chore: basic backend setup

Backend/app/api/deps.py

@@ -0,0 +1,50 @@
+from fastapi import Depends, HTTPException, status
+from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
+from sqlalchemy.ext.asyncio import AsyncSession
+from sqlalchemy import select
+from jose import JWTError, jwt
+from app.database import async_session_maker
+from app.models import User
+from app.config import settings
+
+security  = HTTPBearer()
+
+async def get_db():
+    async with async_session_maker() as session:
+        try:
+            yield session
+            await session.commit()
+        except Exception:
+            await session.rollback()
+            raise
+        finally:
+            await session.close()
+
+
+async def get_current_user(
+        credentials: HTTPAuthorizationCredentials = Depends(security),
+        db: AsyncSession = Depends(get_db)
+) -> User:
+    credentials_exception = HTTPException(
+        status_code=status.HTTP_401_UNAUTHORIZED, 
+        detail="could not validate credentials",
+        headers={"WWW-Authenticate": "Bearer"},
+    )
+
+    try:
+        token = credentials.credentials
+        payload = jwt.decode(token, settings.SECRET_KEY, algorithms=[settings.ALGORITHM])
+        username: str = payload.get("sub")
+        if username is None:
+            raise credentials_exception
+    except JWTError:
+        raise credentials_exception
+    
+    result = await db.execute(select(User).filter(User.username == username))
+    user = result.scalar_one_or_none()
+
+    if user is None:
+        raise credentials_exception
+    
+    return user
+

Backend/app/api/v1/__init__.py

@@ -0,0 +1,3 @@
+from app.api.v1.api import api_router
+
+__all__ = ["api_router"]

Backend/app/api/v1/api.py

@@ -0,0 +1,18 @@
+from fastapi import APIRouter
+from app.api.v1.endpoints import auth, students
+
+api_router = APIRouter()
+
+# Include authentication routes
+api_router.include_router(
+    auth.router,
+    prefix="/auth",
+    tags=["Authentication"]
+)
+
+# Include student routes
+api_router.include_router(
+    students.router,
+    prefix="/students",
+    tags=["Students"]
+)

Backend/app/api/v1/endpoints/auth.py

@@ -0,0 +1,66 @@
+from fastapi import APIRouter, HTTPException, Depends, status
+from sqlalchemy.ext.asyncio import AsyncSession
+from sqlalchemy import select
+from datetime import timedelta
+from app.schema import UserCreate, Token
+from app.models import User
+from app.core import verify_password, get_password_hash, create_access_token
+from app.api.deps import get_db
+from app.config import settings
+
+
+router = APIRouter()
+
+@router.post("/register", response_model=dict)
+async def register(user: UserCreate, db: AsyncSession = Depends(get_db)):
+    try:
+        result = await db.execute(select(User).filter(User.username == user.username))
+        existing_user = result.scalar_one_or_none()
+
+        if existing_user:
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                detail='Username already registered'
+            )
+        new_user = User(
+            username=user.username,
+            hashed_password=get_password_hash(user.password)
+        )
+        db.add(new_user)
+        await db.commit()
+
+        return {"message": "User registered sucessfully", "username": user.username}
+    except HTTPException:
+        raise
+    except Exception as e:
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail=f'registered failed: {str(e)}'
+        )
+    
+@router.post("/login", response_model=Token)
+async def login(username: str, password: str, db: AsyncSession = Depends(get_db)):
+    try:
+        result = await db.execute(select(User).filter(User.username == username))
+        user = result.scalar_one_or_none()
+
+        if not user or not verify_password(password, user.hashed_password):
+            raise HTTPException(
+                status_code=status.HTTP_401_UNAUTHORIZED,
+                detail="Incorrect username or password",
+                headers={"WWW-Authenticate": "Bearer"},
+            )
+        access_token_expires = timedelta(minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES)
+        access_token = create_access_token(
+            data={'sub':user.username},
+            expires_deltas=access_token_expires
+        )
+
+        return {"access_token":access_token, "token_type":"bearer"}
+    except HTTPException:
+        raise 
+    except Exception as e:
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail=f"Login failed: {str(e)}"
+        )

