https://github.com/thehimel/fast-auth
Production-ready FastAPI auth API starter: Google OAuth, secure JWT httpOnly cookies, user management, RBAC, async Postgres, and Alembic migrations.
https://github.com/thehimel/fast-auth
alembic api asyncio authentication authorization backend boilerplate cookie-auth fastapi google-oauth jwt oauth2 postgresql pytest python rate-limiting rbac sqlalchemy starter-template user-management
Last synced: 12 days ago
JSON representation
Production-ready FastAPI auth API starter: Google OAuth, secure JWT httpOnly cookies, user management, RBAC, async Postgres, and Alembic migrations.
- Host: GitHub
- URL: https://github.com/thehimel/fast-auth
- Owner: thehimel
- Created: 2026-05-18T01:02:22.000Z (about 1 month ago)
- Default Branch: main
- Last Pushed: 2026-05-18T01:57:51.000Z (about 1 month ago)
- Last Synced: 2026-05-18T03:47:54.607Z (about 1 month ago)
- Topics: alembic, api, asyncio, authentication, authorization, backend, boilerplate, cookie-auth, fastapi, google-oauth, jwt, oauth2, postgresql, pytest, python, rate-limiting, rbac, sqlalchemy, starter-template, user-management
- Language: Python
- Homepage:
- Size: 134 KB
- Stars: 1
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Core
[](https://www.python.org/)
[](https://fastapi.tiangolo.com/)
[](https://docs.pydantic.dev/)
[](https://www.sqlalchemy.org/)
[](https://alembic.sqlalchemy.org/)
[](https://www.postgresql.org/)
[](https://docs.astral.sh/uv/)
[](https://docs.astral.sh/ruff/)
[](https://vercel.com/)
A FastAPI backend focused on authentication and user management, built with async PostgreSQL, OAuth, and JWT session cookies.
## Tech Stack
- **Framework:** FastAPI
- **Database:** PostgreSQL (async via asyncpg)
- **ORM:** SQLAlchemy 2.0 (async)
- **Auth:** Authlib (Google OAuth), JWT in httpOnly cookie
- **Rate limiting:** slowapi
## Features
- **Auth** — Google OAuth, session cookie, logout
- **Users** — `GET /me`; admin CRUD for users
## Prerequisites
- Python 3.14+
- PostgreSQL
- Docker (optional, for running PostgreSQL)
## Quick Start
### 1. Clone and install
```shell
uv sync
```
### 2. Configure environment
Copy `.env.example` to `.env` and set required variables:
```shell
cp .env.example .env
```
Required: `POSTGRES_USER`, `POSTGRES_PASSWORD`, `POSTGRES_DB`, `GOOGLE_CLIENT_ID`, `GOOGLE_CLIENT_SECRET`, `JWT_SECRET_KEY`, `SESSION_SECRET_KEY`. Generate secrets with `openssl rand -hex 32`.
### 3. Start PostgreSQL
```shell
docker compose up -d
```
### 4. Run migrations
```shell
alembic upgrade head
```
### 5. Start the API
```shell
uv run uvicorn app.main:app --reload
```
API: http://localhost:8000
Docs: http://localhost:8000/docs
## Commands
| Command | Purpose |
|---------|---------|
| `uv sync` | Install dependencies (from pyproject.toml) |
| `uv run uvicorn app.main:app --reload` | Run API (dev) |
| `alembic upgrade head` | Apply migrations |
| `alembic revision --autogenerate -m "message"` | Create migration |
| `pytest` | Run tests |
| `pytest -n auto` | Run tests in parallel (pytest-xdist) |
| `pytest --drop-test-db` | Run tests and drop test DB after |
| `ruff check .` | Lint |
| `ruff format .` | Format |
See [docs/commands.md](docs/commands.md) for Docker, pre-commit, and more.
## API Overview
Interactive API docs: http://localhost:8000/docs
## Testing
Tests use a separate DB (`{postgres_db}_test`). Migrations run automatically before tests.
```shell
pytest -v
pytest -n auto # Parallel execution (pytest-xdist)
```
Unit, integration, E2E, security, and smoke tests. See [docs/commands.md](docs/commands.md#pytest) for Pytest commands.