-
Install dependencies
- Backend
python -m venv .venv source .venv/bin/activate pip install -e .[dev] - Frontend
cd src/frontend pnpm install
- Backend
-
Environment variables
Copy the template and customise:cp .env.example .env
-
Run services
- Backend:
uvicorn src.main:api --reload - Frontend:
cd src/frontend && pnpm dev
- Backend:
-
Checks
- Frontend build:
pnpm run build
- Frontend build:
-
Populate
.env(based on.env.example). For local Docker usage keep:REFRESH_COOKIE_SECURE=falseCORS_ALLOWED_ORIGINS=http://localhost:3000
-
Build and start everything:
docker compose up --build
-
Published services:
- Frontend SPA → http://localhost:3000
- FastAPI backend → http://localhost:8000
- PostgreSQL →
localhost:5432 - Redis →
localhost:6379
- Refresh tokens live in HttpOnly cookies; when deploying behind TLS set
REFRESH_COOKIE_SECURE=trueand updateREFRESH_COOKIE_DOMAIN. - Credential secrets are encrypted client-side with AES-GCM using a key derived from the account password. After a page refresh the vault must be unlocked via the password prompt.
- Rate limiting is handled in Redis; ensure the Redis instance is protected in production.