All tweaks added
This commit is contained in:
+31
-43
@@ -7,13 +7,23 @@ from typing import Optional
|
||||
import httpx
|
||||
|
||||
from app.core.database import get_db
|
||||
from app.core.security import verify_password, create_access_token, hash_password, get_current_user
|
||||
from app.core.security import verify_password, create_access_token, get_current_user
|
||||
from app.core.config import settings
|
||||
from app.models.user import User
|
||||
|
||||
router = APIRouter()
|
||||
|
||||
|
||||
async def _get_pocketid_config(db: AsyncSession):
|
||||
"""Get PocketID config from DB (admin user) falling back to env vars."""
|
||||
result = await db.execute(select(User).where(User.is_admin == True).limit(1))
|
||||
admin = result.scalar_one_or_none()
|
||||
issuer = (admin and admin.pocketid_issuer) or settings.pocketid_issuer
|
||||
client_id = (admin and admin.pocketid_client_id) or settings.pocketid_client_id
|
||||
client_secret = (admin and admin.pocketid_client_secret) or settings.pocketid_client_secret
|
||||
return issuer, client_id, client_secret
|
||||
|
||||
|
||||
class Token(BaseModel):
|
||||
access_token: str
|
||||
token_type: str
|
||||
@@ -37,24 +47,15 @@ async def login(
|
||||
form_data: OAuth2PasswordRequestForm = Depends(),
|
||||
db: AsyncSession = Depends(get_db),
|
||||
):
|
||||
result = await db.execute(
|
||||
select(User).where(User.username == form_data.username)
|
||||
)
|
||||
result = await db.execute(select(User).where(User.username == form_data.username))
|
||||
user = result.scalar_one_or_none()
|
||||
|
||||
if not user or not user.hashed_password:
|
||||
raise HTTPException(status_code=400, detail="Invalid credentials")
|
||||
if not verify_password(form_data.password, user.hashed_password):
|
||||
raise HTTPException(status_code=400, detail="Invalid credentials")
|
||||
|
||||
token = create_access_token({"sub": str(user.id)})
|
||||
return Token(
|
||||
access_token=token,
|
||||
token_type="bearer",
|
||||
user_id=user.id,
|
||||
username=user.username,
|
||||
is_admin=user.is_admin,
|
||||
)
|
||||
return Token(access_token=token, token_type="bearer",
|
||||
user_id=user.id, username=user.username, is_admin=user.is_admin)
|
||||
|
||||
|
||||
@router.get("/me", response_model=UserOut)
|
||||
@@ -63,51 +64,44 @@ async def get_me(current_user: User = Depends(get_current_user)):
|
||||
|
||||
|
||||
@router.get("/pocketid/available")
|
||||
async def pocketid_available():
|
||||
return {"available": bool(settings.pocketid_issuer and settings.pocketid_client_id)}
|
||||
async def pocketid_available(db: AsyncSession = Depends(get_db)):
|
||||
issuer, client_id, _ = await _get_pocketid_config(db)
|
||||
return {"available": bool(issuer and client_id)}
|
||||
|
||||
|
||||
@router.get("/pocketid/login-url")
|
||||
async def pocketid_login_url():
|
||||
"""Return the OIDC authorization URL for PocketID."""
|
||||
if not settings.pocketid_issuer:
|
||||
async def pocketid_login_url(db: AsyncSession = Depends(get_db)):
|
||||
issuer, client_id, _ = await _get_pocketid_config(db)
|
||||
if not issuer or not client_id:
|
||||
raise HTTPException(status_code=404, detail="PocketID not configured")
|
||||
|
||||
from urllib.parse import urlencode
|
||||
params = {
|
||||
"client_id": settings.pocketid_client_id,
|
||||
"client_id": client_id,
|
||||
"redirect_uri": "/api/auth/pocketid/callback",
|
||||
"response_type": "code",
|
||||
"scope": "openid profile email",
|
||||
}
|
||||
from urllib.parse import urlencode
|
||||
url = f"{settings.pocketid_issuer}/authorize?{urlencode(params)}"
|
||||
return {"url": url}
|
||||
return {"url": f"{issuer}/authorize?{urlencode(params)}"}
|
||||
|
||||
|
||||
@router.get("/pocketid/callback")
|
||||
async def pocketid_callback(code: str, db: AsyncSession = Depends(get_db)):
|
||||
"""Exchange OIDC code for tokens and create/login user."""
