A full-stack authentication system with secure user registration, login, email verification, and role-based access control — built with FastAPI, PostgreSQL, and React.
- User Registration — Sign up with email and password with input validation
- Login & JWT Auth — Secure token-based authentication using JSON Web Tokens
- Email Verification — Account activation via verification link sent to email
- Access Control — Role-based route protection (admin / user)
- Password Hashing — Bcrypt hashing; plain-text passwords never stored
- Protected Routes — Frontend routes guarded based on auth state
| Layer | Technology |
|---|---|
| Backend | FastAPI (Python) |
| Database | PostgreSQL |
| Frontend | React |
| Auth | JWT (JSON Web Tokens) |
| Security | Bcrypt password hashing |
auth-system/
├── auth-backend/
│ ├── main.py # FastAPI app entry point
│ ├── models.py # Database models
│ ├── database.py # DB connection setup
│ ├── auth_utils.py # JWT & password hashing utilities
│ ├── db.sql # SQL schema
│ └── requirements.txt
├── auth-frontend/
│ ├── public/
│ └── src/
│ ├── App.js
│ └── index.js
└── .gitignore
- Python 3.9+
- Node.js 18+
- PostgreSQL
cd auth-backend
# Create and activate virtual environment
python -m venv venv
source venv/bin/activate # Windows: venv\Scripts\activate
# Install dependencies
pip install -r requirements.txt
# Set up environment variables
cp .env.example .env
# Edit .env — add your DB URL and JWT secret key
# Run database schema
psql -U postgres -f db.sql
# Start the server
uvicorn main:app --reloadcd auth-frontend
npm install
npm start- Passwords hashed with bcrypt before storage
- JWT tokens with expiry for session management
- Email verification prevents fake account creation
- Role-based middleware protects sensitive endpoints
Built by Farha Tazmeen C