Sets up the complete application skeleton for Flipventory v2, an inventory management tool for small/medium resellers using chaotic stockpiling. Architecture ------------ - app/config.py pydantic-settings; reads .env; holds admin_email guard - app/database.py SQLAlchemy 2.x engine, SessionLocal, Base, get_db dep - app/models/user.py User (email, bcrypt hash, is_admin bool, is_active) - app/models/item.py StorageBin + Item with FOUND/LISTED/SOLD/ARCHIVED enum - app/schemas/ Pydantic request/response shapes (separate from models) - app/auth/security.py bcrypt password hashing + HS256 JWT creation/validation - app/routers/auth.py POST /auth/register, POST /auth/login, GET /auth/me - app/routers/users.py Admin-only CRUD for user accounts - app/routers/items.py /bins and /items CRUD with role-based access control Key design decisions -------------------- - martin@hohenberg.jp is ALWAYS admin: enforced on every login, cannot be demoted, cannot be deactivated. Prevents accidental lockout. - All other registered e-mails are customers (is_admin=False). - Customers can manage their own bins and items; admins see everything. - Item hard-delete is admin-only; customers archive instead (audit safety). - SQLite default for zero-infra local dev; any SQLAlchemy URL works in prod. - Tables are created on startup via create_tables(); swap for Alembic later. Addresses v1 Gitea issues -------------------------- - Issue #1 (storage bins): StorageBin model + /bins CRUD endpoints - Issue #2 (item CRUD): Item model + /items CRUD endpoints - Issue #3 (audit logging): created_by_id / updated_by_id on every item row Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
19 lines
657 B
Plaintext
19 lines
657 B
Plaintext
# Copy this to .env and fill in real values.
|
||
# Never commit .env to version control.
|
||
|
||
# Secret key for signing JWT tokens – generate with: openssl rand -hex 32
|
||
SECRET_KEY=change-me-generate-with-openssl-rand-hex-32
|
||
|
||
# JWT algorithm (HS256 is fine for single-server setups)
|
||
ALGORITHM=HS256
|
||
|
||
# How many minutes a login token stays valid
|
||
ACCESS_TOKEN_EXPIRE_MINUTES=60
|
||
|
||
# SQLite path relative to the project root (or a full postgresql:// URL)
|
||
DATABASE_URL=sqlite:///./flipventory.db
|
||
|
||
# The email address that is always treated as the site-wide admin.
|
||
# This user gets admin=True forced on every login, regardless of DB state.
|
||
ADMIN_EMAIL=martin@hohenberg.jp
|