This project is a secure and lightweight web application designed to provide bike taxi services and grocery delivery services based on custom user inputs. The app is built using FastAPI for the backend, React.js (or Next.js) for the frontend, and MongoDB as the database.
- Book bike taxis.
- Real-time trip tracking.
- Fare calculation and payment processing.
- Driver assignment and verification.
- Customers provide a text-based grocery list.
- Delivery status tracking.
- Proof of delivery with image uploads.
- Payment integration.
- Manage users, drivers, orders, and payments.
- Monitor performance and logs.
- Real-time notifications for ride and order status.
- Push notifications via Firebase Cloud Messaging (FCM).
- JWT-based authentication and authorization.
- Encrypted data at rest and in transit (SSL/TLS).
- Rate-limiting, API validation, and input sanitization.
- OAuth2 and role-based access control (RBAC).
- FastAPI - High-performance, modern web framework for Python.
- MongoDB - NoSQL database for scalability.
- Motor - Async driver for MongoDB.
- Pydantic - Data validation and parsing.
- Uvicorn - ASGI server for fast deployments.
- React.js or Next.js - Modern frontend framework for building UI.
- Axios - Secure API calls with error handling.
- Docker - Containerization for consistent builds.
- AWS S3 or Firebase - Cloud storage for image uploads.
- GitHub Actions - CI/CD pipeline for automated testing and deployment.
- Firebase Cloud Messaging (FCM) - Real-time push notifications.
- Twilio/SendGrid - Email and SMS notifications.
- Stripe or Razorpay - Secure payment processing.
# Create a virtual environment
python3 -m venv venv
source venv/bin/activate
# Install dependencies
pip install fastapi[all] uvicorn pymongo motor python-dotenv \
pydantic passlib python-jose[cryptography] pyjwt bcryptnpx create-react-app frontend
cd frontend
npm install axios# Start the backend
uvicorn main:app --reload
# Start the frontend
npm startPOST /register- Register new users.POST /login- Login and receive JWT token.
POST /ride/request- Book a ride.GET /ride/status/{id}- Get ride status.
POST /order/create- Create grocery order.GET /order/status/{id}- Track order status.
- ✅ JWT-based Authentication - Secure token-based authentication
- ✅ Encrypted Passwords - bcrypt password hashing
- ✅ Security Headers - HSTS, CSP, X-Frame-Options, and more
- ✅ Rate Limiting - Protection against brute force attacks
- ✅ CORS Policy - Configurable cross-origin resource sharing
- ✅ Request Logging - Comprehensive monitoring and audit trail
- ✅ MongoDB Authentication - Database access control
- ✅ Input Validation - Pydantic schema validation
- ✅ Automated Security Scanning - CodeQL, Bandit, Safety, Trivy
- ✅ Automated Dependency Updates - Dependabot integration
- Generate strong SECRET_KEY using
scripts/generate_secret_key.py - Enable HTTPS with valid SSL/TLS certificates (documented in DEPLOYMENT.md)
- Set DEBUG=False in production (default in config)
- Configure MongoDB authentication (see docker-compose.prod.yml)
- Set up firewall rules (documented in DEPLOYMENT.md)
- Configure automated backups (documented in DEPLOYMENT.md)
- 📄 SECURITY.md - Security policies and vulnerability reporting
- 📄 DEPLOYMENT.md - Production deployment and security setup
- 📄 SECURITY_QUICKREF.md - Quick reference for security tasks
For detailed security information and reporting vulnerabilities, see SECURITY.md.
- Unit tests with pytest.
- Performance testing with Locust.
- Logging with Loguru.
- Monitoring with Prometheus and Grafana.
- Add machine learning for fare prediction and driver assignment optimization.
- Integrate multi-factor authentication (MFA).
- Expand delivery services to include scheduling options.
- Fork the repository.
- Clone your fork.
- Create a new branch for your feature.
- Commit changes and push to your branch.
- Create a pull request.
Copyright (c) 2024, TikMe Bike Taxi (Pvt) Ltd. All Rights Reserved. This code is proprietary and confidential. Unauthorized copying, sharing, or distribution is strictly prohibited.
For questions or suggestions, please contact: [Your Email Address]