A clean, beginner-friendly full-stack to-do list web app built with Python (Flask). SmartTodo lets users create an account, log in, and manage their own personal task list — all without needing a database. User accounts and tasks are stored in simple JSON files.
This project is intentionally kept simple and well-commented, making it a great starting point for anyone learning Flask, sessions/cookies, or basic full-stack web development.
- 🔐 User registration — create an account with a username and password
- 🔑 User login — secure password checking with hashed passwords (
werkzeug.security) - 🍪 Session-based authentication — Flask sessions/cookies keep users logged in
- 🚪 Logout system — clears the session and redirects to the login page
- 📋 Per-user dashboard — each user only ever sees their own tasks
- ➕ Add tasks
- ✔️ Mark tasks as completed (toggle on/off)
- 🗑️ Delete tasks
- 💾 No database required — everything is stored in plain JSON files
- 🎨 Clean, responsive UI built with hand-written HTML & CSS
SmartTodo/
│
├── main.py # Flask application (routes, auth logic, task logic)
├── requirements.txt # Python dependencies
├── tasks.json # All users' tasks, keyed by username
├── users.json # Registered users and hashed passwords
├── README.md
│
├── templates/
│ ├── login.html # Login page
│ ├── register.html # Registration page
│ └── index.html # Main dashboard (task list)
│
└── static/
└── style.css # App styling
| Layer | Technology |
|---|---|
| Backend | Python 3, Flask |
| Frontend | HTML5, CSS3 (no frameworks) |
| Auth | Flask sessions + Werkzeug password hashing |
| Storage | JSON files (users.json, tasks.json) |
git clone https://github.com/your-username/SmartTodo.git
cd SmartTodopython -m venv venv
# Activate it:
# Windows:
venv\Scripts\activate
# macOS / Linux:
source venv/bin/activatepip install -r requirements.txtpython main.pyhttp://127.0.0.1:5000
You'll be redirected to the login page. Click "Create one" to register a new account, then log in and start adding tasks!
Stores registered usernames with their hashed passwords (passwords are never stored in plain text).
{
"jane_doe": {
"password": "pbkdf2:sha256:600000$abc123...$def456..."
}
}Tasks are grouped by username, so every user only sees their own list.
{
"jane_doe": [
{
"id": 1,
"task": "Buy groceries",
"completed": false
},
{
"id": 2,
"task": "Finish Flask project",
"completed": true
}
]
}This project is built for learning purposes and keeps things intentionally simple. A few things to be aware of if you plan to deploy it publicly:
- Passwords are hashed with
werkzeug.security✅ (good practice, already included) - The Flask
secret_keyinmain.pyis hardcoded — in production, load it from an environment variable instead. - JSON files are not ideal for handling many concurrent users — for a production app, consider migrating to a real database (SQLite, PostgreSQL, etc.).
debug=Trueshould be turned off (debug=False) before deploying.
Some ideas if you want to extend this project further:
- Add due dates / priority levels to tasks
- Add task editing (not just add/delete)
- Add a "Remember Me" option using persistent cookies
- Move from JSON storage to SQLite using SQLAlchemy
- Add task categories or tags
- Add unit tests with
pytest
This project is free to use for learning and portfolio purposes.
Built as a beginner-friendly Flask portfolio project — feel free to fork it, improve it, and make it your own!