Releases: benavlabs/FastAPI-boilerplate
Release list
v0.19.0
Release v0.19.0 - The crudauth Migration
Release Notes by the Fastro FastAPI boilerplate team
This release is mostly about replacing the authentication code with crudauth. About 6,000 lines of security-critical code you no longer have to maintain.
If you're on v0.18.0 and you don't reach into infrastructure/auth/ internals, this upgrade is close to transparent: /login, /logout, /oauth/google, /refresh-csrf, and /check-auth behave the same, get_current_user returns the same dict, and a cookie-based frontend needs no changes. If you imported from the old infrastructure.auth.session.* modules or relied on the JWT-era settings, see the breaking changes below.
Why hand auth off to a library
The forked auth was the boilerplate's single largest source of subtle, security-relevant surface: token handling, CSRF double-submit, escalating lockout, session storage across three backends. It worked, but every line of it was ours to keep correct, and none of it was the boilerplate's actual job.
crudauth does exactly this job: it's the auth library extracted from fastroai-template (the same lineage as the v0.18.0 restructure), it's been running real apps under load, and it's transport-agnostic: the same Principal resolves a request whether it authenticates by cookie session or, if you opt in, a JWT bearer token. The trade is a third-party dependency in exchange for deleting ~6,000 lines and inheriting a maintained, independently-tested auth core. For a boilerplate whose whole pitch is "use what you need, drop what you don't", auth is the one place where rolling your own is rarely the right call.
What's New in v0.19.0
Three changes, one of them the headline:
- Auth runs on crudauth. A single
auth = CRUDAuth(...)composition root ininfrastructure/auth/setup.pyreplaces the vendored session manager, the OAuth framework, and the password utilities. The route handlers drive crudauth's building blocks directly, so the URLs and response shapes are unchanged. - Annotated type-alias dependency injection (#261). Route signatures moved from inline
Depends(...)to centralizedAnnotated[..., Depends(...)]aliases, with per-moduledependencies.pyfiles holding the service aliases. - Env-configurable app metadata.
APP_NAME,APP_DESCRIPTION, andVERSIONare now read from the environment.
Plus the smaller wins that come with crudauth: login lockout now returns 429 + Retry-After instead of a generic failure, a TRUSTED_PROXY_HOPS setting for correct client-IP resolution behind a proxy, and a derived User.is_active (not is_deleted) so soft-deleted users can't authenticate.
Breaking Changes Summary
| Change | Impact | Migration Effort |
|---|---|---|
| Forked auth modules deleted | Imports from infrastructure.auth.session.* / auth.oauth.* break at import time |
Medium — repoint to infrastructure.auth.dependencies |
get_password_hash / verify_password moved |
Old import path fails | Low — import from crudauth |
| Memcached session backend removed | SESSION_BACKEND=memcached is invalid |
Low — use redis or memory |
| JWT-era settings removed | ALGORITHM, ACCESS_TOKEN_EXPIRE_MINUTES, REFRESH_TOKEN_EXPIRE_DAYS, SESSION_COOKIE_MAX_AGE, LOGIN_MAX_ATTEMPTS, LOGIN_WINDOW_MINUTES no longer exist |
Low — delete from env; add TRUSTED_PROXY_HOPS if behind a proxy |
| Login lockout response | Now 429 + Retry-After (was a generic 401) |
Low — handle 429 client-side |
| GitHub OAuth provider removed | Only Google is wired | Low — re-enable via crudauth's OAuthProviderFactory |
| Password hash format | crudauth uses bcrypt with a SHA-256 pre-hash; existing hashes won't validate | High for existing DBs — rehash on next login; none for fresh installs |
Detailed Changes
1. Auth on crudauth ⚠️ BREAKING
The boilerplate carried its own SessionManager, an OAuth provider framework, password utilities, and three session storage backends. All of it duplicated what crudauth already does. This release introduces a single composition root — auth = CRUDAuth(...) in infrastructure/auth/setup.py, constructed at import time and wired into the app lifespan via auth.initialize() / auth.shutdown() — and routes the app through it.
