9.5 KiB
9.5 KiB
Small Business Inventory Management System
A FastAPI-based REST API for managing inventory in small businesses. This system helps small businesses track inventory, manage stock levels, categorize products, and generate reports.
Features
-
User Authentication and Authorization
- JWT-based authentication
- Role-based permissions (admin/regular users)
- Secure password hashing
-
Inventory Management
- Add, update, and delete inventory items
- Track stock levels and set reorder points
- Assign items to categories
- Track item history with SKU
-
Category Management
- Organize items into categories
- Nested categorization support
- Category-based reporting
-
Transaction Tracking
- Record purchases, sales, returns, and adjustments
- Automatic stock level updates
- Transaction history for audit purposes
-
Reporting
- Inventory value reports
- Category summary reports
- Low stock alerts
- Transaction summary reports
-
API Features
- RESTful endpoints following best practices
- Comprehensive documentation with Swagger UI
- Health check endpoint for monitoring
Tech Stack
- FastAPI: Modern, fast web framework for building APIs
- SQLAlchemy: SQL toolkit and ORM
- Alembic: Database migration tool
- SQLite: Simple, file-based database
- Pydantic: Data validation and settings management
- Uvicorn: ASGI server for FastAPI
- Python-Jose: JWT token handling
- Passlib: Password hashing
- Ruff: Python linter for code quality
Project Structure
.
├── app/
│ ├── api/
│ │ ├── deps.py # Dependency injection
│ │ └── v1/
│ │ ├── api.py # API router
│ │ └── endpoints/
│ │ ├── auth.py # Authentication endpoints
│ │ ├── categories.py # Category endpoints
│ │ ├── health.py # Health check endpoint
│ │ ├── items.py # Inventory item endpoints
│ │ ├── reports.py # Reporting endpoints
│ │ ├── transactions.py # Transaction endpoints
│ │ └── users.py # User endpoints
│ ├── core/
│ │ ├── config.py # Application configuration
│ │ └── security.py # Security utilities
│ ├── crud/
│ │ ├── base.py # Base CRUD operations
│ │ ├── category.py # Category CRUD
│ │ ├── item.py # Item CRUD
│ │ ├── transaction.py # Transaction CRUD
│ │ └── user.py # User CRUD
│ ├── db/
│ │ ├── init_db.py # Database initialization
│ │ ├── session.py # Database session
│ │ └── utils.py # Database utilities
│ ├── models/ # SQLAlchemy models
│ │ ├── base.py # Base model
│ │ ├── category.py # Category model
│ │ ├── item.py # Item model
│ │ ├── transaction.py # Transaction model
│ │ └── user.py # User model
│ ├── schemas/ # Pydantic schemas
│ │ ├── category.py # Category schemas
│ │ ├── item.py # Item schemas
│ │ ├── report.py # Report schemas
│ │ ├── token.py # Token schemas
│ │ ├── transaction.py # Transaction schemas
│ │ └── user.py # User schemas
│ └── storage/ # Storage directory
│ └── db/ # Database storage
├── migrations/ # Alembic migrations
│ ├── env.py # Alembic environment
│ ├── script.py.mako # Migration script template
│ └── versions/ # Migration versions
│ └── initial_migration.py # Initial database schema
├── alembic.ini # Alembic configuration
├── main.py # Application entry point
├── pyproject.toml # Project configuration
└── requirements.txt # Dependencies
Authentication Flow
The system implements a complete authentication flow with the following features:
User Registration and Email Verification
- Users register via
POST /api/v1/auth/registerwith their email, password, and optional details - The system creates a new user account with a verification token
- If email sending is enabled, a verification email is sent to the user's email address
- Users verify their email by clicking the link in the email, which calls
POST /api/v1/auth/verify-email - Email verification is optional by default but can be enforced by uncommenting the verification check in the login endpoint
Login and Authentication
- Users login via
POST /api/v1/auth/loginwith their email (as username) and password - Upon successful authentication, the system returns a JWT access token
