# PostgreSQL Setup for Tasko

## Prerequisites
- PostgreSQL installed and running on your PC
- psql CLI access

## Setup Instructions

### 1. Run the schema script as postgres superuser:
```bash
psql -U postgres -f schema.sql
```

**OR** manually in psql:

```bash
# Connect as postgres superuser
psql -U postgres

# Then paste the contents of schema.sql
```

### 2. Verify the setup:
```sql
-- Connect to the database
\c tasko_db

-- List tables
\dt

-- List users
\du

-- Verify tasko_user has correct privileges
\dp
```

### 3. Test connection:
```bash
psql -U tasko_user -d tasko_db -h localhost
# Password: tasko_password
```

## Configuration

### Default credentials (change in production):
- **Database**: `tasko_db`
- **User**: `tasko_user`
- **Password**: `tasko_password`
- **Host**: `localhost`
- **Port**: `5432`

### Environment Variable (optional):
You can override the connection string by setting:
```bash
export DATABASE_URL="postgresql://tasko_user:tasko_password@localhost:5432/tasko_db"
```

Or on Windows:
```cmd
set DATABASE_URL=postgresql://tasko_user:tasko_password@localhost:5432/tasko_db
```

## Security Best Practices Applied

✅ **Dedicated database user**: Created `tasko_user` instead of using `postgres` superuser
✅ **Limited privileges**: Only granted necessary permissions (SELECT, INSERT, UPDATE, DELETE)
✅ **No superuser access**: `tasko_user` cannot create/drop databases or modify system tables
✅ **Schema isolation**: Uses public schema with controlled access
✅ **Cascade deletes**: Foreign keys properly handle data integrity

## Install Python Dependencies

```bash
cd backend
pip install -r requirements.txt
```

This will install:
- psycopg2-binary (PostgreSQL adapter)
- sqlalchemy
- fastapi
- uvicorn
- pydantic

## Start the Backend

```bash
cd backend
python main.py
```

The server will start on http://localhost:8001

## Troubleshooting

### Connection refused:
- Ensure PostgreSQL service is running
- Check if port 5432 is open
- Verify pg_hba.conf allows local connections

### Authentication failed:
- Double-check username and password
- Ensure user was created: `\du` in psql

### Permission denied:
- Re-run the GRANT statements in schema.sql
- Verify with: `\dp` in psql