The six existing routes keep their paths and response shapes; their bodies now call crudauth's building blocks. infrastructure/auth/dependencies.py resolves each request to a crudauth Principal and layers the dict-compatible get_current_user / get_optional_user / get_current_superuser on top, re-loading the row so the byte-identical user dict the handlers and the API-key module expect is preserved. Because the boilerplate's User already has every column crudauth needs, no column_map is required.
The vendored engine was then deleted wholesale: infrastructure/auth/{session,oauth}/, auth/utils.py, and auth/constants.py — about 6,000 lines. auth/http_exceptions.py is kept (it only re-exports FastCRUD exceptions). Password hashing now imports from crudauth.
2. Annotated type-alias dependency injection (#261)
Route signatures moved from inline Depends(...) to centralized Annotated[..., Depends(...)] aliases in infrastructure/dependencies.py, with per-module dependencies.py files (user, tier, rate_limit, api_keys) holding the service aliases. Adding a new endpoint no longer means repeating the dependency boilerplate. Landed by co-maintainer @emiliano-go.
3. Env-configurable app metadata
APP_NAME, APP_DESCRIPTION, and VERSION are now read from the environment via config(...) instead of being hardcoded, so a fork can rename itself without editing settings.
4. Settings, lockout, and the memcached drop ⚠️ BREAKING
Login lockout is now crudauth's escalating per-IP / per-identifier throttle, surfaced as 429 + Retry-After, and its client-IP resolution is governed by a new TRUSTED_PROXY_HOPS setting (default 0; set 1 behind a single reverse proxy). The dead JWT config (ALGORITHM, ACCESS_TOKEN_EXPIRE_MINUTES, REFRESH_TOKEN_EXPIRE_DAYS) and the session knobs now owned by the transport (SESSION_COOKIE_MAX_AGE, LOGIN_MAX_ATTEMPTS, LOGIN_WINDOW_MINUTES) are removed; SECRET_KEY goes from dead config to actually used. crudauth supports redis and memory session backends only, so the memcached session backend is gone (the general cache and the non-auth rate limiter still support memcached).
Mobile / JWT
crudauth ships a bearer (JWT) transport that runs alongside sessions for mobile and API clients — both transports resolve to the same Principal, so your route protection doesn't change. It's off by default; see the authentication guide and crudauth's bearer-token guide for the opt-in.
Thanks
The Annotated type-alias DI refactor (#261) landed from co-maintainer @emiliano-go.
If you want to talk to us
Join us on Discord, open an issue, or ping @igorbenav, @LucasQR, @carlosplanchon, or @emiliano-gandini-outeda on the repo. Auth is now a thin wiring layer over crudauth — if there's an auth capability you want (a different transport, an account-recovery flow, a hook), it's likely a crudauth feature you can turn on rather than a fork of the boilerplate.
Full Changelog: v0.18.0...v0.19.0
v0.18.0
Release v0.18.0 - The Pluggable Restructure
Release Notes by FastAPI-boilerplate team
This is the release we promised in v0.17.0; the one that tears the layout apart and rebuilds it as a real plugin system. If you've been pinned to v0.17.0 waiting for it, this is your moment.
A heads-up before we go further: the diff is enormous; v0.17.0 → v0.18.0 is not the kind of upgrade you run git pull for. The Python package moved, auth changed completely, workers changed, the admin panel changed, there's a new CLI in a new workspace member. We didn't do this lightly, and the rationale is the rest of this document.
Why this release is so different
We didn't iterate on the v0.17.0 codebase to get here. We rebased the project on the fastroai-template structure.
fastroai-template is the production-tested template we use internally (and sell) for AI SaaS products. It's been running real apps for months and the structural choices (three-layer architecture, vertical-slice modules, server-side sessions, SQLAdmin, Taskiq, swappable infrastructure) have proven themselves under load. Reinventing all of that for FastAPI-boilerplate would have meant another six months of polish; rebasing meant we could ship the good parts on day one.
The trade-off is that fastroai-template carries a lot of stuff this boilerplate's audience doesn't necessarily need: a Stripe integration, subscription/credits/entitlements modeling, AI agent orchestration, usage tracking with cost calculation, OAuth-specific provisioning for SaaS, an Astro frontend. Excellent for an AI SaaS starter, wrong for a general FastAPI boilerplate.
