+            return v
+        raise ValueError(v)
+
+    class Config:
+        case_sensitive = True
+        env_file = ".env"
+
+
+settings = Settings()

app/core/security.py

@@ -0,0 +1,33 @@
+from datetime import datetime, timedelta
+from typing import Any, Union
+
+from jose import jwt
+from passlib.context import CryptContext
+
+from app.core.config import settings
+
+pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
+
+ALGORITHM = "HS256"
+
+
+def create_access_token(
+    subject: Union[str, Any], expires_delta: timedelta = None
+) -> str:
+    if expires_delta:
+        expire = datetime.utcnow() + expires_delta
+    else:
+        expire = datetime.utcnow() + timedelta(
+            minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES
+        )
+    to_encode = {"exp": expire, "sub": str(subject)}
+    encoded_jwt = jwt.encode(to_encode, settings.SECRET_KEY, algorithm=ALGORITHM)
+    return encoded_jwt
+
+
+def verify_password(plain_password: str, hashed_password: str) -> bool:
+    return pwd_context.verify(plain_password, hashed_password)
+
+
+def get_password_hash(password: str) -> str:
+    return pwd_context.hash(password)

app/crud/__init__.py

@@ -0,0 +1,7 @@
+from app.crud.crud_user import user
+from app.crud.crud_item import item
+from app.crud.crud_category import category
+from app.crud.crud_supplier import supplier
+from app.crud.crud_transaction import transaction
+
+__all__ = ["user", "item", "category", "supplier", "transaction"]

app/crud/base.py

@@ -0,0 +1,66 @@
+from typing import Any, Dict, Generic, List, Optional, Type, TypeVar, Union
+
+from fastapi.encoders import jsonable_encoder
+from pydantic import BaseModel
+from sqlalchemy.orm import Session
+
+from app.db.base_class import Base
+
+ModelType = TypeVar("ModelType", bound=Base)
+CreateSchemaType = TypeVar("CreateSchemaType", bound=BaseModel)
+UpdateSchemaType = TypeVar("UpdateSchemaType", bound=BaseModel)
+
+
+class CRUDBase(Generic[ModelType, CreateSchemaType, UpdateSchemaType]):
+    def __init__(self, model: Type[ModelType]):
+        """
+        CRUD object with default methods to Create, Read, Update, Delete (CRUD).
+        
+        **Parameters**
+        
+        * `model`: A SQLAlchemy model class
+        * `schema`: A Pydantic model (schema) class
+        """
+        self.model = model
+
+    def get(self, db: Session, id: Any) -> Optional[ModelType]:
+        return db.query(self.model).filter(self.model.id == id).first()
+
+    def get_multi(
+        self, db: Session, *, skip: int = 0, limit: int = 100
+    ) -> List[ModelType]:
+        return db.query(self.model).offset(skip).limit(limit).all()
+
+    def create(self, db: Session, *, obj_in: CreateSchemaType) -> ModelType:
+        obj_in_data = jsonable_encoder(obj_in)
+        db_obj = self.model(**obj_in_data)
+        db.add(db_obj)
+        db.commit()
+        db.refresh(db_obj)
+        return db_obj
+
+    def update(
+        self,
+        db: Session,
+        *,
+        db_obj: ModelType,
+        obj_in: Union[UpdateSchemaType, Dict[str, Any]]
+    ) -> ModelType:
+        obj_data = jsonable_encoder(db_obj)
+        if isinstance(obj_in, dict):
+            update_data = obj_in
+        else:
+            update_data = obj_in.dict(exclude_unset=True)
+        for field in obj_data:
+            if field in update_data:
+                setattr(db_obj, field, update_data[field])
+        db.add(db_obj)
+        db.commit()
+        db.refresh(db_obj)
+        return db_obj
+
+    def remove(self, db: Session, *, id: Any) -> ModelType:
+        obj = db.query(self.model).get(id)
+        db.delete(obj)
+        db.commit()
+        return obj

app/crud/crud_category.py

@@ -0,0 +1,25 @@
+import uuid
+from sqlalchemy.orm import Session
+
+from app.crud.base import CRUDBase
+from app.models.category import Category
+from app.schemas.category import CategoryCreate, CategoryUpdate
+
+
+class CRUDCategory(CRUDBase[Category, CategoryCreate, CategoryUpdate]):
+    def create(self, db: Session, *, obj_in: CategoryCreate) -> Category:
+        db_obj = Category(
+            id=str(uuid.uuid4()),
+            name=obj_in.name,
+            description=obj_in.description,
+        )
+        db.add(db_obj)
+        db.commit()
+        db.refresh(db_obj)
+        return db_obj
+        
+    def get_by_name(self, db: Session, *, name: str) -> Category:
+        return db.query(Category).filter(Category.name == name).first()
+
+
+category = CRUDCategory(Category)

