A secure, production-ready task management application built with modern web technologies and enterprise-grade DevOps practices. TaskFlow demonstrates full-stack development patterns, containerization, Kubernetes deployment, and comprehensive CI/CD automation.
Author: Sylvester Francis | LinkedIn | YouTube
TaskFlow is a modern web application that showcases contemporary development practices while providing a practical task management solution. Built with security, scalability, and maintainability in mind, it serves as both a functional application and a reference implementation for modern web development.
- Features
- Architecture
- Technology Stack
- Quick Start
- Development
- Deployment
- API Documentation
- Testing
- Security
- DevOps & CI/CD
- Contributing
- License
- Task Management: Complete CRUD operations for tasks with priority levels
- User Authentication: Secure JWT-based authentication with bcrypt password hashing
- Real-time UI: Dynamic updates using HTMX without page refreshes
- Responsive Design: Mobile-friendly interface built with Bootstrap 5
- Task Priorities: Low, Medium, High priority classification
- Status Tracking: Mark tasks as completed/incomplete
- JWT Authentication: Stateless, secure token-based authentication
- Password Security: bcrypt hashing with salt for password storage
- Input Validation: Comprehensive validation using Pydantic models
- SQL Injection Protection: SQLAlchemy ORM prevents SQL injection attacks
- XSS Protection: Template escaping and secure headers
- CSRF Protection: Form token validation for state-changing operations
- Health Checks: Built-in health monitoring endpoints
- API Documentation: Auto-generated OpenAPI/Swagger documentation
- Database Migrations: SQLAlchemy-based schema management
- Structured Logging: Comprehensive logging for debugging and monitoring
- Error Handling: Graceful error handling with user-friendly messages
- Performance Optimization: Efficient queries and caching strategies
- 95%+ Test Coverage: Comprehensive test suite with pytest
- Docker Support: Full containerization with multi-stage builds
- Kubernetes Ready: Production-ready Kubernetes manifests
- CI/CD Pipeline: Automated testing, building, and deployment
- Development Tools: Taskfile for streamlined development workflow
TaskFlow follows a modern, layered architecture designed for scalability and maintainability:
graph TB
subgraph "π¨ Frontend Layer"
A[HTMX + HTML<br/>Templates]
B[Bootstrap 5<br/>Styling]
C[JavaScript<br/>Minimal]
end
subgraph "β‘ Backend Layer"
D[FastAPI<br/>Web Framework]
E[JWT + bcrypt<br/>Authentication]
F[Pydantic<br/>Validation]
end
subgraph "πΎ Data Layer"
G[SQLite<br/>Database]
H[SQLAlchemy<br/>Models & ORM]
I[Alembic<br/>Migrations]
end
A --> D
B --> D
C --> D
D --> E
D --> F
D --> H
H --> G
H --> I
style A fill:#e1f5fe
style B fill:#e8f5e8
style C fill:#fff3e0
style D fill:#f3e5f5
style E fill:#ffebee
style F fill:#e0f2f1
style G fill:#fce4ec
style H fill:#e3f2fd
style I fill:#f1f8e9
sequenceDiagram
participant User as π€ User
participant Frontend as π¨ HTMX Frontend
participant FastAPI as β‘ FastAPI Backend
participant Auth as π JWT Auth
participant DB as πΎ SQLite DB
User->>Frontend: 1. Interact with form/button
Frontend->>FastAPI: 2. HTTP Request + JWT Token
FastAPI->>Auth: 3. Validate JWT Token
Auth-->>FastAPI: 4. User Identity Confirmed
FastAPI->>FastAPI: 5. Business Logic & Validation
FastAPI->>DB: 6. Database Operations (CRUD)
DB-->>FastAPI: 7. Data Response
FastAPI-->>Frontend: 8. HTML Fragment Response
Frontend->>User: 9. DOM Update (No Page Refresh!)
Note over User,DB: π Lightning fast, secure, and smooth!
