Docs

16. First Feature to Build

Start with Feature Block 1: Auth & project setup.

16.1 Goals

  • Next.js app (App Router) with light blue/white theme and “SlotBook” branding.
  • FastAPI app with PostgreSQL and Alembic.
  • User registration (email + password + role: customer | provider).
  • Login returning JWT access token.
  • Protected route example (e.g. “Dashboard” or “Profile”).
  • Logout (client-side token clear; optional backend blacklist later).

16.2 Backend Tasks

  1. Project: Create FastAPI app; add CORS, env config (e.g. SECRET_KEY, DATABASE_URL).
  2. DB: Initial Alembic migration: users table (id, email, password_hash, role, created_at, updated_at).
  3. Auth:
    • passlib[bcrypt] + python-jose[cryptography] (or PyJWT).
    • POST /auth/register: validate email/password, hash password, insert user, return success.
    • POST /auth/login: verify password, create JWT (e.g. 60 min), return { "access_token", "token_type": "bearer" }.
    • Dependency get_current_user: parse Bearer token, verify JWT, load user from DB; raise 401 if invalid.
    • GET /users/me: protected; return current user (no password).
  4. Optional: POST /auth/refresh and refresh token table; POST /auth/forgot-password stub for later.

16.3 Frontend Tasks

  1. Next.js: Create app with App Router; set up light blue/white palette and basic layout (header/footer).
  2. Auth state: Store access token (e.g. in memory + localStorage or cookie); send in Authorization header for API calls.
  3. Pages:
    • Login and Register (with role dropdown); call FastAPI; on success save token and redirect.
    • Dashboard (or Home) after login: call GET /users/me; show “Logged in as …” and role.
    • Logout: clear token and redirect to login/home.
  4. Protected route: Redirect to login if no valid token when accessing dashboard.

16.4 Definition of Done (First Feature)

  • User can register with email, password, and role (customer/provider).
  • User can log in and receive a JWT.
  • User can open a protected page and see their info; unauthenticated users are redirected to login.
  • User can log out and is redirected; subsequent API calls without token return 401.
  • UI uses light blue and white as specified; app is named SlotBook (or placeholder).

Once this is done, move to Feature Block 2: Provider profile & image (business profile, services, profile image upload with Supabase Storage or Cloudinary).

Document History

VersionDateAuthorChanges
1.01 March 2025Initial specification for partner review.

End of Product & Technical Specification