Backend/app/api/v1/endpoints/students.py

@@ -0,0 +1,178 @@
+from fastapi import APIRouter, HTTPException, Depends, status
+from sqlalchemy.ext.asyncio import AsyncSession
+from sqlalchemy import select
+from typing import List
+from app.schema import StudentCreate, StudentUpdate, StudentResponse
+from app.models import Student, User
+from app.api.deps import get_db, get_current_user
+
+router = APIRouter()
+
+@router.post("/", response_model=StudentResponse, status_code=status.HTTP_201_CREATED)
+async def create_student(
+    student: StudentCreate,
+    db:AsyncSession = Depends(get_db),
+    current_user: User = Depends(get_current_user)
+):
+    try:
+        result = await db.execute(select(Student).filter(Student.email == student.email))
+        existing_user = result.scalar_one_or_none()
+
+        if existing_user:
+            raise HTTPException(
+                status_code= status.HTTP_400_BAD_REQUEST,
+                detail=f'student with email {student.email} already exists'
+            )
+        
+        new_student = Student(**student.model_dump())
+        db.add(new_student)
+        await db.commit()
+        await db.refresh(new_student)
+
+        return new_student
+    except HTTPException:
+        raise
+    except Exception as e :
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail=f'failed to create student: {str(e)}'
+        )
+@router.get("/", response_model=List[StudentResponse])
+async def get_all_students(
+    skip: int = 0,
+    limit: int = 100,
+    db: AsyncSession = Depends(get_db),
+    current_user: User = Depends(get_current_user)
+):
+    """Get all students with pagination (Protected)"""
+    try:
+        result = await db.execute(
+            select(Student).offset(skip).limit(limit)
+        )
+        students = result.scalars().all()
+        return students
+    except Exception as e:
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail=f"Failed to fetch students: {str(e)}"
+        )
+
+
+@router.get("/{student_id}", response_model=StudentResponse)
+async def get_student(
+    student_id: int,
+    db: AsyncSession = Depends(get_db),
+    current_user: User = Depends(get_current_user)
+):
+    """Get a specific student by ID (Protected)"""
+    try:
+        result = await db.execute(select(Student).filter(Student.id == student_id))
+        student = result.scalar_one_or_none()
+        
+        if not student:
+            raise HTTPException(
+                status_code=status.HTTP_404_NOT_FOUND,
+                detail=f"Student with ID {student_id} not found"
+            )
+        
+        return student
+    except HTTPException:
+        raise
+    except Exception as e:
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail=f"Failed to fetch student: {str(e)}"
+        )
+
+
+@router.put("/{student_id}", response_model=StudentResponse)
+async def update_student(
+    student_id: int,
+    student_update: StudentUpdate,
+    db: AsyncSession = Depends(get_db),
+    current_user: User = Depends(get_current_user)
+):
+    """Update a student's information (Protected)"""
+    try:
+        result = await db.execute(select(Student).filter(Student.id == student_id))
+        student = result.scalar_one_or_none()
+        
+        if not student:
+            raise HTTPException(
+                status_code=status.HTTP_404_NOT_FOUND,
+                detail=f"Student with ID {student_id} not found"
+            )
+        
+        # Update only provided fields
+        update_data = student_update.model_dump(exclude_unset=True)
+        
+        # Check email uniqueness if email is being updated
+        if "email" in update_data:
+            result = await db.execute(
+                select(Student).filter(
+                    Student.email == update_data["email"],
+                    Student.id != student_id
+                )
+            )
+            existing = result.scalar_one_or_none()
+            if existing:
+                raise HTTPException(
+                    status_code=status.HTTP_400_BAD_REQUEST,
+                    detail=f"Email {update_data['email']} is already in use"
+                )
+        
+        for key, value in update_data.items():
+            setattr(student, key, value)
+        
+        await db.commit()
+        await db.refresh(student)
+        
+        return student
+    except HTTPException:
+        raise
+    except Exception as e:
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail=f"Failed to update student: {str(e)}"
+        )
+
+
+@router.patch("/{student_id}", response_model=StudentResponse)
+async def partial_update_student(
+    student_id: int,
+    student_update: StudentUpdate,
+    db: AsyncSession = Depends(get_db),
+    current_user: User = Depends(get_current_user)
+):
+    """Partially update a student (same as PUT for this implementation) (Protected)"""
+    return await update_student(student_id, student_update, db, current_user)
+
+
+@router.delete("/{student_id}", status_code=status.HTTP_204_NO_CONTENT)
+async def delete_student(
+    student_id: int,
+    db: AsyncSession = Depends(get_db),
+    current_user: User = Depends(get_current_user)
+):
+    """Delete a student (Protected)"""
+    try:
+        result = await db.execute(select(Student).filter(Student.id == student_id))
+        student = result.scalar_one_or_none()
+        
+        if not student:
+            raise HTTPException(
+                status_code=status.HTTP_404_NOT_FOUND,
+                detail=f"Student with ID {student_id} not found"
+            )
+        
+        await db.delete(student)
+        await db.commit()
+        
+        return None
+    except HTTPException:
+        raise
+    except Exception as e:
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail=f"Failed to delete student: {str(e)}"
+        )