|
||||
if not settings.pocketid_issuer:
|
||||
issuer, client_id, client_secret = await _get_pocketid_config(db)
|
||||
if not issuer:
|
||||
raise HTTPException(status_code=404, detail="PocketID not configured")
|
||||
|
||||
# Exchange code for tokens
|
||||
async with httpx.AsyncClient() as client:
|
||||
resp = await client.post(
|
||||
f"{settings.pocketid_issuer}/token",
|
||||
data={
|
||||
"grant_type": "authorization_code",
|
||||
"code": code,
|
||||
"redirect_uri": "/api/auth/pocketid/callback",
|
||||
"client_id": settings.pocketid_client_id,
|
||||
"client_secret": settings.pocketid_client_secret,
|
||||
},
|
||||
f"{issuer}/token",
|
||||
data={"grant_type": "authorization_code", "code": code,
|
||||
"redirect_uri": "/api/auth/pocketid/callback",
|
||||
"client_id": client_id, "client_secret": client_secret},
|
||||
)
|
||||
if resp.status_code != 200:
|
||||
raise HTTPException(status_code=400, detail="Token exchange failed")
|
||||
|
||||
tokens = resp.json()
|
||||
userinfo_resp = await client.get(
|
||||
f"{settings.pocketid_issuer}/userinfo",
|
||||
f"{issuer}/userinfo",
|
||||
headers={"Authorization": f"Bearer {tokens['access_token']}"},
|
||||
)
|
||||
userinfo = userinfo_resp.json()
|
||||
@@ -118,17 +112,11 @@ async def pocketid_callback(code: str, db: AsyncSession = Depends(get_db)):
|
||||
|
||||
result = await db.execute(select(User).where(User.pocketid_sub == sub))
|
||||
user = result.scalar_one_or_none()
|
||||
|
||||
if not user:
|
||||
user = User(
|
||||
username=preferred_username,
|
||||
email=email,
|
||||
pocketid_sub=sub,
|
||||
)
|
||||
user = User(username=preferred_username, email=email, pocketid_sub=sub)
|
||||
db.add(user)
|
||||
await db.flush()
|
||||
|
||||
token = create_access_token({"sub": str(user.id)})
|
||||
# Redirect to frontend with token
|
||||
from fastapi.responses import RedirectResponse
|
||||
return RedirectResponse(url=f"/?token={token}")
|
||||
|
||||
@@ -0,0 +1,220 @@
|
||||
from fastapi import APIRouter, Depends, HTTPException
|
||||
from sqlalchemy.ext.asyncio import AsyncSession
|
||||
from sqlalchemy import select, desc
|
||||
from pydantic import BaseModel
|
||||
from typing import Optional, List
|
||||
from datetime import datetime, date, timezone
|
||||
|
||||
from app.core.database import get_db
|
||||
from app.core.security import get_current_user, hash_password, verify_password
|
||||
from app.models.user import User, WeightLog
|
||||
|
||||
router = APIRouter()
|
||||
|
||||
|
||||
# ── Profile ────────────────────────────────────────────────────────────────
|
||||
|
||||
class ProfileUpdate(BaseModel):
|
||||
max_heart_rate: Optional[int] = None
|
||||
resting_heart_rate: Optional[int] = None
|
||||
birth_year: Optional[int] = None
|
||||
height_cm: Optional[float] = None
|
||||
|
||||
|
||||
class ProfileOut(BaseModel):
|
||||
id: int
|
||||
username: str
|
||||
email: Optional[str]
|
||||
max_heart_rate: Optional[int]
|
||||
resting_heart_rate: Optional[int]
|
||||
birth_year: Optional[int]
|
||||
height_cm: Optional[float]
|
||||
estimated_max_hr: Optional[int]
|
||||
is_admin: bool
|
||||
|
||||
class Config:
|
||||
from_attributes = True
|
||||
|
||||
|
||||
def _estimated_max_hr(user: User) -> Optional[int]:
|
||||
if user.birth_year:
|
||||
return 220 - (datetime.now().year - user.birth_year)
|
||||
return None
|
||||
|
||||
|
||||
@router.get("/", response_model=ProfileOut)
|
||||
async def get_profile(current_user: User = Depends(get_current_user)):
