https://github.com/persteenolsen/fastapi-jwt-auth-mongo-render-two
Python and FastAPI with JWT Auth hosted at Render using MongoDB at Atlas
https://github.com/persteenolsen/fastapi-jwt-auth-mongo-render-two
fastapi jwt mongodb python render
Last synced: 9 days ago
JSON representation
Python and FastAPI with JWT Auth hosted at Render using MongoDB at Atlas
- Host: GitHub
- URL: https://github.com/persteenolsen/fastapi-jwt-auth-mongo-render-two
- Owner: persteenolsen
- Created: 2026-05-27T12:10:46.000Z (29 days ago)
- Default Branch: main
- Last Pushed: 2026-05-27T14:27:35.000Z (29 days ago)
- Last Synced: 2026-05-27T15:12:25.862Z (29 days ago)
- Topics: fastapi, jwt, mongodb, python, render
- Language: Python
- Homepage: https://fastapi-jwt-auth-mongo-render-two.onrender.com/docs
- Size: 7.81 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# ๐ FastAPI Auth System (JWT + MongoDB + bcrypt)
Last updated:
- 03-06-2026
# Version
At Render I use the PYTHON_VERSION environment variable to tell Render to use Python version 3.11. Locally I am using Python 3.12
A production-ready authentication backend built with **FastAPI**, **MongoDB Atlas**, **JWT authentication**, and **bcrypt password hashing**, deployed on **Render**.
---
## ๐ Overview
This project provides a secure backend API with:
- ๐ User authentication (JWT-based)
- ๐ง Secure password hashing (bcrypt)
- ๐๏ธ MongoDB Atlas integration (async via Motor)
- โ๏ธ Render deployment ready
- ๐งช Development mode toggle (`DEV_MODE`)
- โก High-performance async API using FastAPI
---
## โ๏ธ Tech Stack
- **Backend:** FastAPI
- **Database:** MongoDB Atlas
- **Driver:** Motor (async MongoDB driver)
- **Auth:** JWT (python-jose)
- **Security:** bcrypt password hashing
- **Server:** Uvicorn / Render
---
## ๐ Features
### ๐ Authentication
- Register users (dev-only endpoint)
- Login with username & password
- JWT token generation (30 min expiry)
- Protected routes with Bearer token
### ๐๏ธ Database
- MongoDB Atlas integration
- Async database operations (Motor)
- Secure user storage with hashed passwords
### ๐ก๏ธ Security
- bcrypt hashed passwords (no plaintext storage)
- JWT-based authentication
- Environment-based configuration
- DEV_MODE protection for sensitive endpoints
---
## ๐ Project Structure
app.py
requirements.txt
.env
### ๐ Environment Variables
Create a .env file:
ATLAS_URI=mongodb+srv://:@cluster.mongodb.net/
DB_NAME=your_db_name
COLLECTION_NAME=users
SECRET_KEY=your_secret_key
ALGORITHM=HS256
DEV_MODE=true
โ ๏ธ Set DEV_MODE=false on Render for production.
## ๐ Installation
### 1. Clone the repository
git clone https://github.com/your-username/fastapi-auth-mongo.git
cd fastapi-auth-mongo
---
### 2. Create virtual environment
python -m venv venv
source venv/bin/activate # macOS/Linux
venv\Scripts\activate # Windows
---
### 3. Install dependencies
pip install -r requirements.txt
---
### 4. Run locally
uvicorn app:app --reload
---
API will be available at:
http://127.0.0.1:8000
Swagger docs:
http://127.0.0.1:8000/docs
---
## ๐ API Endpoints
### ๐ข Health Check
GET /health
Response:
{
"status": "ok"
}
---
### ๐ง Create User (DEV ONLY)
POST /create-user
Request body:
{
"username": "testuser",
"password": "admin123"
}
Response:
{
"message": "User created (DEV MODE)",
"user_id": "mongodb_object_id"
}
๐จ Disabled automatically when DEV_MODE=false
---
### ๐ Login (Get Token)
POST /token
Form data:
username=testuser
password=admin123
Response:
{
"access_token": "JWT_TOKEN_HERE",
"token_type": "bearer"
}
---
### ๐ Protected Route
GET /protected
Headers:
Authorization: Bearer JWT_TOKEN_HERE
Response:
{
"message": "Hello testuser"
}
---
## ๐งช Development Mode
DEV_MODE controls whether user creation is allowed.
Mode | Behavior
-----|---------
true | /create-user enabled
false | /create-user blocked (403)
---
## โ๏ธ Deployment (Render)
### Build Command
pip install -r requirements.txt
### Start Command
uvicorn app:app --host 0.0.0.0 --port 10000
### Environment Variables (Render Dashboard)
ATLAS_URI
DB_NAME
COLLECTION_NAME
SECRET_KEY
ALGORITHM
DEV_MODE=false
---
## ๐ Security Notes
- Passwords are hashed using bcrypt (salted)
- JWT tokens expire after 30 minutes
- No plaintext passwords stored
- DEV endpoints disabled in production
---
## ๐ Future Improvements
- ๐ Refresh tokens
- ๐ช Logout / token revocation
- โ๏ธ Role-based access control (RBAC)
- ๐ฆ Rate limiting login attempts
- ๐ง Email verification
- ๐ง Password strength validation
---
## ๐จโ๐ป Author
Built with FastAPI, MongoDB, and bcrypt for secure backend authentication systems.
---
## โญ License
MIT License