A secure, scalable, and maintainable online store application designed for kids, built with FastAPI and modern web development best practices.
- Interactive Store Interface: Kid-friendly design with colorful UI
- Smart Shopping Cart: Session-based cart management with persistence
- Secure Checkout: Complete order processing with validation
- Menu Management: Categorized food items (healthy vs. fun foods)
- Responsive Design: Mobile-first responsive interface
- Input Sanitization: XSS protection using nh3
- Session Management: Secure session handling with middleware
- CORS Protection: Configurable CORS settings
- Error Handling: Comprehensive error handling and logging
- Data Validation: Pydantic models for all data structures
- Type Safety: Full type hints and validation
- Clean Architecture: Separation of concerns with services, models, and routers
- Dependency Injection: FastAPI dependency system for clean code
- Configuration Management: Environment-based configuration
- Testing Suite: Comprehensive test coverage
- Docker Support: Containerized deployment ready
- Python 3.11+
- pip
- Virtual environment (recommended)
# Clone and enter directory
git clone <repository-url>
cd web_store_improved
# Set up development environment
make dev
# Run the application
make run# Create virtual environment
python3 -m venv venv
source venv/bin/activate # On Windows: venv\\Scripts\\activate
# Install dependencies
pip install -r requirements.txt
# Run the application
uvicorn app.main:app --reload# Build and run with Docker Compose
docker-compose up -d
# Or build manually
docker build -t kids-web-store .
docker run -p 8000:8000 kids-web-store# Make script executable (Unix/Linux/Mac)
chmod +x start.sh
# Run startup script
./start.shweb_store_improved/
βββ app/ # Main application package
β βββ __init__.py
β βββ main.py # FastAPI app instance and configuration
β βββ config.py # Application configuration
β βββ dependencies.py # Dependency injection functions
β βββ models/ # Pydantic models
β β βββ __init__.py
β β βββ items.py # Food items and cart models
β βββ routers/ # API route handlers
β β βββ __init__.py
β β βββ store.py # Store-related endpoints
β β βββ checkout.py # Checkout and cart management
β βββ services/ # Business logic layer
β βββ __init__.py
β βββ store_service.py # Store business logic
βββ templates/ # Jinja2 HTML templates
β βββ index.html # Main store page
β βββ checkout.html # Checkout page
β βββ checkout_success.html # Order success page
β βββ welcome.html # Welcome/landing page
β βββ error.html # Error page
βββ static/ # Static assets (CSS, images, JS)
β βββ *.jpg # Food item images
βββ tests/ # Test suite
β βββ __init__.py
β βββ test_store.py # Application tests
βββ .env # Environment variables
βββ .gitignore # Git ignore rules
βββ requirements.txt # Python dependencies
βββ Dockerfile # Docker container definition
βββ docker-compose.yml # Docker Compose configuration
βββ Makefile # Development commands
βββ start.sh # Startup script
βββ README.md # This file
Create a .env file in the project root:
SECRET_KEY=your-super-secret-key-change-this-in-production
DEBUG=True
BASE_URL=http://localhost:8000
CORS_ORIGINS=["http://localhost:8000", "http://127.0.0.1:8000"]
REDIS_URL=redis://localhost:6379Configuration is managed through app/config.py using Pydantic Settings:
- Session Management: Configurable session expiration
- Cart Limits: Maximum items per cart
- CORS Settings: Allowed origins for cross-origin requests
- Debug Mode: Development vs. production settings
Food items are defined in app/services/store_service.py. Each item includes:
- Name: Display name
- Price: Cost in dollars
- Category: Healthy or junk food
- Image: Filename in static directory
- Description: Item description
Place food item images in the static/ directory:
static/
βββ pizza.jpg
βββ carrot.jpg
βββ fries.jpg
βββ tomato.jpg
βββ ... (other food images)
# Run all tests
make test
# Run tests with coverage
make test-cov
# Run specific test file
pytest tests/test_store.py -v- Unit tests for all services
- Integration tests for API endpoints
- Security testing for input validation
- Session management testing
# Build and run
docker-compose up -d
# Check logs
docker-compose logs -f
# Stop services
docker-compose down- Set
DEBUG=Falsein environment - Use a proper secret key
- Configure proper CORS origins
- Set up reverse proxy (nginx)
- Use a proper database for sessions
- Set up monitoring and logging
- Development: Debug mode, local CORS, file-based sessions
- Production: Secure settings, database sessions, proper logging
- Pydantic Models: All input validated through Pydantic
- HTML Sanitization: User input sanitized with nh3
- Type Checking: Full type safety with mypy
- Secure Sessions: Cryptographically signed sessions
- Session Expiration: Configurable timeout
- CSRF Protection: Ready for CSRF middleware
- Graceful Degradation: User-friendly error messages
- Security Logging: Comprehensive security event logging
- Input Sanitization: Protection against XSS attacks
# Format code
make format
# Lint code
make lint
# Type check
make type-check
# Run all checks
make check-all- Create feature branch
- Write tests first (TDD)
- Implement feature
- Run quality checks
- Submit pull request
- Models: Define data structures in
app/models/ - Services: Implement business logic in
app/services/ - Routes: Add API endpoints in
app/routers/ - Templates: Create HTML templates in
templates/ - Tests: Add tests in
tests/
GET /store/- Main store pagePOST /store/add-item- Add item to cart (API)POST /store/add-item-form- Add item to cart (Form)GET /store/menu- Get menu items (API)GET /store/cart- Get cart contents (API)
GET /checkout/- Checkout pagePOST /checkout/- Process checkout actionDELETE /checkout/clear- Clear cart (API)POST /checkout/remove-item- Remove item from cart
GET /- Welcome pageGET /health- Health checkGET /api/info- API information
Port Already in Use
# Kill process using port 8000
lsof -ti:8000 | xargs kill -9Missing Static Files
- Ensure food images are in
static/directory - Check file permissions
- Verify image filenames match service configuration
Session Issues
- Check SECRET_KEY configuration
- Verify session middleware is enabled
- Clear browser cookies if needed
Import Errors
- Ensure virtual environment is activated
- Check Python path:
export PYTHONPATH="${PYTHONPATH}:." - Verify all dependencies are installed
- β Complete architecture overhaul
- β Added session-based cart management
- β Implemented comprehensive security measures
- β Added full test coverage
- β Created Docker deployment support
- β Improved UI/UX with responsive design
- β Added proper error handling and logging
- Basic FastAPI application
- Single file structure
- Global state management
- Minimal error handling
- Fork the repository
- Create a feature branch:
git checkout -b feature/amazing-feature - Commit changes:
git commit -m 'Add amazing feature' - Push to branch:
git push origin feature/amazing-feature - Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
- FastAPI for the excellent web framework
- Pydantic for data validation
- Jinja2 for templating
- The Python community for great tools and libraries
If you encounter any issues or have questions:
- Check the troubleshooting section above
- Review the test cases for examples
- Check application logs for error details
- Open an issue on the repository
Made with β€οΈ for kids learning about web development and healthy choices!