Dev

[ayahaustine]

Summary by CodeRabbit

• New Features

  • Added admin panel with user and session management capabilities.
  • Introduced superuser creation and management tooling.

• Bug Fixes

  • Standardized API endpoints to use /api/v1 path prefix.

• Documentation

  • Added comprehensive admin panel usage guide.

• Chores

  • Added backend CI/CD pipeline with test coverage reporting.
  • Updated configuration and environment setup files.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 27fcdea8-97c1-44c4-a73a-db420d141264

📥 Commits

Reviewing files that changed from the base of the PR and between ffce34b and fadac03.

⛔ Files ignored due to path filters (2)

• backend/modkit.db is excluded by !**/*.db
• backend/uv.lock is excluded by !**/*.lock

📒 Files selected for processing (26)

• .env.example
• .github/copilot-instructions.md
• .github/workflows/backend-ci.yml
• .gitignore
• .graphifyignore
• Makefile
• README.md
• backend/.coverage
• backend/ADMIN.md
• backend/README.md
• backend/admin/__init__.py
• backend/admin/auth.py
• backend/admin/views.py
• backend/core/config.py
• backend/db/models.py
• backend/main.py
• backend/modules/auth/schemas.py
• backend/pyproject.toml
• backend/scripts/create_superuser.py
• backend/tests/__init__.py
• backend/tests/conftest.py
• backend/tests/test_auth.py
• backend/tests/test_health.py
• backend/tests/test_security.py
• frontend/README.md
• infra/nginx/nginx.conf

---

📝 Walkthrough

Walkthrough

This PR introduces a comprehensive admin panel backed by Starlette-Admin, upgrades the API to v1 versioning, establishes a backend test suite with CI integration, and adds supporting build and development configuration.

Changes

Admin Panel Infrastructure

Layer / File(s)	Summary
Authentication & Authorization backend/admin/auth.py	AdminAuthProvider validates credentials against the users table, enforcing is_superuser=True and is_active=True, then stores admin identity in Starlette sessions.
Admin Views & Configuration backend/admin/views.py	UserAdmin and SessionAdmin ModelView classes define field sets, search/sort options, and access controls (e.g., blocking session creation/edit).
Admin Factory & Setup backend/admin/__init__.py	create_admin() constructs the Admin instance with auth, middleware, and pre-registered user/session views.
Superuser Creation Tool backend/scripts/create_superuser.py	Standalone CLI script prompts for email/password, bcrypt-hashes credentials, and creates or promotes users to is_superuser=True.
Admin Integration & Routing backend/main.py, infra/nginx/nginx.conf	FastAPI mounts admin via create_admin().mount_to(app); Nginx adds /admin redirect and /admin/ reverse-proxy route.
Documentation & Build backend/ADMIN.md, Makefile, backend/pyproject.toml	Admin guide covers creating superusers, adding models, and customizing permissions. Makefile exposes create-superuser target. Dependencies add starlette-admin and itsdangerous.

API v1 Versioning with Backend Testing

Layer / File(s)	Summary
API Versioning backend/main.py, .env.example	API_PREFIX = "/api/v1" applied to FastAPI docs, OpenAPI schema, auth/user routes, and health endpoint. Frontend .env.example updated to NEXT_PUBLIC_API_URL = http://localhost/api/v1.
Test Infrastructure & Fixtures backend/tests/conftest.py, backend/pyproject.toml	Session-scoped create_tables fixture creates/drops schema. Function-scoped db_session yields transactional AsyncSession. Function-scoped client provides httpx.AsyncClient with overridden get_db dependency. Pytest and coverage tool config added.
Auth & Health Integration Tests backend/tests/test_auth.py, backend/tests/test_health.py	Auth tests cover registration, login (with cookie validation), refresh token flow, and logout. Health tests verify /api/v1/health response and version matching.
Security Unit Tests backend/tests/test_security.py	Password hashing uniqueness and verification; JWT token claims and decoding error handling.

Build Infrastructure & Development Configuration

Layer / File(s)	Summary
Dependency Management backend/pyproject.toml	Added starlette-admin>=0.14.0, itsdangerous>=2.0.0, dev group includes pytest-cov>=5.0.0 and httpx>=0.27.0. Wheel build includes admin and scripts packages.
CI Workflow .github/workflows/backend-ci.yml	GitHub Actions workflow runs on push/pull_request to main/dev (backend path-filtered). Installs Python 3.12, runs ruff linting and pytest with coverage, uploads coverage.xml, and validates thresholds via orgoro/coverage@v3.2.
Development & Ignore Configuration .gitignore, .graphifyignore, backend/core/config.py, .github/copilot-instructions.md	Gitignore ignores CLAUDE.md and graphify-out/. New .graphifyignore excludes node_modules, dist/, generated files, and .venv directories. Settings.model_config adds ignore_extra=True. Copilot instructions reference graph reports for architecture questions.
Documentation & Cleanup README.md, backend/README.md, frontend/README.md, backend/db/models.py	Minor whitespace/formatting updates and boilerplate removal. Frontend README replaced with minimal header; backend README gains "User Guide" section; models comment typo fixed.

Sequence Diagram

sequenceDiagram
    actor User as Admin User
    participant Browser
    participant Nginx
    participant FastAPI
    participant AdminAuth as AdminAuthProvider
    participant DB as Database
    participant SessionStore as Session Storage

    User->>Browser: Navigate to /admin
    Browser->>Nginx: GET /admin
    Nginx->>Nginx: Redirect to /admin/
    Nginx->>FastAPI: Proxy /admin/
    FastAPI->>AdminAuth: Check is_authenticated
    AdminAuth->>SessionStore: Query _SESSION_KEY_ID
    alt No Active Session
        SessionStore-->>AdminAuth: null
        AdminAuth-->>FastAPI: false
        FastAPI-->>Nginx: Redirect to login
        Nginx-->>Browser: Login form
        User->>Browser: Enter email & password
        Browser->>Nginx: POST /admin/login
        Nginx->>FastAPI: Route to AdminAuthProvider.login
        FastAPI->>AdminAuth: login(email, password)
        AdminAuth->>DB: SELECT * FROM users WHERE email=?
        DB-->>AdminAuth: User record
        AdminAuth->>AdminAuth: Verify is_superuser=True, is_active=True
        AdminAuth->>AdminAuth: bcrypt.checkpw(password, hashed_password)
        alt Credentials Valid
            AdminAuth->>SessionStore: Set _SESSION_KEY_ID & _SESSION_KEY_NAME
            SessionStore-->>AdminAuth: ✓
            AdminAuth-->>FastAPI: Response with session cookie
            FastAPI-->>Browser: 200 + Set-Cookie
        end
    else Active Session Exists
        SessionStore-->>AdminAuth: admin_user_id
        AdminAuth-->>FastAPI: true
        FastAPI-->>Browser: Admin UI
    end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• ayahaustine/modkit#8: Overlaps on API v1 health endpoint routing and backend/main.py changes.

Poem

🐇 A bunny hops through /admin gates,
With Starlette guarding pristine states,
Tests in place and versions neat,
The v1 suite is now complete! 🎉

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dev

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}