{"id":46009962,"url":"https://github.com/future-rafay/spec-driven-hackathon-2-phase-2","last_synced_at":"2026-03-01T00:01:44.058Z","repository":{"id":337124643,"uuid":"1152376271","full_name":"Future-Rafay/Spec-Driven-Hackathon-2-Phase-2","owner":"Future-Rafay","description":null,"archived":false,"fork":false,"pushed_at":"2026-02-07T23:18:51.000Z","size":304,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"master","last_synced_at":"2026-02-08T05:56:33.731Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"PowerShell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Future-Rafay.png","metadata":{"files":{"readme":"README.md","changelog":"history/prompts/auth-layer/002-create-auth-layer-specification.spec.prompt.md","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-02-07T19:32:23.000Z","updated_at":"2026-02-07T23:18:55.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/Future-Rafay/Spec-Driven-Hackathon-2-Phase-2","commit_stats":null,"previous_names":["future-rafay/spec-driven-hackathon-2-phase-2"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/Future-Rafay/Spec-Driven-Hackathon-2-Phase-2","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Future-Rafay%2FSpec-Driven-Hackathon-2-Phase-2","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Future-Rafay%2FSpec-Driven-Hackathon-2-Phase-2/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Future-Rafay%2FSpec-Driven-Hackathon-2-Phase-2/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Future-Rafay%2FSpec-Driven-Hackathon-2-Phase-2/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Future-Rafay","download_url":"https://codeload.github.com/Future-Rafay/Spec-Driven-Hackathon-2-Phase-2/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Future-Rafay%2FSpec-Driven-Hackathon-2-Phase-2/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29955885,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-28T22:53:01.873Z","status":"ssl_error","status_checked_at":"2026-02-28T22:52:50.699Z","response_time":90,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-03-01T00:01:38.200Z","updated_at":"2026-03-01T00:01:44.047Z","avatar_url":"https://github.com/Future-Rafay.png","language":"PowerShell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Todo Full-Stack Web Application - Authentication \u0026 Identity Layer\n\nSecure, stateless JWT-based authentication system for a multi-user todo application built with Next.js and FastAPI.\n\n## Features\n\n✅ **User Sign Up** - Create accounts with email/password validation\n✅ **User Sign In** - Authenticate with credentials\n✅ **Protected API Access** - JWT token verification and data isolation\n✅ **Stateless Authentication** - No server-side sessions\n✅ **Security-by-Design** - bcrypt password hashing, JWT signature verification\n✅ **Multi-User Support** - Strict per-user data isolation\n\n## Tech Stack\n\n**Frontend:**\n- Next.js 16+ (App Router)\n- React 19\n- TypeScript\n- Tailwind CSS\n\n**Backend:**\n- Python 3.11+\n- FastAPI\n- SQLModel\n- PostgreSQL (Neon Serverless)\n\n**Authentication:**\n- JWT tokens (7-day expiry)\n- bcrypt password hashing\n- Shared secret verification\n\n## Quick Start\n\nFor detailed setup instructions, see [specs/001-auth-layer/quickstart.md](specs/001-auth-layer/quickstart.md)\n\n### Prerequisites\n\n- Node.js 20+\n- Python 3.11+\n- PostgreSQL database (Neon recommended)\n\n### 1. Environment Setup\n\nGenerate a secure secret (minimum 32 characters):\n\n```bash\nopenssl rand -base64 32\n```\n\nCreate `.env` file in project root:\n\n```bash\nBETTER_AUTH_SECRET=your-generated-secret-here\nDATABASE_URL=postgresql://user:password@host/database?sslmode=require\n```\n\n### 2. Backend Setup\n\n```bash\ncd backend\npip install -r requirements.txt\n\n# Run database migrations\npsql $DATABASE_URL -f migrations/001_create_users_table.sql\n\n# Start backend server\nuvicorn src.main:app --reload --port 8080\n```\n\nBackend API will be available at http://localhost:8080\nAPI documentation at http://localhost:8080/docs\n\n### 3. Frontend Setup\n\n```bash\ncd frontend\nnpm install\n\n# Create .env.local\ncp .env.local.example .env.local\n# Edit .env.local with your values\n\n# Start frontend server\nnpm run