- This token must be included in the Authorization header as
Bearer {token}for protected endpoints - Tokens expire after the time specified in
ACCESS_TOKEN_EXPIRE_MINUTES(default: 8 days)
Password Reset Flow
- Users request a password reset via
POST /api/v1/auth/password-reset-requestwith their email - If the email exists, a reset token is generated and a reset link is sent to the user's email
- Users reset their password via
POST /api/v1/auth/reset-passwordwith the token and new password - Reset tokens expire after the time specified in
PASSWORD_RESET_TOKEN_EXPIRE_HOURS(default: 24 hours)
Environment Variables for Authentication
The following environment variables can be configured:
# Security
SECRET_KEY="your-secret-key-here"
ACCESS_TOKEN_EXPIRE_MINUTES=11520 # 8 days
# Email verification
EMAILS_ENABLED=True
VERIFICATION_TOKEN_EXPIRE_HOURS=48
PASSWORD_RESET_TOKEN_EXPIRE_HOURS=24
# SMTP settings for email
SMTP_TLS=True
SMTP_PORT=587
SMTP_HOST=smtp.example.com
SMTP_USER=user@example.com
SMTP_PASSWORD=your-smtp-password
EMAILS_FROM_EMAIL=noreply@example.com
EMAILS_FROM_NAME=YourAppName
# First Superuser
FIRST_SUPERUSER_EMAIL=admin@example.com
FIRST_SUPERUSER_PASSWORD=adminpassword
Getting Started
Prerequisites
- Python 3.8 or higher
Installation
- Clone the repository
- Install dependencies:
pip install -r requirements.txt
- Initialize the database:
alembic upgrade head
- (Optional) Create a
.envfile in the root directory to customize environment variables:
PROJECT_NAME="My Inventory System"
SECRET_KEY="your-secret-key-here"
ACCESS_TOKEN_EXPIRE_MINUTES=1440 # 24 hours
- Run the application:
uvicorn main:app --reload
- Open http://localhost:8000/docs to access the Swagger UI documentation
API Documentation
-
OpenAPI Documentation:
/docs- Interactive API documentation with Swagger UI
- Test endpoints directly from the browser
-
Alternative Documentation:
/redoc- Alternative documentation interface
-
OpenAPI JSON:
/openapi.json- Raw OpenAPI specification
API Endpoints
Authentication
POST /api/v1/auth/register- Register a new userPOST /api/v1/auth/login- Obtain JWT tokenPOST /api/v1/auth/verify-email- Verify user's email addressPOST /api/v1/auth/password-reset-request- Request password resetPOST /api/v1/auth/reset-password- Reset password with tokenPOST /api/v1/auth/test-token- Test token validity
Users
GET /api/v1/users/- List users (admin only)POST /api/v1/users/- Create user (admin only)GET /api/v1/users/me- Get current userPUT /api/v1/users/me- Update current userGET /api/v1/users/{user_id}- Get user by IDPUT /api/v1/users/{user_id}- Update user (admin only)
Categories
GET /api/v1/categories/- List categoriesPOST /api/v1/categories/- Create category (admin only)GET /api/v1/categories/{id}- Get category by IDPUT /api/v1/categories/{id}- Update category (admin only)DELETE /api/v1/categories/{id}- Delete category (admin only)
Inventory Items
GET /api/v1/items/- List items (with filtering options)POST /api/v1/items/- Create itemGET /api/v1/items/{id}- Get item by IDPUT /api/v1/items/{id}- Update itemDELETE /api/v1/items/{id}- Delete itemGET /api/v1/items/by-sku/{sku}- Get item by SKUGET /api/v1/items/low-stock/- Get low stock items
Transactions
GET /api/v1/transactions/- List transactions (with filtering options)POST /api/v1/transactions/- Create transactionGET /api/v1/transactions/{id}- Get transaction by ID
Reports
GET /api/v1/reports/inventory-value- Inventory value reportGET /api/v1/reports/category-summary- Category summary reportGET /api/v1/reports/low-stock- Low stock reportGET /api/v1/reports/transaction-summary- Transaction summary report
Health Check
GET /health- System health checkGET /api/v1/health- Detailed health check with DB status
Development
Linting
The project uses Ruff for linting:
ruff check .
Running Tests
pytest
License
This project is licensed under the MIT License.