app/crud/crud_item.py

@@ -0,0 +1,43 @@
+from typing import List, Optional
+import uuid
+
+from sqlalchemy.orm import Session
+
+from app.crud.base import CRUDBase
+from app.models.item import Item
+from app.schemas.item import ItemCreate, ItemUpdate
+
+
+class CRUDItem(CRUDBase[Item, ItemCreate, ItemUpdate]):
+    def create(self, db: Session, *, obj_in: ItemCreate) -> Item:
+        db_obj = Item(
+            id=str(uuid.uuid4()),
+            name=obj_in.name,
+            description=obj_in.description,
+            sku=obj_in.sku,
+            quantity=obj_in.quantity,
+            unit_price=obj_in.unit_price,
+            location=obj_in.location,
+            min_stock_level=obj_in.min_stock_level,
+            category_id=obj_in.category_id,
+            supplier_id=obj_in.supplier_id,
+        )
+        db.add(db_obj)
+        db.commit()
+        db.refresh(db_obj)
+        return db_obj
+    
+    def get_by_sku(self, db: Session, *, sku: str) -> Optional[Item]:
+        return db.query(Item).filter(Item.sku == sku).first()
+    
+    def get_by_category(self, db: Session, *, category_id: str, skip: int = 0, limit: int = 100) -> List[Item]:
+        return db.query(Item).filter(Item.category_id == category_id).offset(skip).limit(limit).all()
+    
+    def get_by_supplier(self, db: Session, *, supplier_id: str, skip: int = 0, limit: int = 100) -> List[Item]:
+        return db.query(Item).filter(Item.supplier_id == supplier_id).offset(skip).limit(limit).all()
+    
+    def get_low_stock_items(self, db: Session, *, skip: int = 0, limit: int = 100) -> List[Item]:
+        return db.query(Item).filter(Item.quantity <= Item.min_stock_level).offset(skip).limit(limit).all()
+
+
+item = CRUDItem(Item)

app/crud/crud_supplier.py

@@ -0,0 +1,28 @@
+import uuid
+from sqlalchemy.orm import Session
+
+from app.crud.base import CRUDBase
+from app.models.supplier import Supplier
+from app.schemas.supplier import SupplierCreate, SupplierUpdate
+
+
+class CRUDSupplier(CRUDBase[Supplier, SupplierCreate, SupplierUpdate]):
+    def create(self, db: Session, *, obj_in: SupplierCreate) -> Supplier:
+        db_obj = Supplier(
+            id=str(uuid.uuid4()),
+            name=obj_in.name,
+            contact_name=obj_in.contact_name,
+            email=obj_in.email,
+            phone=obj_in.phone,
+            address=obj_in.address,
+        )
+        db.add(db_obj)
+        db.commit()
+        db.refresh(db_obj)
+        return db_obj
+        
+    def get_by_name(self, db: Session, *, name: str) -> Supplier:
+        return db.query(Supplier).filter(Supplier.name == name).first()
+
+
+supplier = CRUDSupplier(Supplier)

app/crud/crud_transaction.py

@@ -0,0 +1,47 @@
+from typing import List
+import uuid
+from datetime import datetime
+from sqlalchemy.orm import Session
+
+from app.crud.base import CRUDBase
+from app.models.transaction import Transaction
+from app.schemas.transaction import TransactionCreate, TransactionUpdate
+
+
+class CRUDTransaction(CRUDBase[Transaction, TransactionCreate, TransactionUpdate]):
+    def create(self, db: Session, *, obj_in: TransactionCreate) -> Transaction:
+        transaction_date = obj_in.transaction_date or datetime.now()
+        db_obj = Transaction(
+            id=str(uuid.uuid4()),
+            transaction_type=obj_in.transaction_type,
+            quantity=obj_in.quantity,
+            unit_price=obj_in.unit_price,
+            total_price=obj_in.total_price,
+            reference_number=obj_in.reference_number,
+            notes=obj_in.notes,
+            transaction_date=transaction_date,
+            item_id=obj_in.item_id,
+            user_id=obj_in.user_id,
+        )
+        db.add(db_obj)
+        db.commit()
+        db.refresh(db_obj)
+        return db_obj
+        
+    def get_by_item(self, db: Session, *, item_id: str, skip: int = 0, limit: int = 100) -> List[Transaction]:
+        return db.query(Transaction).filter(Transaction.item_id == item_id).offset(skip).limit(limit).all()
+        
+    def get_by_user(self, db: Session, *, user_id: str, skip: int = 0, limit: int = 100) -> List[Transaction]:
+        return db.query(Transaction).filter(Transaction.user_id == user_id).offset(skip).limit(limit).all()
+        
+    def get_by_type(self, db: Session, *, transaction_type: str, skip: int = 0, limit: int = 100) -> List[Transaction]:
+        return db.query(Transaction).filter(Transaction.transaction_type == transaction_type).offset(skip).limit(limit).all()
+        
+    def get_by_date_range(self, db: Session, *, start_date: datetime, end_date: datetime, skip: int = 0, limit: int = 100) -> List[Transaction]:
+        return db.query(Transaction).filter(
+            Transaction.transaction_date >= start_date,
+            Transaction.transaction_date <= end_date
+        ).offset(skip).limit(limit).all()
+
+
+transaction = CRUDTransaction(Transaction)