So this release is fastroai-template minus the SaaS/AI parts, plus a plugin system that fastroai-template doesn't have. What's left is the structural skeleton; the parts that any FastAPI app needs and that we've watched hold up in real use:
- The three-layer split (
interfaces/,infrastructure/,modules/) - Vertical-slice modules (
user/,tier/,api_keys/,rate_limit/) - Server-side sessions + CSRF, OAuth (Google wired, GitHub scaffolded)
- SQLAdmin, Taskiq, swappable cache/session/rate-limit backends
- The production security validator that refuses to boot with insecure defaults
The new part, the one fastroai-template doesn't have, is bp — a plugin-aware CLI. fastroai-template ships everything in-tree because that's appropriate for an AI SaaS starter. FastAPI-boilerplate's whole pitch is "use what you need, drop what you don't", and that pitch only works if dropping things and adding things are first-class operations. The bp.commands and bp.features entry points are how external Python packages contribute new commands and feature generators without touching the core. Build a Stripe plugin, a Prometheus plugin, a CRUD-generator plugin, they all ship as separate packages.
If you can stay on v0.17.0, consider it
For brand-new projects, v0.18.0 is the better starting point. For existing apps with significant custom code on v0.17.0, the honest answer is: the migration path is "copy your business logic into the new structure", not a sed-style find-and-replace. If your fork has diverged from v0.17.0 in non-trivial ways, pinning to v0.17.0 may be the right call.
We'll keep v0.17.0 around as a tag forever. You can hold there as long as you need.
New co-maintainers
Two contributors are now officially helping us maintain and improve the boilerplate going forward: @carlosplanchon and @emiliano-gandini-outeda. Both have been contributing for months — this release is the right moment to make it official.
@carlosplanchon drove a lot of the polish that made this restructure possible. Six merged PRs and four issues that shaped direction:
- #247 — Python 3.14 dependency compatibility pass
- #218 — README cleanup; installation scripts moved out of Gists into the repo
- #215 — FastCRUD 0.19.0 pagination structure adoption
- #214 — Docs note on falsy values from FastCRUD
- #205 — SQLAlchemy 2.0 syntax in
docs/user-guide/development.md - #192 — DeepWiki link in the README
- #221 — Proposal: Extension Mechanism (informed the shape of the
bp.commands/bp.featuresdesign that landed in this release) - #216 — Flagged that the README was too long; led to the slim version that shipped here
- #195 — Documentation Improvements (long-running tracking issue)
- #193 — Proposed the community Discord
@emiliano-gandini-outeda has been pushing on documentation quality:
If you've been wondering why the docs felt sharper in this release, that's part of where it came from.
What this means in practice: both can triage issues, request changes on PRs, and merge to main. If you've been opening issues hoping for a response, that response will get faster.
If you want to talk to us
Join us on Discord, open an issue, or ping @igorbenav, @LucasQR, @carlosplanchon, or @emiliano-gandini-outeda on the repo. The plugin system is intentionally minimal in v0.18.0 — bp.commands and bp.features cover most needs, but if you're hitting a wall (e.g., you want app-factory hooks, settings-mixin extensions, lifespan plugins), that's exactly the kind of feedback that lands in v0.19 instead of waiting for v1.0.