- FastAPI - Modern, fast Python web framework
- SQLAlchemy - Python SQL toolkit and ORM
- SQLite - Lightweight, serverless database
- Pydantic - Data validation using Python type hints
- python-jose - JWT token handling
- passlib - Password hashing with bcrypt
- HTMX - Modern HTML-over-the-wire approach
- Bootstrap 5 - CSS framework for responsive design
- Jinja2 - Template engine for server-side rendering
- Docker - Containerization with multi-stage builds
- Kubernetes - Container orchestration and deployment
- Helm - Kubernetes package manager
- GitHub Actions - CI/CD automation
- Ansible - Infrastructure as Code automation
- pytest - Testing framework with fixtures and mocking
- Black - Code formatting
- isort - Import sorting
- flake8 - Linting
- Taskfile - Task runner for development workflows
- Python 3.11 or higher
- Git
- Docker (optional, for containerized development)
# Clone the repository
git clone https://github.com/sylvester-francis/taskflow.git
cd taskflow
# Create virtual environment
python -m venv venv
source venv/bin/activate # On Windows: venv\Scripts\activate
# Install dependencies
pip install -r requirements.txt
# Start the development server
uvicorn app.main:app --host 0.0.0.0 --port 8000 --reload# Using Docker Compose
docker-compose up --build
# Or build and run manually
docker build -t taskflow .
docker run -p 8000:8000 taskflow# Setup development environment
task setup
# Run the application
task dev
# Run tests
task test
# Build for production
task build- Main Application: http://localhost:8000
- API Documentation: http://localhost:8000/docs
- Health Check: http://localhost:8000/api/health
- Navigate to http://localhost:8000/register
- Create a new account with username, email, and password
- Login and start managing your tasks
TaskFlow includes a comprehensive development workflow using Taskfile:
# Setup development environment
task setup
# Run the application
task dev
# Run tests
task test
# Run linting and formatting
task lint
# Run security scans
task security
# Build Docker image
task build
# Deploy to Kubernetes
task k8s:deploytaskflow/
βββ app/ # Application source code
β βββ backend/ # Backend logic
β β βββ auth.py # Authentication & JWT handling
β β βββ database.py # Database configuration
β β βββ models.py # SQLAlchemy models & Pydantic schemas
β β βββ routes.py # API route definitions
β βββ frontend/ # Frontend templates and static files
β β βββ templates/ # Jinja2 HTML templates
β β β βββ base.html # Base template
β β β βββ dashboard.html # Main dashboard
β β β βββ login.html # Login page
β β β βββ register.html # Registration page
β β β βββ partials/ # HTMX partial templates
β β βββ static/ # CSS, JS, and image assets
β β βββ style.css # Application styles
β βββ tests/ # Comprehensive test suite (95%+ coverage)
β β βββ conftest.py # Pytest configuration and fixtures
β β βββ test_auth.py # Authentication tests
β β βββ test_database.py # Database tests
β β βββ test_models.py # Model validation tests
β β βββ test_routes.py # API endpoint tests
β β βββ test_main.py # Main application tests
β βββ main.py # FastAPI application entry point
βββ ansible/ # Infrastructure as Code automation
β βββ playbooks/ # Ansible playbooks
β βββ library/ # Custom Ansible modules
β βββ group_vars/ # Environment-specific variables
β βββ inventory/ # Host inventory
βββ k8s/ # Kubernetes manifests
β βββ base/ # Base Kubernetes resources
β βββ overlays/ # Environment-specific overlays
β β βββ dev/ # Development environment
β β βββ prod/ # Production environment
β βββ monitoring/ # Monitoring stack (Prometheus/Grafana)
βββ helm/ # Helm charts
β βββ taskflow/ # TaskFlow Helm chart
β βββ templates/ # Kubernetes template files
β βββ values.yaml # Default values
β βββ values-dev.yaml # Development values
β βββ values-prod.yaml # Production values
βββ docs/ # Documentation
βββ scripts/ # Utility scripts
βββ .github/workflows/ # CI/CD pipelines
βββ Dockerfile # Multi-stage container build
βββ Taskfile.yml # Development task automation
βββ docker-compose.yml # Local development setup
βββ requirements.txt # Python dependencies
βββ pyproject.toml # Project configuration
βββ README.md # Project documentation
# Database configuration
DATABASE_PATH=./taskflow.db
# Authentication
SECRET_KEY=your-secret-key-change-in-production
# Application settings
ENVIRONMENT=development
DEBUG=trueTaskFlow supports multiple deployment methods:
# Build and run with Docker
docker build -t taskflow .
