A production-ready full-stack authentication template with React + TypeScript frontend and FastAPI backend. This project serves as a solid foundation for building modern web applications with JWT-based authentication.
- ✨ Professional layout with topbar, sidebar, and main content area
- 🌙 Dark/Light mode toggle with persistent theme
- 📱 Fully responsive design (desktop, tablet, mobile)
- 🔐 JWT authentication with automatic token refresh
- 🛡️ Protected routes with auth guards
- 📦 TypeScript for type safety
- 🎨 Modern gradient UI with smooth animations
- ⚡ Vite for fast development and build
- 🔑 JWT authentication (access + refresh tokens)
- 🔐 Bcrypt password hashing (12 rounds)
- 👤 User registration and login endpoints
- 🛡️ Protected API routes
- 📊 SQLModel ORM with SQLite database
- 🌐 CORS middleware configuration
- ✅ Input validation with Pydantic
- 🔄 Token refresh mechanism
rag/
├── frontend/ # React + TypeScript app
│ ├── src/
│ │ ├── components/ # Layout, AuthForm, ProtectedRoute
│ │ ├── pages/ # DashboardPage
│ │ ├── auth/ # AuthContext for state management
│ │ ├── api.ts # API client with types
│ │ ├── App.tsx # Routing configuration
│ │ └── main.tsx # Entry point
│ ├── package.json
│ ├── tsconfig.json
│ └── vite.config.ts
│
└── backend/ # FastAPI application
├── app/
│ ├── main.py # FastAPI app and routes
│ ├── auth.py # Authentication logic
│ ├── models.py # SQLModel database models
│ ├── schemas.py # Pydantic request/response models
│ ├── config.py # Configuration settings
│ └── database.py # Database connection
├── requirements.txt # Python dependencies
└── app.db # SQLite database (generated)
- Node.js 16+ and npm
- Python 3.8+
- Git
-
Navigate to backend directory:
cd backend -
Create virtual environment:
python -m venv .venv # Windows .\.venv\Scripts\Activate.ps1 # macOS/Linux source .venv/bin/activate
-
Install dependencies:
pip install -r requirements.txt
-
Run development server:
uvicorn app.main:app --reload
- API available at:
http://localhost:8000 - Interactive docs:
http://localhost:8000/docs
- API available at:
-
Navigate to frontend directory:
cd frontend -
Install dependencies:
npm install
-
Run development server:
npm run dev
- App available at:
http://localhost:5173
- App available at:
SECRET_KEY=your-secret-key-here-change-in-production
DATABASE_URL=sqlite:///./app.db
ACCESS_TOKEN_EXPIRE_MINUTES=15
REFRESH_TOKEN_EXPIRE_DAYS=7VITE_API_BASE_URL=http://localhost:8000POST /auth/register- Create new user accountPOST /auth/login- Authenticate user, receive tokensPOST /auth/refresh- Refresh access token using refresh tokenGET /auth/me- Get current user info (requires Bearer token)
GET /health- Server health status
curl -X POST http://localhost:8000/auth/register \
-H "Content-Type: application/json" \
-d '{
"email": "user@example.com",
"password": "SecurePass123",
"full_name": "John Doe"
}'curl -X POST http://localhost:8000/auth/login \
-H "Content-Type: application/json" \
-d '{
"email": "user@example.com",
"password": "SecurePass123"
}'Response:
{
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGc...",
"refresh_token": "eyJ0eXAiOiJKV1QiLCJhbGc...",
"token_type": "bearer"
}curl -X GET http://localhost:8000/auth/me \
-H "Authorization: Bearer {access_token}"- Minimum length: 8 characters
- Maximum length: 72 bytes (UTF-8 encoded) - bcrypt limitation
- Recommended: Mix of uppercase, lowercase, numbers, and special characters
- Toggle button in the top-right of the topbar
- Theme preference persists in localStorage
- All components automatically adapt to the selected theme
- Click
<</>>button in the main header bar to show/hide sidebar - On mobile, sidebar slides in from the left as an overlay
