Backend API for e-commerce store built with FastAPI.
- FastAPI - Web framework
- SQLAlchemy - ORM
- Alembic - Database migrations
- PostgreSQL - Database
- JWT - Authentication
- Argon2id - Password hashing (OWASP recommended)
- Cloudflare R2 - Image storage
- Resend - Email service
- PayU + Stripe - Payments
python3 -m venv venv
source venv/bin/activate # Linux/Mac
# venv\Scripts\activate # Windowspip install -r requirements.txtcp .env.example .env
# Edit .env with your configurationdocker-compose up -d postgresalembic upgrade headuvicorn app.main:app --reload --host 0.0.0.0 --port 8000API will be available at: http://localhost:8000
- Swagger UI: http://localhost:8000/docs
- ReDoc: http://localhost:8000/redoc
Frontend repository: https://github.com/Kasperone/ecommerce_store_frontend
In separate terminals:
# Backend (port 8000)
uvicorn app.main:app --reload --host 0.0.0.0 --port 8000
# Frontend (port 3000)
cd ../frontend
npm run devNote: Frontend expects backend API at http://localhost:8000 (configured in .env.local)
Backend CORS is configured to accept requests from:
- http://localhost:3000 (development frontend)
- Production domain (set via environment variables)
backend/
βββ app/
β βββ main.py # FastAPI app
β βββ core/ # Core functionality
β β βββ config.py # Settings
β β βββ database.py # DB connection
β β βββ security.py # JWT, Argon2id hashing
β βββ models/ # SQLAlchemy models
β β βββ user.py
β β βββ product.py
β β βββ order.py
β βββ schemas/ # Pydantic schemas
β β βββ user.py
β β βββ product.py
β βββ api/ # API routes
β β βββ v1/
β β βββ auth.py
β β βββ products.py
β β βββ orders.py
β βββ services/ # Business logic
β βββ storage.py # R2 integration
β βββ email.py # Resend integration
β βββ payment.py # PayU/Stripe
βββ alembic/ # Database migrations
βββ tests/
βββ requirements.txt
βββ README.md
Create .env file in the backend root. Key variables:
# Database
DATABASE_URL=postgresql://user:password@localhost:5432/ecommerce
# JWT
SECRET_KEY=your-secret-key-here
ALGORITHM=HS256
ACCESS_TOKEN_EXPIRE_MINUTES=30
# Email (Resend)
RESEND_API_KEY=your-resend-api-key
RESEND_FROM_EMAIL=noreply@example.com
# Storage (Cloudflare R2)
R2_ACCOUNT_ID=your-account-id
R2_ACCESS_KEY_ID=your-access-key
R2_SECRET_ACCESS_KEY=your-secret-key
R2_BUCKET_NAME=your-bucket-name
# Payment
PAYU_CLIENT_ID=your-payu-client-id
PAYU_CLIENT_SECRET=your-payu-secret
STRIPE_API_KEY=your-stripe-key
# CORS
CORS_ORIGINS=["http://localhost:3000"]pytestdocker-compose up- POST /api/v1/auth/register - User registration
- POST /api/v1/auth/login - User login
- POST /api/v1/auth/verify-email - Email verification
- POST /api/v1/auth/refresh - Token refresh
- POST /api/v1/auth/logout - User logout
- GET /api/v1/products - List products
- GET /api/v1/products/{id} - Get product details
- POST /api/v1/products - Create product (admin)
- PUT /api/v1/products/{id} - Update product (admin)
- DELETE /api/v1/products/{id} - Delete product (admin)
- GET /api/v1/orders - List user orders
- POST /api/v1/orders - Create order
- GET /api/v1/orders/{id} - Get order details
- User registration with email verification
- JWT-based authentication with refresh tokens
- Argon2id password hashing (OWASP recommended)
- Secure cookie handling
- Token revocation on logout
- Verification tokens with expiration
- Resend email service integration
- Email templates
- Verification link validation
- PayU payment gateway
- Stripe integration
- Payment status tracking
- Order history
- Cloudflare R2 integration for image storage
- Image upload and processing
- CDN delivery
- HTTPS/SSL in production
- JWT token expiration
- Password hashing with Argon2id
- CORS protection
- Rate limiting ready
- SQL injection prevention (SQLAlchemy ORM)
- FastAPI Documentation: https://fastapi.tiangolo.com/
- SQLAlchemy Documentation: https://docs.sqlalchemy.org/
- JWT in Python: https://pyjwt.readthedocs.io/
- Alembic Migrations: https://alembic.sqlalchemy.org/