Backend/app/core/__init__.py

@@ -0,0 +1,3 @@
+from app.core.security import verify_password, get_password_hash, create_access_token
+
+__all__ = ["verify_password", "get_password_hash", "create_access_token"]

Backend/app/core/security.py

@@ -0,0 +1,24 @@
+from datetime import datetime, timedelta
+from typing import Optional
+from passlib.context import CryptContext
+from jose import jwt
+from app.config import settings
+
+pwd_context = CryptContext(schemes=["argon2"], deprecated="auto")
+
+def verify_password(plain_password: str, hashed_password:str) -> bool:
+    password_bytes = plain_password.encode("utf-8")[:72]
+    plain_password_truncated = password_bytes.decode("utf-8", errors="ignore")
+    return pwd_context.verify(plain_password, hashed_password)
+
+def get_password_hash(password: str) -> str:
+    password_bytes = password.encode('utf-8')[:72]
+    password_truncated = password_bytes.decode("utf-8", errors='ignore')
+    return pwd_context.hash(password_truncated)
+
+def create_access_token(data: dict, expires_deltas: Optional[timedelta] = None) -> str:
+    to_encode = data.copy()
+    expire = datetime.now() + (expires_deltas or  timedelta(minutes=15))
+    to_encode.update({"exp": expire})
+    encoded_jwt = jwt.encode(to_encode, settings.SECRET_KEY, algorithm=settings.ALGORITHM)
+    return encoded_jwt

Backend/{src/db/client.py → app/database.py}

@@ -1,7 +1,7 @@
 from sqlalchemy.ext.asyncio import create_async_engine, AsyncSession, async_sessionmaker
 from sqlalchemy.orm import DeclarativeBase, Mapped, mapped_column
 from datetime import datetime
-from src.config import settings
+from app.config import settings
 
 
 engine = create_async_engine(settings.DATABASE_URL, echo=True)

Backend/app/main.py

@@ -0,0 +1,53 @@
+from fastapi import FastAPI
+from fastapi.middleware.cors import CORSMiddleware
+from contextlib import asynccontextmanager
+from datetime import datetime
+from app.config import settings
+from app.database import engine, Base
+from app.api.v1.api import api_router
+
+
+@asynccontextmanager
+async def lifespan(app: FastAPI):
+    """Application lifespan manager"""
+    print("🏗️ Server starting:", datetime.now())
+    print("🔧 Creating tables if they don't exist...")
+    
+    async with engine.begin() as conn:
+        await conn.run_sync(Base.metadata.create_all)
+    
+    print("✅ Tables ready!")
+    yield
+    print("🧹 Server shutting down:", datetime.now())
+
+
+# Create FastAPI application
+app = FastAPI(
+    title=settings.APP_NAME,
+    description=settings.APP_DESCRIPTION,
+    version=settings.APP_VERSION,
+    lifespan=lifespan
+)
+
+# CORS Configuration
+app.add_middleware(
+    CORSMiddleware,
+    allow_origins=settings.CORS_ORIGINS,
+    allow_credentials=True,
+    allow_methods=["*"],
+    allow_headers=["*"],
+)
+
+# Include API router
+app.include_router(api_router, prefix="/api/v1")
+
+
+# Health check endpoint
+@app.get("/", tags=["Health"])
+async def root():
+    """Health check endpoint"""
+    return {
+        "status": "healthy",
+        "message": f"{settings.APP_NAME} is running",
+        "version": settings.APP_VERSION
+    }

Backend/app/models/__init__.py

@@ -0,0 +1,4 @@
+from app.models.tables import Student, User
+
+
+__all__ = ["Student", "User"]