app/crud/crud_user.py

@@ -0,0 +1,57 @@
+from typing import Any, Dict, Optional, Union
+import uuid
+
+from sqlalchemy.orm import Session
+
+from app.core.security import get_password_hash, verify_password
+from app.crud.base import CRUDBase
+from app.models.user import User
+from app.schemas.user import UserCreate, UserUpdate
+
+
+class CRUDUser(CRUDBase[User, UserCreate, UserUpdate]):
+    def get_by_email(self, db: Session, *, email: str) -> Optional[User]:
+        return db.query(User).filter(User.email == email).first()
+
+    def create(self, db: Session, *, obj_in: UserCreate) -> User:
+        db_obj = User(
+            id=str(uuid.uuid4()),
+            email=obj_in.email,
+            hashed_password=get_password_hash(obj_in.password),
+            full_name=obj_in.full_name,
+            is_superuser=obj_in.is_superuser,
+        )
+        db.add(db_obj)
+        db.commit()
+        db.refresh(db_obj)
+        return db_obj
+
+    def update(
+        self, db: Session, *, db_obj: User, obj_in: Union[UserUpdate, Dict[str, Any]]
+    ) -> User:
+        if isinstance(obj_in, dict):
+            update_data = obj_in
+        else:
+            update_data = obj_in.dict(exclude_unset=True)
+        if update_data.get("password"):
+            hashed_password = get_password_hash(update_data["password"])
+            del update_data["password"]
+            update_data["hashed_password"] = hashed_password
+        return super().update(db, db_obj=db_obj, obj_in=update_data)
+
+    def authenticate(self, db: Session, *, email: str, password: str) -> Optional[User]:
+        user = self.get_by_email(db, email=email)
+        if not user:
+            return None
+        if not verify_password(password, user.hashed_password):
+            return None
+        return user
+
+    def is_active(self, user: User) -> bool:
+        return user.is_active
+
+    def is_superuser(self, user: User) -> bool:
+        return user.is_superuser
+
+
+user = CRUDUser(User)

app/db/base.py

@@ -0,0 +1,8 @@
+# Import all the models, so that Base has them before being
+# imported by Alembic
+from app.db.base_class import Base  # noqa
+from app.models.user import User  # noqa
+from app.models.item import Item  # noqa
+from app.models.category import Category  # noqa
+from app.models.supplier import Supplier  # noqa
+from app.models.transaction import Transaction  # noqa

app/db/base_class.py

@@ -0,0 +1,14 @@
+from typing import Any
+
+from sqlalchemy.ext.declarative import as_declarative, declared_attr
+
+
+@as_declarative()
+class Base:
+    id: Any
+    __name__: str
+    
+    # Generate __tablename__ automatically based on class name
+    @declared_attr
+    def __tablename__(cls) -> str:
+        return cls.__name__.lower()

app/db/session.py

@@ -0,0 +1,23 @@
+from pathlib import Path
+from sqlalchemy import create_engine
+from sqlalchemy.orm import sessionmaker
+
+# Create DB directory if it doesn't exist
+DB_DIR = Path("/app") / "storage" / "db"
+DB_DIR.mkdir(parents=True, exist_ok=True)
+
+SQLALCHEMY_DATABASE_URL = f"sqlite:///{DB_DIR}/db.sqlite"
+
+engine = create_engine(
+    SQLALCHEMY_DATABASE_URL,
+    connect_args={"check_same_thread": False}
+)
+SessionLocal = sessionmaker(autocommit=False, autoflush=False, bind=engine)
+
+
+def get_db():
+    db = SessionLocal()
+    try:
+        yield db
+    finally:
+        db.close()

