chore: initial project setup with backend, frontend, and infrastructure

Add complete NexaPantry application structure including: - Docker Compose configuration with PostgreSQL, Redis, FastAPI backend, worker, frontend and Caddy - Environment configuration template with database, auth, and service settings - GitHub Actions CI workflow for backend/frontend linting, testing, auditing and Docker builds - AGPL-3.0 license and comprehensive README with setup, development, and security documentation - Backend
2026-06-04 10:26:38 +02:00
commit 3792ca55e7
74 changed files with 13417 additions and 0 deletions
--- a/backend/app/core/config.py
+++ b/backend/app/core/config.py
@@ -0,0 +1,34 @@
+from functools import lru_cache
+
+from pydantic import field_validator
+from pydantic_settings import BaseSettings, SettingsConfigDict
+
+
+class Settings(BaseSettings):
+    app_env: str = "production"
+    instance_url: str = "http://localhost"
+    frontend_origin: str = "http://localhost"
+    database_url: str = "postgresql+psycopg://nexapantry:nexapantry@localhost:5432/nexapantry"
+    redis_url: str | None = None
+    jwt_secret_key: str
+    settings_secret_key: str
+    cookie_secure: bool = True
+    cors_origins: list[str] = ["http://localhost"]
+    log_level: str = "INFO"
+    default_timezone: str = "Europe/Vienna"
+    daily_worker_interval_seconds: int = 300
+
+    model_config = SettingsConfigDict(env_file=".env", env_file_encoding="utf-8", extra="ignore")
+
+    @field_validator("cors_origins", mode="before")
+    @classmethod
+    def parse_origins(cls, value: str | list[str]) -> list[str]:
+        if isinstance(value, str):
+            return [origin.strip() for origin in value.split(",") if origin.strip()]
+        return value
+
+
+@lru_cache
+def get_settings() -> Settings:
+    return Settings()
+
--- a/backend/app/core/security.py
+++ b/backend/app/core/security.py
@@ -0,0 +1,66 @@
+import hashlib
+import secrets
+from datetime import UTC, datetime, timedelta
+from typing import Any
+
+from cryptography.fernet import Fernet, InvalidToken
+from jose import JWTError, jwt
+from passlib.context import CryptContext
+
+from app.core.config import get_settings
+
+pwd_context = CryptContext(schemes=["argon2"], deprecated="auto")
+ALGORITHM = "HS256"
+
+
+def hash_password(password: str) -> str:
+    return pwd_context.hash(password)
+
+
+def verify_password(password: str, password_hash: str | None) -> bool:
+    return bool(password_hash) and pwd_context.verify(password, password_hash)
+
+
+def create_session_token(user_id: str, minutes: int = 60 * 24 * 14) -> str:
+    expires_at = datetime.now(UTC) + timedelta(minutes=minutes)
+    payload: dict[str, Any] = {"sub": user_id, "exp": expires_at}
+    return jwt.encode(payload, get_settings().jwt_secret_key, algorithm=ALGORITHM)
+
+
+def decode_session_token(token: str) -> str | None:
+    try:
+        payload = jwt.decode(token, get_settings().jwt_secret_key, algorithms=[ALGORITHM])
+        return str(payload.get("sub"))
+    except JWTError:
+        return None
+
+
+def new_token() -> str:
+    return secrets.token_urlsafe(32)
+
+
+def hash_token(token: str) -> str:
+    return hashlib.sha256(token.encode("utf-8")).hexdigest()
+
+
+def encrypt_secret(value: str | None) -> str | None:
+    if not value:
+        return None
+    return Fernet(get_settings().settings_secret_key.encode("utf-8")).encrypt(
+        value.encode("utf-8")
+    ).decode("utf-8")
+
+
+def decrypt_secret(value: str | None) -> str | None:
+    if not value:
+        return None
+    try:
+        return Fernet(get_settings().settings_secret_key.encode("utf-8")).decrypt(
+            value.encode("utf-8")
+        ).decode("utf-8")
+    except InvalidToken:
+        return None
+
+def make_csrf_token() -> str:
+    return secrets.token_urlsafe(24)
+