docker run -p 8000:8000 taskflow
# Or use Docker Compose
docker-compose up --build# Deploy using kubectl
kubectl apply -k k8s/overlays/dev/
# Or use Helm
helm install taskflow helm/taskflow/ -f helm/taskflow/values-dev.yamlFor production deployment, see our comprehensive guides:
TaskFlow provides comprehensive API documentation:
- Swagger UI: http://localhost:8000/docs
- ReDoc: http://localhost:8000/redoc
POST /api/register # Create new user account
POST /api/login # Authenticate user and get JWT tokenGET /api/tasks # Get all tasks for authenticated user
POST /api/tasks # Create a new task
PUT /api/tasks/{id} # Update an existing task
DELETE /api/tasks/{id} # Delete a taskGET /api/health # Application health check
GET /docs # API documentationCreate a new task:
curl -X POST "http://localhost:8000/api/tasks" \
-H "Authorization: Bearer YOUR_JWT_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"title": "Complete project documentation",
"description": "Write comprehensive README and API docs",
"priority": "high"
}'Get all tasks:
curl -X GET "http://localhost:8000/api/tasks" \
-H "Authorization: Bearer YOUR_JWT_TOKEN"TaskFlow includes a comprehensive test suite with high coverage:
# Run all tests
pytest
# Run with coverage
pytest --cov=app --cov-report=html
# Run specific test categories
pytest -m "auth" # Authentication tests
pytest -m "database" # Database tests
pytest -m "integration" # Integration tests
# Run with detailed output
pytest -v --tb=short- Unit Tests: Test individual functions and classes
- Integration Tests: Test API endpoints and workflows
- Database Tests: Test data models and relationships
- Authentication Tests: Test security and JWT handling
- Mock Tests: Test external dependencies and error scenarios
Current test coverage: >95%
# Generate coverage report
pytest --cov=app --cov-report=html
open htmlcov/index.html # View detailed coverage reportTaskFlow implements multiple security layers:
- Authentication: JWT tokens with configurable expiration
- Password Security: bcrypt hashing with salt
- Input Validation: Pydantic models validate all input data
- SQL Injection Protection: SQLAlchemy ORM prevents SQL injection
- XSS Prevention: Template escaping and Content Security Policy
- CSRF Protection: Form tokens for state-changing operations
- Container Security: Non-root user execution, minimal attack surface
- Network Security: Kubernetes network policies (configurable)
- Secret Management: Kubernetes secrets for sensitive data
- Security Scanning: Automated vulnerability scanning in CI/CD
# Run security scans
task security
# Individual security tools
bandit -r app/ # Python security linting
safety check # Dependency vulnerability scanning
trivy image taskflow # Container vulnerability scanning- Change default SECRET_KEY in production
- Use HTTPS with proper TLS certificates
- Regular security updates for dependencies
- Environment isolation for sensitive configuration
- Regular security audits and penetration testing
TaskFlow demonstrates enterprise-grade DevOps practices:
- Automated Testing: Comprehensive test suite runs on every commit
- Code Quality: Linting, formatting, and static analysis
- Security Scanning: Multiple security tools integrated
- Container Building: Multi-stage Docker builds with caching
- Multi-Environment: Development, staging, and production deployments
- Infrastructure as Code: Ansible playbooks for automation
- Kubernetes Deployment: Helm charts with environment-specific values
- Monitoring Integration: Health checks and observability
- Code Quality β Linting, formatting, and static analysis
- Testing β Unit tests, integration tests, and coverage reporting
- Security β Vulnerability scanning and security analysis
- Building β Docker image building and pushing
- Deployment β Environment-specific deployment automation
- Health Checks: Application and infrastructure health monitoring
- Metrics Collection: Prometheus-compatible metrics
- Log Aggregation: Structured logging for debugging
- Performance Monitoring: Response time and resource usage tracking
Contributions are welcome! Here's how to get started:
- Fork the repository
- Create a feature branch:
git checkout -b feature/your-feature-name - Install development dependencies:
pip install -r requirements.txt - Make your changes and add tests
- Run the test suite:
pytest - Run linting:
task lint - Commit your changes:
git commit -m 'Add some feature' - Push to your branch:
git push origin feature/your-feature-name - Open a Pull Request
- Code Quality: Follow PEP 8 and use Black for formatting
- Testing: Add tests for all new functionality
- Documentation: Update documentation for new features
- Security: Follow security best practices
- Performance: Consider performance impact of changes
For questions or suggestions, feel free to:
- Open an issue on GitHub
- Connect on LinkedIn
- Email: sylvesterranjithfrancis@gmail.com
This project is licensed under the MIT License - see the LICENSE file for details.
- FastAPI for the excellent web framework
- HTMX for modern frontend development approach
- SQLAlchemy for robust database management
- Bootstrap for responsive design components
- Open Source Community for inspiration and tools
- Documentation: Project Wiki
- Issues: GitHub Issues
- Discussions: GitHub Discussions
Built by Sylvester Francis | LinkedIn | YouTube