app/models/category.py

@@ -0,0 +1,16 @@
+from sqlalchemy import Column, String, DateTime, Text
+from sqlalchemy.sql import func
+from sqlalchemy.orm import relationship
+
+from app.db.base_class import Base
+
+
+class Category(Base):
+    id = Column(String, primary_key=True, index=True)
+    name = Column(String, index=True, nullable=False)
+    description = Column(Text, nullable=True)
+    created_at = Column(DateTime(timezone=True), server_default=func.now())
+    updated_at = Column(DateTime(timezone=True), onupdate=func.now())
+    
+    # Relationships
+    items = relationship("Item", back_populates="category")

app/models/item.py

@@ -0,0 +1,25 @@
+from sqlalchemy import Column, String, Integer, Float, DateTime, Text, ForeignKey
+from sqlalchemy.sql import func
+from sqlalchemy.orm import relationship
+
+from app.db.base_class import Base
+
+
+class Item(Base):
+    id = Column(String, primary_key=True, index=True)
+    name = Column(String, index=True, nullable=False)
+    description = Column(Text, nullable=True)
+    sku = Column(String, index=True, unique=True, nullable=False)
+    quantity = Column(Integer, default=0, nullable=False)
+    unit_price = Column(Float, nullable=False)
+    location = Column(String, nullable=True)
+    min_stock_level = Column(Integer, default=0, nullable=True)
+    category_id = Column(String, ForeignKey("category.id"), nullable=True)
+    supplier_id = Column(String, ForeignKey("supplier.id"), nullable=True)
+    created_at = Column(DateTime(timezone=True), server_default=func.now())
+    updated_at = Column(DateTime(timezone=True), onupdate=func.now())
+    
+    # Relationships
+    category = relationship("Category", back_populates="items")
+    supplier = relationship("Supplier", back_populates="items")
+    transactions = relationship("Transaction", back_populates="item")

app/models/supplier.py

@@ -0,0 +1,19 @@
+from sqlalchemy import Column, String, DateTime, Text
+from sqlalchemy.sql import func
+from sqlalchemy.orm import relationship
+
+from app.db.base_class import Base
+
+
+class Supplier(Base):
+    id = Column(String, primary_key=True, index=True)
+    name = Column(String, index=True, nullable=False)
+    contact_name = Column(String, nullable=True)
+    email = Column(String, nullable=True)
+    phone = Column(String, nullable=True)
+    address = Column(Text, nullable=True)
+    created_at = Column(DateTime(timezone=True), server_default=func.now())
+    updated_at = Column(DateTime(timezone=True), onupdate=func.now())
+    
+    # Relationships
+    items = relationship("Item", back_populates="supplier")

app/models/transaction.py

@@ -0,0 +1,32 @@
+from sqlalchemy import Column, String, Integer, Float, DateTime, Text, ForeignKey
+from sqlalchemy.sql import func
+from sqlalchemy.orm import relationship
+import enum
+
+from app.db.base_class import Base
+
+
+class TransactionType(str, enum.Enum):
+    PURCHASE = "purchase"
+    SALE = "sale"
+    ADJUSTMENT = "adjustment"
+    RETURN = "return"
+
+
+class Transaction(Base):
+    id = Column(String, primary_key=True, index=True)
+    transaction_type = Column(String, nullable=False)
+    quantity = Column(Integer, nullable=False)
+    unit_price = Column(Float, nullable=False)
+    total_price = Column(Float, nullable=False)
+    reference_number = Column(String, nullable=True)
+    notes = Column(Text, nullable=True)
+    item_id = Column(String, ForeignKey("item.id"), nullable=False)
+    user_id = Column(String, ForeignKey("user.id"), nullable=False)
+    transaction_date = Column(DateTime(timezone=True), server_default=func.now())
+    created_at = Column(DateTime(timezone=True), server_default=func.now())
+    updated_at = Column(DateTime(timezone=True), onupdate=func.now())
+    
+    # Relationships
+    item = relationship("Item", back_populates="transactions")
+    user = relationship("User")

app/models/user.py

@@ -0,0 +1,15 @@
+from sqlalchemy import Boolean, Column, String, DateTime
+from sqlalchemy.sql import func
+
+from app.db.base_class import Base
+
+
+class User(Base):
+    id = Column(String, primary_key=True, index=True)
+    email = Column(String, unique=True, index=True, nullable=False)
+    hashed_password = Column(String, nullable=False)
+    full_name = Column(String, index=True)
+    is_active = Column(Boolean(), default=True)
+    is_superuser = Column(Boolean(), default=False)
+    created_at = Column(DateTime(timezone=True), server_default=func.now())
+    updated_at = Column(DateTime(timezone=True), onupdate=func.now())