- Button is hidden on mobile, hamburger menu in topbar instead
- Access tokens expire after 15 minutes
- Frontend automatically refreshes 1 minute before expiry
- Refresh tokens valid for 7 days
- Seamless user experience with background token refresh
- Dashboard and authenticated pages require valid JWT token
- Invalid/expired tokens redirect to login page
- Token stored in localStorage for session persistence
cd frontend
npm run dev # Start dev server
npm run build # Production build
npm run preview # Preview production build
npm run lint # Run ESLintcd backend
source .venv/bin/activate # or .\.venv\Scripts\Activate.ps1 on Windows
uvicorn app.main:app --reload # Hot reload on file changescd frontend
npm run build
# Deploy the 'dist' folder to your hosting service# Use a production ASGI server like Gunicorn
pip install gunicorn
gunicorn -w 4 -k uvicorn.workers.UvicornWorker app.main:app- Change
SECRET_KEYin production - Use HTTPS in production
- Set
CORS_ORIGINSappropriately for your domain - Store sensitive env variables securely (use environment secrets)
- Set secure cookies for tokens in production
- Use strong passwords for admin/service accounts
- React 18.3.1
- TypeScript 5.4.5
- React Router 6.30.1
- Vite 5.4.19
- CSS3 with CSS Variables
- FastAPI 0.116.1
- SQLModel 0.0.24
- Pydantic 2.x
- SQLAlchemy (via SQLModel)
- Bcrypt 4.1.0+
- python-jose 3.5.0
- python-multipart 0.0.6
- email-validator 2.1.0+
- main.py - FastAPI application, route definitions
- auth.py - Authentication helpers (password hashing, JWT creation)
- schemas.py - Request/response Pydantic models
- models.py - SQLModel database models
- config.py - Configuration and settings
- database.py - Database connection and session
- Layout.tsx - Main app layout (topbar, sidebar)
- AuthContext.tsx - Authentication state management
- ProtectedRoute.tsx - Route guard component
- api.ts - Typed HTTP client
- DashboardPage.tsx - Dashboard/home page
- LoginPage.tsx - User login page
- RegisterPage.tsx - User registration page
- Create new file in
frontend/src/pages/NewPage.tsx - Add route in
App.tsx - Add menu item in
Layout.tsxnavItems (optional)
- Create new route in
backend/app/main.py - Create request/response models in
schemas.py - Add logic in separate utility files
- Create client method in
frontend/src/api.ts
- Layout CSS:
frontend/src/components/Layout.css - Dashboard CSS: Inline in
frontend/src/pages/DashboardPage.tsx - Global styles:
frontend/src/styles.css - Theme colors: Update CSS color variables
- Ensure backend
CORS_ORIGINSincludes frontend origin - Check both frontend API URL and backend CORS config
- Verify
ACCESS_TOKEN_EXPIRE_MINUTESsetting - Check token refresh endpoint is working
- Confirm refresh token isn't expired (7 days default)
- Ensure password is at least 8 characters
- Check password doesn't exceed 72 bytes
- Verify UTF-8 encoding for special characters
- Delete
app.dbto reset database - Ensure
app/directory has write permissions - Check SQLite is properly installed
When contributing to this template:
- Maintain TypeScript strict mode
- Keep code well-documented
- Test both light and dark modes
- Test responsive design (mobile, tablet, desktop)
- Follow existing code style
See CONTRIBUTING.md for detailed guidelines.
MIT License - feel free to use this template for personal and commercial projects. See LICENSE for details.
For issues, questions, or improvements:
- Check existing documentation
- Review inline code comments
- Test with provided API examples
- Check browser console for error messages
- Review CHANGELOG.md for version history
See CHANGELOG.md for complete version history and roadmap.
Happy coding! 🚀