A Flask-based garage management platform for service tracking, customer access, and role-based dashboards. This repository focuses on a production-ready Python service with clear configuration, reliable startup flows, and maintainable structure.
- Service Operations: Track vehicle repairs, maintenance, and service history.
- Role-Based Experience: Admin, Maintenance, Worker, and Client dashboards.
- Customer Access: Registration, login, and profile management.
- Operational Visibility: Maintenance status messaging, visit leaderboard, and activity logging.
- Backend: Flask, Flask-Login, Flask-WTF, Flask-Mail
- Database: SQLAlchemy + Flask-Migrate (SQLite for local dev; PostgreSQL for production)
- Security: CSRF protection, rate limiting, HTTP security headers
- Python 3.10+
- pip
- SQLite (local) or PostgreSQL (production)
git clone https://github.com/Kvnbbg/au-garage
cd au-garage
python -m venv venv
source venv/bin/activate # Windows: .\venv\Scripts\activate
pip install -r requirements.txtCopy the example environment file and adjust as needed:
cp .env.example .envKey environment variables:
FLASK_ENV(development,testing,production)SECRET_KEY(required in production)DATABASE_URL(e.g.sqlite:///instance/app.dbor PostgreSQL URL)MAINTENANCE_START_DATE(formatYYYY-MM-DD HH:MM:SS)RATELIMIT_STORAGE_URI(defaults to in-memory for local use)MAIL_*values for password reset emailsADMINS(comma-separated list of admin emails)
flask --app run:app runpython run.pyThis repository includes a Vercel serverless entrypoint in api/index.py.
- Create a new Vercel project and import the repo.
- Configure environment variables (recommended minimum):
FLASK_ENV=productionSECRET_KEY(strong, random)DATABASE_URL(managed Postgres; avoid SQLite in production)RATELIMIT_STORAGE_URI(Redis/Upstash to avoid per-instance limits)MAIL_*andADMINSfor password reset and admin alerts
- Deploy from the Vercel dashboard or CLI.
Common mistakes to avoid:
- Using SQLite in production: Vercel functions run on ephemeral storage. Use managed Postgres.
- Missing
SECRET_KEY: production startup fails unless it is set. - In-memory rate limiting: each serverless instance has its own memory. Use Redis.
- Forgetting
FLASK_ENV=production: secure cookies and production logging depend on it.
flask garage init-db
flask garage create-adminflask garage --help
flask garage init-roles
flask garage config-check/or/home: landing page/auth/login: login/auth/register: register/auth/dashboard: dashboard
pytest- Database errors: verify
DATABASE_URLis correct and migrations ran. - Email not sending: confirm
MAIL_SERVER,MAIL_USERNAME, andMAIL_PASSWORD. - Rate limit responses: slow down requests or adjust limits in
app/__init__.py. - Config warnings on startup: run
flask garage config-checkfor details.
- Set a strong
SECRET_KEYin production. - Use a real SMTP provider for email flows.
- Keep dependencies updated and review
SECURITY.mdfor reporting.
- For pentest alignment with OWASP Top 10 (2021/2025) and a black-box checklist, see PENTEST_CHECKLIST.md.
- Fork the repository and create a feature branch.
- Run tests and lint checks locally.
- Submit a PR with clear scope and validation steps.
See CONTRIBUTING.md for full guidance.