app/schemas/category.py

@@ -0,0 +1,34 @@
+from datetime import datetime
+from typing import Optional
+
+from pydantic import BaseModel
+
+
+# Shared properties
+class CategoryBase(BaseModel):
+    name: str
+    description: Optional[str] = None
+
+
+# Properties to receive via API on creation
+class CategoryCreate(CategoryBase):
+    pass
+
+
+# Properties to receive via API on update
+class CategoryUpdate(CategoryBase):
+    name: Optional[str] = None
+
+
+class CategoryInDBBase(CategoryBase):
+    id: str
+    created_at: datetime
+    updated_at: Optional[datetime] = None
+
+    class Config:
+        orm_mode = True
+
+
+# Additional properties to return via API
+class Category(CategoryInDBBase):
+    pass

app/schemas/item.py

@@ -0,0 +1,60 @@
+from datetime import datetime
+from typing import Optional, TYPE_CHECKING, Any
+
+from pydantic import BaseModel
+
+
+# Import at the end to avoid circular imports
+if TYPE_CHECKING:
+    pass
+
+
+# Shared properties
+class ItemBase(BaseModel):
+    name: str
+    description: Optional[str] = None
+    sku: str
+    quantity: int = 0
+    unit_price: float
+    location: Optional[str] = None
+    min_stock_level: Optional[int] = 0
+    category_id: Optional[str] = None
+    supplier_id: Optional[str] = None
+
+
+# Properties to receive via API on creation
+class ItemCreate(ItemBase):
+    pass
+
+
+# Properties to receive via API on update
+class ItemUpdate(ItemBase):
+    name: Optional[str] = None
+    sku: Optional[str] = None
+    quantity: Optional[int] = None
+    unit_price: Optional[float] = None
+
+
+class ItemInDBBase(ItemBase):
+    id: str
+    created_at: datetime
+    updated_at: Optional[datetime] = None
+
+    class Config:
+        orm_mode = True
+
+
+# Additional properties to return via API
+class Item(ItemInDBBase):
+    pass
+
+
+# Item with extended information
+class ItemWithDetails(Item):
+    category: Optional[Any] = None
+    supplier: Optional[Any] = None
+
+
+# Update forward refs after imports
+
+ItemWithDetails.update_forward_refs()

app/schemas/supplier.py

@@ -0,0 +1,37 @@
+from datetime import datetime
+from typing import Optional
+
+from pydantic import BaseModel, EmailStr
+
+
+# Shared properties
+class SupplierBase(BaseModel):
+    name: str
+    contact_name: Optional[str] = None
+    email: Optional[EmailStr] = None
+    phone: Optional[str] = None
+    address: Optional[str] = None
+
+
+# Properties to receive via API on creation
+class SupplierCreate(SupplierBase):
+    pass
+
+
+# Properties to receive via API on update
+class SupplierUpdate(SupplierBase):
+    name: Optional[str] = None
+
+
+class SupplierInDBBase(SupplierBase):
+    id: str
+    created_at: datetime
+    updated_at: Optional[datetime] = None
+
+    class Config:
+        orm_mode = True
+
+
+# Additional properties to return via API
+class Supplier(SupplierInDBBase):
+    pass

app/schemas/token.py

@@ -0,0 +1,12 @@
+from typing import Optional
+
+from pydantic import BaseModel
+
+
+class Token(BaseModel):
+    access_token: str
+    token_type: str
+
+
+class TokenPayload(BaseModel):
+    sub: Optional[str] = None

