mirror of
http://88.130.71.182:3000/BlitTech/deals24togo_be.git
synced 2026-06-12 23:33:21 +00:00
Deals24Togo — Backend API
Production-grade FastAPI backend for the Deals24Togo marketplace. Supports listings for real estate, vehicles, electronics, furniture, jobs, and services.
Architecture
backend/
├── app/
│ ├── api/v1/endpoints/ # Route handlers (auth, users, agencies, listings, etc.)
│ ├── core/ # Config, security, Supabase client, logging, exceptions
│ ├── middleware/ # Auth dependencies (JWT extraction, RBAC)
│ ├── schemas/ # Pydantic request/response models
│ ├── services/ # Business logic layer
│ └── main.py # FastAPI app factory
├── migrations/ # Supabase SQL migrations
├── scripts/ # Seed & utility scripts
├── tests/ # Pytest test suite
├── Dockerfile # Production container
├── docker-compose.yml # Local dev
└── requirements.txt
Tech Stack
| Layer | Technology |
|---|---|
| Framework | FastAPI 0.115+ |
| Database | Supabase (PostgreSQL) |
| Auth | JWT (python-jose) + bcrypt |
| File Storage | Supabase Storage |
| Validation | Pydantic v2 |
| Rate Limiting | SlowAPI |
| Logging | structlog (JSON in prod) |
| Monitoring | Sentry (optional) |
| Container | Docker |
API Endpoints
Authentication (/api/v1/auth)
| Method | Path | Auth | Description |
|---|---|---|---|
| POST | /register |
Public | Register user |
| POST | /login |
Public | Login, get tokens |
| POST | /refresh |
Public | Refresh access token |
| GET | /me |
Required | Get current user |
| POST | /change-password |
Required | Change password |
| POST | /password-reset/request |
Public | Request reset email |
| POST | /password-reset/confirm |
Public | Confirm reset with token |
Users (/api/v1/users)
| Method | Path | Auth | Description |
|---|---|---|---|
| GET | /me |
Required | Get my profile |
| PATCH | /me |
Required | Update my profile |
| GET | / |
Admin | List all users |
| GET | /{user_id} |
Admin | Get user by ID |
| POST | /{user_id}/verify |
Admin | Verify user |
| DELETE | /{user_id} |
Owner/Admin | Delete user |
Agencies (/api/v1/agencies)
| Method | Path | Auth | Description |
|---|---|---|---|
| GET | / |
Public | List agencies |
| GET | /me |
Required | Get my agency |
| GET | /{agency_id} |
Public | Get agency by ID |
| POST | / |
Required | Create agency |
| PATCH | /{agency_id} |
Owner/Admin | Update agency |
| POST | /{agency_id}/verify |
Admin | Verify agency |
| POST | /{agency_id}/revoke |
Admin | Revoke verification |
| DELETE | /{agency_id} |
Admin | Delete agency |
Categories (/api/v1/categories)
| Method | Path | Auth | Description |
|---|---|---|---|
| GET | / |
Public | List all categories |
| GET | /{category_id} |
Public | Get category |
| GET | /slug/{slug} |
Public | Get category by slug |
| POST | / |
Admin | Create category |
| PATCH | /{category_id} |
Admin | Update category |
| DELETE | /{category_id} |
Admin | Delete category |
Listings (/api/v1/listings)
| Method | Path | Auth | Description |
|---|---|---|---|
| GET | / |
Public | Search/list listings |
| GET | /featured |
Public | Top 8 popular listings |
| GET | /{listing_id} |
Public | Get listing (increments views) |
| GET | /agency/mine |
Agency | My agency's listings |
| POST | / |
Agency | Create listing |
| PATCH | /{listing_id} |
Owner/Admin | Update listing |
| DELETE | /{listing_id} |
Owner/Admin | Delete listing |
| GET | /admin/all |
Admin | List all (any status) |
| PATCH | /{listing_id}/status |
Admin | Approve/reject |
| GET | /stats/overview |
Required | Listing statistics |
Messages (/api/v1/messages)
| Method | Path | Auth | Description |
|---|---|---|---|
| POST | / |
Public | Send contact message |
| GET | / |
Agency | List my messages |
| GET | /unread-count |
Agency | Unread count |
| PATCH | /{message_id}/read |
Agency | Mark read/unread |
| DELETE | /{message_id} |
Agency | Delete message |
Favorites (/api/v1/favorites)
| Method | Path | Auth | Description |
|---|---|---|---|
| POST | / |
Required | Add to favorites |
| GET | / |
Required | List my favorites |
| GET | /check/{listing_id} |
Required | Check if favorited |
| DELETE | /{listing_id} |
Required | Remove from favorites |
Uploads (/api/v1/uploads)
| Method | Path | Auth | Description |
|---|---|---|---|
| POST | /image |
Required | Upload single image |
| POST | /images |
Required | Upload multiple images |
| DELETE | / |
Required | Delete image by URL |
Health (/health)
| Method | Path | Auth | Description |
|---|---|---|---|
| GET | /health |
Public | Health check |
Setup
1. Supabase Project
- Create a project at supabase.com
- Go to SQL Editor and run
migrations/001_initial_schema.sql - Go to Storage and create a bucket called
listingswith public access - Copy your project URL, anon key, and service role key
2. Environment
cp .env.example .env
# Edit .env with your Supabase credentials
3. Run Locally
With Docker:
docker-compose up --build
Without Docker:
python -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt
uvicorn app.main:create_app --factory --reload
4. Seed Data
python -m scripts.seed
5. API Docs
Visit http://localhost:8000/docs (Swagger UI) in development mode.
Deployment
Railway / Render / Fly.io
- Push to a Git repository
- Connect the repo to your platform
- Set environment variables from
.env.example - Deploy — the
Dockerfilehandles everything
Production Checklist
- Set
APP_ENV=productionandDEBUG=false - Set a strong random
SECRET_KEY(64+ chars) - Configure
ALLOWED_ORIGINSto your frontend domain - Set up Sentry DSN for error tracking
- Configure SMTP for password reset emails
- Enable Supabase RLS policies for direct client access
- Set up Supabase Storage bucket with appropriate policies
Frontend Integration
The frontend should:
- Store tokens from
/auth/loginresponse - Send
Authorization: Bearer <access_token>on every authenticated request - Use
/auth/refreshwhen the access token expires - Replace all mock data imports with API calls to the endpoints above
Base URL pattern: ${API_BASE_URL}/api/v1/...