What's New in v0.18.0
This release contains eight breaking changes (called out individually below) and one major addition (the CLI). The themes:
- Three-layer architecture with vertical-slice modules
- uv workspace split —
backend/(deployable) +cli/(developer tool) bpCLI with plugin extension points —bp.commandsandbp.features- Server-side sessions + CSRF replaces JWT access/refresh tokens
- OAuth wired (Google end-to-end, GitHub scaffolded)
- API keys with scrypt + per-row salt + prefix-based lookup
- SQLAdmin replaces CRUDAdmin
- Taskiq replaces ARQ
- Swappable backends behind ABCs — Redis/Memcached/Memory for cache, sessions, rate limit
- Production security validator — startup gate that refuses insecure prod configs
- Full documentation rewrite + Zensical replaces MkDocs
- Lint enforcement —
PLC0415no-deferred-imports across the codebase
Breaking Changes Summary
| Change | Impact | Migration Effort |
|---|---|---|
src/app/ layout removed |
Imports break at import time | High — manual restructure |
| JWT auth removed (sessions only) | Authorization: Bearer clients rejected |
High — client-side cookie auth |
| CRUDAdmin → SQLAdmin | Custom admin views need porting | Medium |
| ARQ → Taskiq | Workers need re-registration | Medium |
| API key hash format | Existing keys won't validate | High — users must regenerate |
| Settings classes moved/composed | Env var names mostly stable; a few moved | Low |
cd backend && uv sync --extra dev |
Silently produces a broken venv | Low but easy to miss — use uv sync --all-packages --all-extras from repo root |
| Deployment scaffolder | ./setup.py local no longer exists |
Low — use bp deploy generate |
| Docs generator: MkDocs → Zensical | Local preview command + deploy workflow change | Low |
Detailed Changes
1. Three-Layer Architecture with Vertical-Slice Modules ⚠️ BREAKING
The old src/app/{admin,api,core,crud,middleware,models,schemas}/ layout was a horizontal slice per concern — every feature spread across seven directories. Adding a feature meant editing seven files; removing one (try removing posts from v0.17.0) meant playing whack-a-mole with imports.
The new layout splits by layer, then by vertical slice inside the domain layer:
backend/src/
├── interfaces/ # HTTP entry points: FastAPI app, routes, admin sub-app
├── infrastructure/ # Cross-cutting: cache, sessions, rate limit, taskiq, security, logging, db, config
└── modules/ # One directory per domain — owns its own models/schemas/crud/service/routes
├── user/
├── tier/
├── api_keys/
├── rate_limit/
└── common/
Each module owns its full vertical: models.py, schemas.py, crud.py, service.py, routes.py, enums.py. Removing a feature is rm -rf modules/foo, register your import-time guard in the v1 includes list, and you're done.
Import Migration
| Before (v0.17.0) | After (v0.18.0) |
|---|---|
from src.app.models.user import User |
from modules.user.models import User |
from src.app.schemas.user import UserCreate |
from modules.user.schemas import UserCreate |
from src.app.crud.crud_users import crud_users |
from modules.user.crud import crud_users |
from src.app.api.v1.users import router |
from modules.user.routes import router |
from src.app.core.config import settings |
from infrastructure.config.settings import get_settings |
from src.app.core.db.database import get_db |
from infrastructure.database.session import async_session |
from src.app.core.security import verify_password |
from infrastructure.auth.utils import verify_password |
No automated rewrite exists. If you have a fork with custom modules, you'll need to relocate them into backend/src/modules/<your_module>/ with the standard layout.
2. uv Workspace Split — backend/ and cli/ ⚠️ BREAKING
The repo root is now a uv workspace with two members:
fastapi-boilerplate/
├── pyproject.toml # Workspace root, not a shipped artifact
├── uv.lock # Single lockfile, shared
├── backend/
│ ├── pyproject.toml # name = "fastapi-boilerplate"
│ ├── Dockerfile # Multi-stage: dev / migrate / prod
│ └── src/
└── cli/
├── pyproject.toml # name = "fastapi-boilerplate-cli", [scripts] ...
0.17.0
Release v0.17.0 - Final Polish Before the Rebuild
Release Notes by FastAPI-boilerplate team
This is the final release of FastAPI-boilerplate in its current shape. After this, we're tearing the layout apart and rebuilding it as a real plugin system, then shipping 1.0 at the end. If you want to stay on the old shape, pin to v0.17.0 — once the restructure starts, main will be unstable for a while.
The changes in this release are mostly polishing. A lot of credit to @rragundez for cleaning up the settings layer — CORS got proper middleware, the .env file was being loaded twice through different code paths and now it isn't, hosts validation is in place, and the SQLite/MySQL settings classes that nobody actually used are gone (we're committing to Postgres as the default going forward). @sri-dhurkesh integrated structlog, so logging is actually structured now instead of f-string soup. @carlosplanchon updated dependencies for Python 3.14 and moved the installation scripts to a proper folder. We bumped FastCRUD to 0.19.2.