app/schemas/transaction.py

@@ -0,0 +1,69 @@
+from datetime import datetime
+from typing import Optional, TYPE_CHECKING, Any
+from enum import Enum
+
+from pydantic import BaseModel
+
+
+# Import at the end to avoid circular imports
+if TYPE_CHECKING:
+    pass
+
+
+class TransactionType(str, Enum):
+    PURCHASE = "purchase"
+    SALE = "sale"
+    ADJUSTMENT = "adjustment"
+    RETURN = "return"
+
+
+# Shared properties
+class TransactionBase(BaseModel):
+    transaction_type: TransactionType
+    quantity: int
+    unit_price: float
+    total_price: float
+    reference_number: Optional[str] = None
+    notes: Optional[str] = None
+    transaction_date: Optional[datetime] = None
+    item_id: str
+    user_id: str
+
+
+# Properties to receive via API on creation
+class TransactionCreate(TransactionBase):
+    pass
+
+
+# Properties to receive via API on update
+class TransactionUpdate(TransactionBase):
+    transaction_type: Optional[TransactionType] = None
+    quantity: Optional[int] = None
+    unit_price: Optional[float] = None
+    total_price: Optional[float] = None
+    item_id: Optional[str] = None
+    user_id: Optional[str] = None
+
+
+class TransactionInDBBase(TransactionBase):
+    id: str
+    created_at: datetime
+    updated_at: Optional[datetime] = None
+
+    class Config:
+        orm_mode = True
+
+
+# Additional properties to return via API
+class Transaction(TransactionInDBBase):
+    pass
+
+
+# Transaction with extended information
+class TransactionWithDetails(Transaction):
+    item: Any
+
+
+# Import at the end to avoid circular imports
+
+TransactionWithDetails.update_forward_refs()

app/schemas/user.py

@@ -0,0 +1,42 @@
+from datetime import datetime
+from typing import Optional
+
+from pydantic import BaseModel, EmailStr
+
+
+# Shared properties
+class UserBase(BaseModel):
+    email: Optional[EmailStr] = None
+    is_active: Optional[bool] = True
+    is_superuser: bool = False
+    full_name: Optional[str] = None
+
+
+# Properties to receive via API on creation
+class UserCreate(UserBase):
+    email: EmailStr
+    password: str
+
+
+# Properties to receive via API on update
+class UserUpdate(UserBase):
+    password: Optional[str] = None
+
+
+class UserInDBBase(UserBase):
+    id: str
+    created_at: datetime
+    updated_at: Optional[datetime] = None
+
+    class Config:
+        orm_mode = True
+
+
+# Additional properties to return via API
+class User(UserInDBBase):
+    pass
+
+
+# Additional properties stored in DB
+class UserInDB(UserInDBBase):
+    hashed_password: str

main.py

@@ -0,0 +1,42 @@
+from fastapi import FastAPI
+from fastapi.middleware.cors import CORSMiddleware
+
+from app.api.api_v1.api import api_router
+from app.core.config import settings
+
+app = FastAPI(
+    title=settings.PROJECT_NAME,
+    openapi_url="/openapi.json",
+    docs_url="/docs",
+    redoc_url="/redoc",
+)
+
+# Add CORS middleware
+app.add_middleware(
+    CORSMiddleware,
+    allow_origins=["*"],
+    allow_credentials=True,
+    allow_methods=["*"],
+    allow_headers=["*"],
+)
+
+app.include_router(api_router, prefix=settings.API_V1_STR)
+
+@app.get("/")
+async def root():
+    """
+    Root endpoint returning basic service information.
+    """
+    return {
+        "title": settings.PROJECT_NAME,
+        "description": "Small Business Inventory Management System API",
+        "documentation": "/docs",
+        "health_check": "/health"
+    }
+
+@app.get("/health", status_code=200)
+async def health_check():
+    """
+    Health check endpoint.
+    """
+    return {"status": "ok"}

migrations/README

@@ -0,0 +1,3 @@
+Generic single-database configuration with Alembic.
+
+This is a database migration repository for the Inventory Management System.

migrations/env.py

@@ -0,0 +1,84 @@
+from logging.config import fileConfig
+
+from sqlalchemy import engine_from_config
+from sqlalchemy import pool
+
+from alembic import context
+
+# Import Base from app
+from app.db.base import Base
+
+# this is the Alembic Config object, which provides
+# access to the values within the .ini file in use.
+config = context.config
+
+# Interpret the config file for Python logging.
+# This line sets up loggers basically.
+fileConfig(config.config_file_name)
+
+# add your model's MetaData object here
+# for 'autogenerate' support
+# from myapp import mymodel
+# target_metadata = mymodel.Base.metadata
+target_metadata = Base.metadata
+
+# other values from the config, defined by the needs of env.py,
+# can be acquired:
+# my_important_option = config.get_main_option("my_important_option")
+# ... etc.
+
+
+def run_migrations_offline():
+    """Run migrations in 'offline' mode.
+
+    This configures the context with just a URL
+    and not an Engine, though an Engine is acceptable
+    here as well.  By skipping the Engine creation
+    we don't even need a DBAPI to be available.
+
+    Calls to context.execute() here emit the given string to the
+    script output.
+
+    """
+    url = config.get_main_option("sqlalchemy.url")
+    context.configure(
+        url=url,
+        target_metadata=target_metadata,
+        literal_binds=True,
+        dialect_opts={"paramstyle": "named"},
+    )
+
+    with context.begin_transaction():
+        context.run_migrations()
+
+
+def run_migrations_online():
+    """Run migrations in 'online' mode.
+
+    In this scenario we need to create an Engine
+    and associate a connection with the context.
+
+    """
+    connectable = engine_from_config(
+        config.get_section(config.config_ini_section),
+        prefix="sqlalchemy.",
+        poolclass=pool.NullPool,
+    )
+
+    with connectable.connect() as connection:
+        is_sqlite = connection.dialect.name == 'sqlite'
+        context.configure(
+            connection=connection,
+            target_metadata=target_metadata,
+            render_as_batch=is_sqlite,  # Key configuration for SQLite
+            compare_type=True,
+        )
+
+        with context.begin_transaction():
+            context.run_migrations()
+
+
+if context.is_offline_mode():
+    run_migrations_offline()
+else:
+    run_migrations_online()