dev\n```\n\nFrontend will be available at http://localhost:3000\n\n## Testing the Authentication Flow\n\n### 1. Sign Up\n- Navigate to http://localhost:3000/signup\n- Enter email and password (min 8 chars, uppercase, lowercase, digit)\n- Verify account created and redirected to dashboard\n\n### 2. Sign In\n- Navigate to http://localhost:3000/signin\n- Enter credentials from signup\n- Verify authenticated and redirected to dashboard\n\n### 3. Protected API Access\n```bash\n# Get token from signin\nTOKEN=\"your-jwt-token-here\"\n\n# Test protected endpoint\ncurl -X GET http://localhost:8080/auth/me \\\n  -H \"Authorization: Bearer $TOKEN\"\n\n# Test without token (should return 401)\ncurl -X GET http://localhost:8080/auth/me\n```\n\n## Project Structure\n\n```\n.\n├── backend/\n│   ├── src/\n│   │   ├── models/          # SQLModel database models\n│   │   ├── auth/            # JWT handling and dependencies\n│   │   ├── api/             # FastAPI route handlers\n│   │   ├── core/            # Config, security, database\n│   │   └── main.py          # FastAPI application\n│   ├── migrations/          # Database migration scripts\n│   └── requirements.txt     # Python dependencies\n│\n├── frontend/\n│   ├── src/\n│   │   ├── app/             # Next.js App Router pages\n│   │   ├── components/      # React components\n│   │   └── lib/             # Utilities (API client, auth)\n│   └── package.json         # Node dependencies\n│\n└── specs/\n    └── 001-auth-layer/      # Feature documentation\n        ├── spec.md          # Requirements\n        ├── plan.md          # Architecture\n        ├── tasks.md         # Implementation tasks\n        └── quickstart.md    # Detailed setup guide\n```\n\n## API Endpoints\n\n### Authentication\n- `POST /auth/signup` - Create new user account\n- `POST /auth/signin` - Authenticate user\n- `GET /auth/me` - Get current user info (requires JWT)\n\n### Protected Resources\n- `GET /api/example` - Example protected endpoint (requires JWT)\n- `GET /api/profile` - User profile (requires JWT)\n\n## Security Features\n\n- ✅ JWT signature verification on every request\n- ✅ bcrypt password hashing (cost factor 12)\n- ✅ Shared secret from environment variables only\n- ✅ User identity extracted from verified token\n- ✅ Data isolation enforced at query level\n- ✅ Generic error messages (no information leakage)\n- ✅ 401 for unauthorized, 403 for forbidden access\n\n## Success Criteria\n\n- ✅ Users can complete account creation in under 2 minutes\n- ✅ Users can sign in in under 30 seconds\n- ✅ 100% of API requests without valid tokens are rejected\n- ✅ 100% of cross-user access attempts are blocked\n- ✅ Users remain authenticated for 7 days\n- ✅ Authentication adds \u003c50ms latency per request\n\n## Development Workflow\n\nThis project follows **Spec-Driven Development**:\n\n1. **Specification** → Define requirements (spec.md)\n2. **Planning** → Design architecture (plan.md)\n3. **Tasks** → Break down implementation (tasks.md)\n4. **Implementation** → Execute tasks via Claude Code\n\nAll artifacts are in `specs/001-auth-layer/`\n\n## Troubleshooting\n\n### \"Could not validate credentials\"\n- Check that `BETTER_AUTH_SECRET` matches in frontend and backend\n- Verify token is not expired\n- Ensure token format is `Bearer \u003ctoken\u003e`\n\n### \"Email already registered\"\n- Use different email or delete test user from database\n\n### Token expires too quickly\n- Check Better Auth config: `expiresIn: \"7d\"`\n- Verify JWT payload `exp` claim\n\nSee [quickstart.md](specs/001-auth-layer/quickstart.md) for more troubleshooting.\n\n## Next Steps\n\nAfter authentication is working:\n1. Implement todo CRUD operations\n2. Add task ownership enforcement\n3. Build todo UI components\n4. Deploy to production\n\n## License\n\nThis project was built using Claude Code and Spec-Kit Plus following strict spec-driven development principles.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffuture-rafay%2Fspec-driven-hackathon-2-phase-2","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffuture-rafay%2Fspec-driven-hackathon-2-phase-2","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffuture-rafay%2Fspec-driven-hackathon-2-phase-2/lists"}