Nothing here should break apps you've built on the boilerplate. The breakage comes next.
Why we're restructuring
If you've cloned this template and tried to remove a feature you didn't want — say, posts — you've probably noticed it lives in five or six folders (models/, schemas/, crud/, api/v1/, plus the aggregator __init__.py). Easy to miss a file. People end up with dead code they didn't want, or they delete by hand and break imports somewhere downstream. That's the actual problem we're fixing.
The other thing that bothers us: cache is hard-coded to Redis, queue is hard-coded to ARQ, auth is hard-coded to JWT. If you want Memcached, Taskiq, or session-cookie auth, you have to fork the boilerplate and edit core. That's where most real users diverge from the template, and it's exactly the divergence that makes it stop receiving upstream updates cleanly. We want to fix that too.
users, tiers, auth, and health stay core in 1.0 — making everything a plugin would be a different project (and would mean 1.0 never ships). Save it for 2.0 if it ever matters.
Versioning during the restructure
Sticking with ZeroVer until 1.0. Each milestone is a tagged release you can pin to.
Each tag is independently shippable — if life intervenes, every milestone is a usable end state, not a half-finished refactor. Migration guides will land with each release that has breaking changes.
While we're in 0.x, once 0.x+1.y is released, support for 0.x.y is dropped. Eventually we'll get to SemVer at 1.0.
If you want to talk to us
Join us on Discord, open an issue, or ping @igorbenav on the repo. The restructure is a real chance to influence the shape of the boilerplate going forward — if there's something you want from a plugin system (a specific capability slot, a manifest field, a CLI command), now's the moment to say so. Easier to land it in 0.18 than to retrofit it post-1.0.
What's Changed
- New README.md & installation scripts now live in the scripts folder. by @carlosplanchon in #218
- fastcrud 0.19.2 by @igorbenav in #220
- Add CORS middleware and update documentation by @rragundez in #211
- Fix duplicated loading of environment variables when collecting settings by @rragundez in #222
- Reload app settings on .env file change for local deployment by @rragundez in #223
- Move source location of the .env file to the root at the project by @rragundez in #225
- Remove unused sqlite and mysql settings by @rragundez in #226
- Add hosts settings and some validation logic by @rragundez in #228
- Oauth Docs by @LucasQR in #242
- Revert "Oauth Docs" by @LucasQR in #243
- Integrate Structlog for Structured and Configurable Logging by @sri-dhurkesh in #240
- chore(deps) Updating necessary dependencies for FastAPI-Boilerplate to work on Python 3.14. by @carlosplanchon in #247
New Contributors
- @sri-dhurkesh made their first contribution in #240
Full Changelog: v0.16.0...v0.17.0
0.16.0
🚀 FastAPI Boilerplate v0.16.0
We're excited to announce v0.16.0 with major improvements to type safety and developer experience through the latest FastCRUD integration! 🎉
🌟 Key Highlights
- Enhanced Type Safety: Upgraded to FastCRUD 0.19.1 with improved overloads for better type inference
- Cleaner Codebase: Removed unnecessary manual type casting across the entire codebase
- Better Developer Experience: Eliminated union types when using schema-based column selection
- Health Check Endpoints: New endpoints for monitoring application health
- Improved Documentation: Updated guides to reflect FastCRUD 0.19.0+ changes
🔧 What's Changed
- 🔗 Fix: Fixed the discord link by @LucasQR in #203
- 📚 Documentation: Updated docs to use SQLAlchemy 2.0 syntax by @carlosplanchon in #205
- 🛠️ Fix: Update pre-commit hooks version to solve InvalidManifestError by @rragundez in #207
- ⚙️ Enhancement: Update python specifier by @rragundez in #209
- 🏥 New Feature: Add health check endpoints by @rragundez in #210
- 📝 Documentation: Added note about falsy values from FastCRUD by @carlosplanchon in #214
- 📦 Enhancement: Add pre-commit dependency in DEV group by @rragundez in #208
- 🔄 Refactor: Adapt imports to FastCRUD 0.19.0 pagination structure by @carlosplanchon in #215
- ⚡ Major Update: Upgrade to FastCRUD 0.19.1 with better typing by @igorbenav in #217
⚡ FastCRUD 0.19.1 Type Safety Improvements
This release brings significant type safety enhancements through FastCRUD 0.19.1:
Before v0.16.0:
# Required manual casting due to union types
user = await crud_users.get(db=db, username="john", schema_to_select=UserRead)
user = cast(dict[str, Any], user) # Manual cast needed! 😞
if user["tier_id"] is None:
# ...After v0.16.0:
# Direct type-safe access - no casting needed!
user = await crud_users.get(db=db, username="john", schema_to_select=UserRead)
if user["tier_id"] is None: # Directly type-safe! 😍
# ...What This Means:
- No More Manual Casting: Eliminated all
cast(dict[str, Any], result)calls - Better IDE Support: Improved autocomplete and error detection
- Cleaner Code: Removed 25+ unnecessary cast statements across the codebase
- Type Safety: mypy now properly infers
Optional[dict[str, Any]]for schema-based column selection
🏥 Health Check Endpoints
New health monitoring capabilities:
GET /health # Basic health check
GET /health/detailed # Detailed system health with database statusPerfect for:
- Load balancer health checks
- Monitoring system integration
- Container orchestration readiness probes
🎉 New Contributors
We're grateful to welcome these new contributors to the project:
- @LucasQR made their first contribution in #203
- @rragundez made their first contribution in #207
🔗 Links
- Documentation: benavlabs.github.io/FastAPI-boilerplate
- Discord Community: Join our Discord server
- Full Changelog: v0.15.0...v0.16.0
🚀 Migration Guide
For Existing Projects:
-
Update Dependencies:
# Update pyproject.toml fastcrud>=0.19.1 # Sync dependencies uv sync
-
Remove Manual Casts (if you added any):
# Remove these patterns: user = cast(dict[str, Any], user) tier = cast(dict[str, Any], tier) # FastCRUD 0.19.1 overloads handle this automatically!
-
Update Import Structure:
# New import structure for pagination from fastcrud import PaginatedListResponse, compute_offset, paginated_response
-
Run Tests:
uv run pytest uv run mypy src/ --config-file pyproject.toml
Benefits You'll Get:
- ✅ Better Type Safety: No more union types for common patterns
- ✅ Cleaner Code: Removed casting boilerplate
- ✅ Enhanced DX: Better IDE support and error detection
- ✅ Future-Proof: Ready for FastCRUD's continued improvements
What's Changed
- Fixed the discord link by @LucasQR in #203
- Updating docs/user-guide/development.md to use SQLAlchemy 2.0 syntax. by @carlosplanchon in #205
- Update pre-commit hooks version to solve InvalidManifestError by @rragundez in #207
- Update python specifier by @rragundez in #209
- Add health check endpoints by @rragundez in #210
- Adding note on exceptions.md about falsy values possibly coming from FastCRUD in the future. by @carlosplanchon in #214
- Add pre-commit dependency in DEV group by @rragundez in #208
- refactor: adapt imports to FastCRUD 0.19.0 pagination structure. by @carlosplanchon in #215
- update to fastcrud 0.19.1, better typing by @igorbenav in #217
New Contributors
- @LucasQR made their first contribution in #203
- @rragundez made their first contribution in #207
Full Changelog: v0.15.0...v0.16.0
0.15.0
🚀 FastAPI Boilerplate v0.15.0
We're excited to announce the launch of our Discord community! 🎉 Join fellow developers, get help, share projects, and stay updated with the latest FastAPI boilerplate developments.