migrations/script.py.mako

@@ -0,0 +1,24 @@
+"""${message}
+
+Revision ID: ${up_revision}
+Revises: ${down_revision | comma,n}
+Create Date: ${create_date}
+
+"""
+from alembic import op
+import sqlalchemy as sa
+${imports if imports else ""}
+
+# revision identifiers, used by Alembic.
+revision = ${repr(up_revision)}
+down_revision = ${repr(down_revision)}
+branch_labels = ${repr(branch_labels)}
+depends_on = ${repr(depends_on)}
+
+
+def upgrade():
+    ${upgrades if upgrades else "pass"}
+
+
+def downgrade():
+    ${downgrades if downgrades else "pass"}

migrations/versions/0001_initial_tables.py

@@ -0,0 +1,131 @@
+"""Initial tables
+
+Revision ID: 0001
+Revises: 
+Create Date: 2023-08-01 00:00:00.000000
+
+"""
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision = '0001'
+down_revision = None
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    # Create User table
+    op.create_table(
+        'user',
+        sa.Column('id', sa.String(), nullable=False),
+        sa.Column('email', sa.String(), nullable=False),
+        sa.Column('hashed_password', sa.String(), nullable=False),
+        sa.Column('full_name', sa.String(), nullable=True),
+        sa.Column('is_active', sa.Boolean(), nullable=True, default=True),
+        sa.Column('is_superuser', sa.Boolean(), nullable=True, default=False),
+        sa.Column('created_at', sa.DateTime(timezone=True), server_default=sa.text('(CURRENT_TIMESTAMP)'), nullable=True),
+        sa.Column('updated_at', sa.DateTime(timezone=True), nullable=True),
+        sa.PrimaryKeyConstraint('id')
+    )
+    op.create_index(op.f('ix_user_email'), 'user', ['email'], unique=True)
+    op.create_index(op.f('ix_user_full_name'), 'user', ['full_name'], unique=False)
+    op.create_index(op.f('ix_user_id'), 'user', ['id'], unique=False)
+
+    # Create Category table
+    op.create_table(
+        'category',
+        sa.Column('id', sa.String(), nullable=False),
+        sa.Column('name', sa.String(), nullable=False),
+        sa.Column('description', sa.Text(), nullable=True),
+        sa.Column('created_at', sa.DateTime(timezone=True), server_default=sa.text('(CURRENT_TIMESTAMP)'), nullable=True),
+        sa.Column('updated_at', sa.DateTime(timezone=True), nullable=True),
+        sa.PrimaryKeyConstraint('id')
+    )
+    op.create_index(op.f('ix_category_id'), 'category', ['id'], unique=False)
+    op.create_index(op.f('ix_category_name'), 'category', ['name'], unique=False)
+
+    # Create Supplier table
+    op.create_table(
+        'supplier',
+        sa.Column('id', sa.String(), nullable=False),
+        sa.Column('name', sa.String(), nullable=False),
+        sa.Column('contact_name', sa.String(), nullable=True),
+        sa.Column('email', sa.String(), nullable=True),
+        sa.Column('phone', sa.String(), nullable=True),
+        sa.Column('address', sa.Text(), nullable=True),
+        sa.Column('created_at', sa.DateTime(timezone=True), server_default=sa.text('(CURRENT_TIMESTAMP)'), nullable=True),
+        sa.Column('updated_at', sa.DateTime(timezone=True), nullable=True),
+        sa.PrimaryKeyConstraint('id')
+    )
+    op.create_index(op.f('ix_supplier_id'), 'supplier', ['id'], unique=False)
+    op.create_index(op.f('ix_supplier_name'), 'supplier', ['name'], unique=False)
+
+    # Create Item table
+    op.create_table(
+        'item',
+        sa.Column('id', sa.String(), nullable=False),
+        sa.Column('name', sa.String(), nullable=False),
+        sa.Column('description', sa.Text(), nullable=True),