Backend/app/models/tables.py

@@ -0,0 +1,21 @@
+from sqlalchemy import String
+from sqlalchemy.orm import Mapped, mapped_column
+from datetime import datetime
+from app.database import Base
+
+
+class Student(Base):
+    __tablename__ = "students"
+
+    id: Mapped[int] = mapped_column(primary_key=True, index= True)
+    name: Mapped[str] = mapped_column(String(100))
+    email: Mapped[str] = mapped_column(String(100), unique=True, index=True)
+    created_at: Mapped[datetime] = mapped_column(default=datetime.now())
+
+class User(Base):
+    __tablename__ = "users"
+
+    id: Mapped[int] = mapped_column(primary_key=True, index=True)
+    username: Mapped[str] =  mapped_column(String(50), unique=True, index=True)
+    # email: Mapped[str] = mapped_column(String(100), unique=True, index=True)
+    hashed_password: Mapped[str] = mapped_column(String(255))

Backend/app/schema/__init__.py

@@ -0,0 +1,3 @@
+from app.schema.models import StudentCreate, StudentUpdate, StudentResponse, UserCreate, Token
+
+__all__ = ["StudentCreate", "StudentUpdate", "StudentResponse", "UserCreate", "Token"]

Backend/app/schema/models.py

@@ -0,0 +1,43 @@
+from pydantic import BaseModel, EmailStr, Field, field_validator, ConfigDict
+from typing import  Optional
+from datetime import datetime
+
+class StudentBase(BaseModel):
+    name: str = Field(..., min_length=2, max_length=100)
+    email: EmailStr = Field(...)
+
+    @field_validator("name")
+    def validate_name(cls, v):
+        if not v.strip():
+            raise ValueError('Name cannot be empty or just whitespace')
+        return v.strip()
+
+class StudentCreate(StudentBase):
+    pass
+
+class StudentUpdate(BaseModel):
+    name: Optional[str] = Field(None, min_length=2, max_length=100)
+    email: Optional[EmailStr] = None
+
+class StudentResponse(StudentBase):
+    id: int
+    created_at: datetime
+
+    model_config = ConfigDict(from_attributes=True)
+
+
+class UserCreate(BaseModel):
+    username: str = Field(..., min_length=3, max_length=50)
+    password: str = Field(..., min_length=6, max_length=72)
+
+    @field_validator('password')
+    def validate_password(cls, v):
+        if len(v.encode("utf-8")) > 72:
+            raise ValueError('Password cannot exceed 72 bytes')
+        return v
+    
+
+class Token(BaseModel):
+    access_token: str
+    token_type: str
+

Backend/run.py

@@ -0,0 +1,11 @@
+import uvicorn
+from app.main import app
+
+
+if __name__ == "__main__":
+    uvicorn.run(
+        "app.main:app",
+        host="0.0.0.0",
+        port=8000,
+        reload=True
+    )

Backend/src/db/models.py

@@ -1,5 +0,0 @@
-from sqlalchemy import String
-from sqlalchemy.orm import Mapped, mapped_column
-from datetime import datetime
-from db.client import Base
-

Backend/src/main.py

@@ -1,31 +0,0 @@
-from fastapi import FastAPI
-from fastapi.middleware.cors import  CORSMiddleware
-from contextlib import asynccontextmanager
-from datetime import datetime
-
-
-
-
-# @asynccontextmanager
-# async def lifespan(app: FastAPI):
-#     print("server starting", datetime.now())
-#     print("creating tables if they dont exist....")
-#     async with engine
-
-# app = FastAPI(lifespan=lifespan)
-# app.include_router(api_router)  
-app.add_middleware(
-    CORSMiddleware,
-    allow_origins=["*"], 
-    allow_credentials=True,
-    allow_methods=["*"],
-    allow_headers=["*"],
-)
-@app.get("/", tags=["Health"])
-async def root():
-    """Health check endpoint"""
-    return {
-        "status": "healthy",
-        "message": "Student Management API is running",
-        "version": "1.0.0"
-    }

Frontend/package-lock.json

@@ -7,6 +7,7 @@
     "": {
       "name": "package",
       "version": "0.0.0",
+      "license": "ISC",
       "dependencies": {
         "@splinetool/react-spline": "^4.1.0",
         "@splinetool/runtime": "^1.11.2",

Frontend/package.json

@@ -37,5 +37,10 @@
     "typescript": "~5.9.3",
     "typescript-eslint": "^8.46.3",
     "vite": "^7.2.2"
-  }
+  },
+  "description": "This template provides a minimal setup to get React working in Vite with HMR and some ESLint rules.",
+  "main": "eslint.config.js",
+  "keywords": [],
+  "author": "",
+  "license": "ISC"
 }