🌟 Key Highlights
- Discord Community: Join our new Discord server for real-time discussions and community support
- UUID v7 Migration: Switched from UUID v4 to v7 for better performance and ordering
- Enhanced Documentation: Improved documentation structure and added new resources
🔧 What's Changed
- 🐛 Bugfix: Ensure user lookup returns model instance in write_post endpoint by @blackyau in #185
- 🔧 Fix: User create admin functionality by @igorbenav in #188
- ⚡ Performance: Switch from UUID v4 to v7 by @Saiyashwanth7 in #186
- 📚 Documentation: Add DeepWiki docs URL to README.md by @carlosplanchon in #192
- 🧹 Cleanup: Remove unused Redis SSL setting from admin init by @defp in #196
- 📖 Documentation: Issue documentation improvements by @emiliano-gandini-outeda in #199
- 🎮 Community: Add Discord community by @igorbenav in #200
🎉 New Contributors
We're grateful to welcome these new contributors to the project:
- @blackyau made their first contribution in #185
- @Saiyashwanth7 made their first contribution in #186
- @carlosplanchon made their first contribution in #192
- @defp made their first contribution in #196
- @emiliano-gandini-outeda made their first contribution in #199
🔗 Links
- Discord Community: Join our Discord server
- Full Changelog: v0.14.0...v0.15.0
What's Changed
- bugfix: ensure user lookup returns model instance in write_post endpoint by @blackyau in #185
- Fix user create admin by @igorbenav in #188
- Add fastroai banner by @igorbenav in #189
- add analytics to mkdocs by @igorbenav in #191
- Switch from UUID v4 to v7 by @Saiyashwanth7 in #186
- Adding DeepWiki docs URL to README.md. by @carlosplanchon in #192
- Remove unused Redis SSL setting from admin init by @defp in #196
- Issue documentation improvements by @emiliano-gandini-outeda in #199
- add discord community by @igorbenav in #200
New Contributors
- @blackyau made their first contribution in #185
- @Saiyashwanth7 made their first contribution in #186
- @carlosplanchon made their first contribution in #192
- @defp made their first contribution in #196
- @emiliano-gandini-outeda made their first contribution in #199
Full Changelog: v0.14.0...v0.15.0
0.14.0
Benav Labs FastAPI boilerplate
Yet another template to speed your FastAPI development up, now with proper docs and an admin panel.
What's Changed
- warning plus import for db migrations by @igorbenav in #140
- Update ARQ Job Queues documentation and add database session by @leonardovida in #141
- Fixes default expire time in creating access token by @KennethTV in #143
- Fixes by @igorbenav in #144
- enhance test setup by @arab0v in #148
- Update Dockerfile to install additional Poetry plugin by @sujithkupen in #154
- rate limiter changed from module to class by @igorbenav in #158
- blacklist both tokens for logout by @igorbenav in #159
- fastcrud bump, dependencies fixed by @igorbenav in #160
- remove comments by @igorbenav in #161
- bug fix by @igorbenav in #163
- bugfix: syntax error by @LongDinhh in #164
- Replace hardcoded localhost with POSTGRES_SERVER env var. by @epinapala in #166
- Dynamically importing app models by @geekashu in #167
- Tied the version of Python to 3.11 to fix Greenlet compatibility by @Harry-Tom in #174
- Updated the SECRET_KEY config item to use the SecretStr class by @Harry-Tom in #173
- added unused create_tables function to lifespan_factory by @oliwertrzeciak in #172
- Update env.py by @naaive in #171
- add banner by @igorbenav in #175
- Migrate to UV, Workflows, Bump Gunicorn by @igorbenav in #176
- initial documentation by @igorbenav in #177
- Add warning to docs, fix url by @igorbenav in #178
- add CRUDAdmin for admin panel by @igorbenav in #180
New Contributors
- @leonardovida made their first contribution in #141
- @KennethTV made their first contribution in #143
- @arab0v made their first contribution in #148
- @sujithkupen made their first contribution in #154
- @LongDinhh made their first contribution in #164
- @epinapala made their first contribution in #166
- @geekashu made their first contribution in #167
- @Harry-Tom made their first contribution in #174
- @oliwertrzeciak made their first contribution in #172
- @naaive made their first contribution in #171
Full Changelog: v0.13.0...v0.14.0
📖 Documentation
📚 Visit our comprehensive documentation at benavlabs.github.io/FastAPI-boilerplate
⚠️ Documentation StatusThis is our first version of the documentation. While functional, we acknowledge it's rough around the edges - there's a huge amount to document and we needed to start somewhere! We built this foundation (with a lot of AI assistance) so we can improve upon it.