+        sa.Column('sku', sa.String(), nullable=False),
+        sa.Column('quantity', sa.Integer(), nullable=False, default=0),
+        sa.Column('unit_price', sa.Float(), nullable=False),
+        sa.Column('location', sa.String(), nullable=True),
+        sa.Column('min_stock_level', sa.Integer(), nullable=True, default=0),
+        sa.Column('category_id', sa.String(), nullable=True),
+        sa.Column('supplier_id', sa.String(), nullable=True),
+        sa.Column('created_at', sa.DateTime(timezone=True), server_default=sa.text('(CURRENT_TIMESTAMP)'), nullable=True),
+        sa.Column('updated_at', sa.DateTime(timezone=True), nullable=True),
+        sa.ForeignKeyConstraint(['category_id'], ['category.id'], ),
+        sa.ForeignKeyConstraint(['supplier_id'], ['supplier.id'], ),
+        sa.PrimaryKeyConstraint('id')
+    )
+    op.create_index(op.f('ix_item_id'), 'item', ['id'], unique=False)
+    op.create_index(op.f('ix_item_name'), 'item', ['name'], unique=False)
+    op.create_index(op.f('ix_item_sku'), 'item', ['sku'], unique=True)
+
+    # Create Transaction table
+    op.create_table(
+        'transaction',
+        sa.Column('id', sa.String(), nullable=False),
+        sa.Column('transaction_type', sa.String(), nullable=False),
+        sa.Column('quantity', sa.Integer(), nullable=False),
+        sa.Column('unit_price', sa.Float(), nullable=False),
+        sa.Column('total_price', sa.Float(), nullable=False),
+        sa.Column('reference_number', sa.String(), nullable=True),
+        sa.Column('notes', sa.Text(), nullable=True),
+        sa.Column('item_id', sa.String(), nullable=False),
+        sa.Column('user_id', sa.String(), nullable=False),
+        sa.Column('transaction_date', sa.DateTime(timezone=True), server_default=sa.text('(CURRENT_TIMESTAMP)'), nullable=True),
+        sa.Column('created_at', sa.DateTime(timezone=True), server_default=sa.text('(CURRENT_TIMESTAMP)'), nullable=True),
+        sa.Column('updated_at', sa.DateTime(timezone=True), nullable=True),
+        sa.ForeignKeyConstraint(['item_id'], ['item.id'], ),
+        sa.ForeignKeyConstraint(['user_id'], ['user.id'], ),
+        sa.PrimaryKeyConstraint('id')
+    )
+    op.create_index(op.f('ix_transaction_id'), 'transaction', ['id'], unique=False)
+
+
+def downgrade():
+    op.drop_index(op.f('ix_transaction_id'), table_name='transaction')
+    op.drop_table('transaction')
+    
+    op.drop_index(op.f('ix_item_sku'), table_name='item')
+    op.drop_index(op.f('ix_item_name'), table_name='item')
+    op.drop_index(op.f('ix_item_id'), table_name='item')
+    op.drop_table('item')
+    
+    op.drop_index(op.f('ix_supplier_name'), table_name='supplier')
+    op.drop_index(op.f('ix_supplier_id'), table_name='supplier')
+    op.drop_table('supplier')
+    
+    op.drop_index(op.f('ix_category_name'), table_name='category')
+    op.drop_index(op.f('ix_category_id'), table_name='category')
+    op.drop_table('category')
+    
+    op.drop_index(op.f('ix_user_id'), table_name='user')
+    op.drop_index(op.f('ix_user_full_name'), table_name='user')
+    op.drop_index(op.f('ix_user_email'), table_name='user')
+    op.drop_table('user')

requirements.txt

@@ -0,0 +1,10 @@
+fastapi>=0.68.0,<0.69.0
+pydantic>=1.8.0,<2.0.0
+uvicorn>=0.15.0,<0.16.0
+sqlalchemy>=1.4.0,<1.5.0
+alembic>=1.6.5,<1.7.0
+python-jose[cryptography]>=3.3.0,<3.4.0
+passlib[bcrypt]>=1.7.4,<1.8.0
+python-multipart>=0.0.5,<0.0.6
+email-validator>=1.1.3,<1.2.0
+ruff>=0.0.272