A FastAPI-based application that enables users to create secure QR codes for sharing personal information with controlled access and authorization workflows.
- QR Code Generation: Create QR codes containing access tokens to personal information
- Two-Tier Access Control:
- Basic Access: Shares all user information fields
- Secure Access: Allows selective sharing of specific information fields
- Password Protection: All access codes are password-protected
- Authorization Workflow: Request-based access system with email notifications
- Credit System: Users consume credits to generate access codes
- Authentication: Secure user sessions with expiration
- Two-Factor Authentication: OTP verification via email for login
- Password Reset: Secure password reset with email verification
- Role-Based Permissions: Granular access control system
- Account Verification: Email-based account verification for new users
- Real-time Notifications: WebSocket-based notification system
- Email Integration: Templated email notifications for various actions
- File Storage: Secure file upload and storage system
- Backend Framework: FastAPI with Python 3.13+
- Database: PostgreSQL with SQLModel ORM
- Database Migrations: Alembic
- Authentication: cookie-based sessions
- Email: SMTP with templated emails
- File Storage: Local filesystem storage
- QR Code Generation: Python qrcode library with PIL
qrapp/
βββ app/
β βββ config/ # Environment configuration
β βββ db/ # Database models and setup
β β βββ builders/ # Builder patterns for model creation
β β βββ models.py # SQLModel database models
β βββ route/v1/ # API routes and controllers
β β βββ controllers/ # FastAPI route handlers
β β βββ providers/ # Business logic layer
β β βββ dto/ # Data transfer objects
β βββ security/ # Permission and authorization system
β βββ services/ # Core services (email, crypto, QR, etc.)
β βββ utils/ # Utility functions and error handling
βββ assets/templates/ # Email templates
βββ fs/storage/ # File storage directory
βββ migrations/ # Alembic database migrations
βββ tests/ # Test files
- Python 3.13+
- PostgreSQL database
- SMTP email server access
-
Clone the repository
git clone <repository-url> cd qrapp
-
Install dependencies using Poetry
poetry install
-
Set up environment variables Create a
.envfile in the root directory:DEBUG=true DB_URL=postgresql://username:password@localhost/qrapp GOOGLE_APP_PASSWORD=your_email_app_password APP_EMAIL_ADDRESS=[email protected] FRONTEND_URL=http://localhost:3000 API_URL=http://localhost:8000 CURRENT_API_VERSION=v1 SECURE_ACCESS_GENERATION_CREDIT_COST=10 BASIC_ACCESS_GENERATION_CREDIT_COST=5
-
Run database migrations
alembic upgrade head
-
Start the application
python main.py
The API will be available at http://localhost:8000
- User: User accounts with authentication and profile information
- AccessCode: QR code access tokens with password protection
- InfoField: User information fields that can be shared
- Notification: Real-time notifications for users
- FileResource: File storage and management
- LoginSession: User authentication sessions
- Role & Permission: Authorization and access control
POST /v1/auth/register- User registrationPOST /v1/auth/login- User login with OTPPOST /v1/auth/login/verify-otp- OTP verificationPOST /v1/auth/logout- User logoutGET /v1/auth/verify-account/{token}- Account verificationPOST /v1/auth/password-reset- Password reset requestPOST /v1/auth/password-reset/{ticket_id}- Execute password reset
GET /v1/access-code/costs- Get generation costsPOST /v1/access-code- Generate new access codeGET /v1/access-codes- List user's access codesGET /v1/access-codes/accessed- List accessed access codesPOST /v1/access-code/pwd-set/{token}- Set access code passwordPOST /v1/access-code/access- Request access to codePOST /v1/access-code/grant/{request_id}- Grant access requestDELETE /v1/access-code/{id}- Delete access code
POST /v1/infofield- Create information fieldGET /v1/infofields- List user's information fieldsGET /v1/infofields/{id}- Get specific information fieldDELETE /v1/infofield/{id}- Delete information field
GET /v1/me- Get current user profilePUT /v1/me- Update user profilePUT /v1/me/profile-picture- Update profile picture
- User creates information fields (name, phone, email, etc.)
- User generates an access code (basic or secure)
- System creates QR code and sends password setup email
- User sets password to activate the access code
- QR code can now be shared with others
- Person scans QR code to get access code ID
- Person enters the access code password
- System sends authorization request to code owner
- Code owner approves/denies the request via email link
- If approved, requester gains access to shared information
- All passwords are hashed using bcrypt
- Session tokens have configurable expiration times
- Email verification required for account activation
- Two-factor authentication for login
- Permission-based access control for all resources
- Secure file storage with access controls
The application includes responsive email templates for:
- Account verification
- OTP codes for login
- Password reset requests
- Access code password setup
- Access request notifications
- Access granted confirmations
Run tests using:
# Add your test command here when tests are implemented
pytestfastapi[standard]- Web frameworksqlmodel- Database ORMalembic- Database migrationspsycopg2-binary- PostgreSQL adapterpasslib[bcrypt]- Password hashingqrcode[pil]- QR code generationwebsockets- WebSocket supportslowapi- Rate limitingpytz- Timezone handling
For production deployment:
- Set
DEBUG=falsein environment variables - Configure production database URL
- Set up proper SMTP server for emails
- Configure frontend URL correctly
- Ensure secure session settings
- Set up proper file storage permissions
MIT
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests if applicable
- Submit a pull request
For support or questions, contact: [email protected]