Better documentation, examples, and guides are actively being developed. Contributions and feedback are greatly appreciated!
This README provides a quick reference for LLMs and developers, but the full documentation contains detailed guides, examples, and best practices.
0. About
FastAPI boilerplate creates an extendable async API using FastAPI, Pydantic V2, SQLAlchemy 2.0 and PostgreSQL:
FastAPI: modern Python web framework for building APIsPydantic V2: the most widely used data Python validation library, rewritten in Rust(5x-50x faster)SQLAlchemy 2.0: Python SQL toolkit and Object Relational MapperPostgreSQL: The World's Most Advanced Open Source Relational DatabaseRedis: Open source, in-memory data store used by millions as a cache, message broker and more.ARQJob queues and RPC in python with asyncio and redis.Docker ComposeWith a single command, create and start all the services from your configuration.NGINXHigh-performance low resource consumption web server used for Reverse Proxy and Load Balancing.
Tip
There's a SQLModel version as well, but it's no longer updated: SQLModel-boilerplate.
1. Features
- ⚡️ Fully async
- 🚀 Pydantic V2 and SQLAlchemy 2.0
- 🔐 User authentication with JWT
- 🍪 Cookie based refresh token
- 🏬 Easy redis caching
- 👜 Easy client-side caching
- 🚦 ARQ integration for task queue
- ⚙️ Efficient and robust queries with fastcrud
- ⎘ Out of the box offset and cursor pagination support with fastcrud
- 🛑 Rate Limiter dependency
- 👮 FastAPI docs behind authentication and hidden based on the environment
- 🔧 Modern and light admin interface powered by CRUDAdmin
- 🚚 Easy running with docker compose
- ⚖️ NGINX Reverse Proxy and Load Balancing
2. Contents
0.13.0
0.13.0 Summary
🚀Features
- SQLModel version of boilerplate added 🎉
- fastcrud paginated added
🔎Bug fixes
- minor mypy and ruff fixes
- gunicorn bumped, security issue fixed
- fastcrud bumped to 0.12.0 with bug fixes
What's Changed
- README.md broken link fix by @igorbenav in #122
- Fastcrud paginated by @igorbenav in #123
- minor mypy and ruff fixes, fastcrud bumped to 0.10.0 by @igorbenav in #128
- bump fastcrud to 0.11.0 by @igorbenav in #129
- Update README.md by @igorbenav in #131
- Update README.md by @igorbenav in #133
- gunicorn bumped by @igorbenav in #134
- fastcrud bumped to 0.12.0 with bug fixes by @igorbenav in #135
- Update README.md by @igorbenav in #136
- SQLModel version link added by @igorbenav in #137
Full Changelog: v0.12.4...v0.13.0
0.12.4
0.12.4 Summary
🚀Features
- improved scripts logging
🔎Bug fixes
- remove
db.commit()from async_get_db - thanks @mithun2003 - using fastcrud, result from get is no longer a db_row object, so no longer passing it in delete
What's Changed
- logging added to scripts, get_db fix, endpoints fixed for fastcrud usage by @igorbenav in #121
Full Changelog: v0.12.3...v0.12.4
0.12.3
0.12.3
🔎Bug fixes
- docs not generated bug fix #118 by @luca-medeiros
- spelling fix #115 by @rememberlenny
What's Changed
- Fix default.conf spelling by @rememberlenny in #115
- bug: fix missing router when creating application by @luca-medeiros in #118
New Contributors
- @rememberlenny made their first contribution in #115
Full Changelog: v0.12.2...v0.12.3
0.12.2
0.12.2
⚡️Enhancements
- now using recommended lifespan events instead of startup and shutdown events
- libs bumped
🔎Bug fixes
- wrong .env reference in docker-compose fixed
What's Changed
- Lifespan Events, Libs bumped, .env fix by @igorbenav in #114
- fastcrud bumped to 0.6.0 by @igorbenav in #116
Full Changelog: v0.11.1...v0.12.2