|
||||
return {**{c.name: getattr(current_user, c.name)
|
||||
for c in User.__table__.columns},
|
||||
"estimated_max_hr": _estimated_max_hr(current_user)}
|
||||
|
||||
|
||||
@router.patch("/", response_model=ProfileOut)
|
||||
async def update_profile(
|
||||
body: ProfileUpdate,
|
||||
db: AsyncSession = Depends(get_db),
|
||||
current_user: User = Depends(get_current_user),
|
||||
):
|
||||
if body.max_heart_rate is not None:
|
||||
if not (100 <= body.max_heart_rate <= 250):
|
||||
raise HTTPException(400, "Max HR must be 100–250")
|
||||
current_user.max_heart_rate = body.max_heart_rate
|
||||
if body.resting_heart_rate is not None:
|
||||
if not (20 <= body.resting_heart_rate <= 120):
|
||||
raise HTTPException(400, "Resting HR must be 20–120")
|
||||
current_user.resting_heart_rate = body.resting_heart_rate
|
||||
if body.birth_year is not None:
|
||||
if not (1920 <= body.birth_year <= 2010):
|
||||
raise HTTPException(400, "Invalid birth year")
|
||||
current_user.birth_year = body.birth_year
|
||||
if body.height_cm is not None:
|
||||
if not (50 <= body.height_cm <= 300):
|
||||
raise HTTPException(400, "Height must be 50–300 cm")
|
||||
current_user.height_cm = body.height_cm
|
||||
|
||||
await db.commit()
|
||||
await db.refresh(current_user)
|
||||
return {**{c.name: getattr(current_user, c.name)
|
||||
for c in User.__table__.columns},
|
||||
"estimated_max_hr": _estimated_max_hr(current_user)}
|
||||
|
||||
|
||||
# ── Password change ────────────────────────────────────────────────────────
|
||||
|
||||
class PasswordChange(BaseModel):
|
||||
current_password: str
|
||||
new_password: str
|
||||
|
||||
|
||||
@router.post("/change-password")
|
||||
async def change_password(
|
||||
body: PasswordChange,
|
||||
db: AsyncSession = Depends(get_db),
|
||||
current_user: User = Depends(get_current_user),
|
||||
):
|
||||
if not current_user.hashed_password:
|
||||
raise HTTPException(400, "Account uses passkey login — no password to change")
|
||||
if not verify_password(body.current_password, current_user.hashed_password):
|
||||
raise HTTPException(400, "Current password is incorrect")
|
||||
if len(body.new_password) < 8:
|
||||
raise HTTPException(400, "New password must be at least 8 characters")
|
||||
current_user.hashed_password = hash_password(body.new_password)
|
||||
await db.commit()
|
||||
return {"status": "ok"}
|
||||
|
||||
|
||||
# ── PocketID configuration (admin only) ────────────────────────────────────
|
||||
|
||||
class PocketIDConfig(BaseModel):
|
||||
issuer: Optional[str] = None
|
||||
client_id: Optional[str] = None
|
||||
client_secret: Optional[str] = None
|
||||
|
||||
|
||||
@router.get("/pocketid-config")
|
||||
async def get_pocketid_config(current_user: User = Depends(get_current_user)):
|
||||
if not current_user.is_admin:
|
||||
raise HTTPException(403, "Admin only")
|
||||
from app.core.config import settings
|
||||
# Show DB config if set, fall back to env
|
||||
issuer = current_user.pocketid_issuer or settings.pocketid_issuer
|
||||
client_id = current_user.pocketid_client_id or settings.pocketid_client_id
|
||||
return {
|
||||
"issuer": issuer or "",
|
||||
"client_id": client_id or "",
|
||||
"client_secret_set": bool(current_user.pocketid_client_secret or settings.pocketid_client_secret),
|
||||
"enabled": bool(issuer and client_id),
|
||||
}
|
||||
|
||||
|
||||
@router.post("/pocketid-config")
|
||||
async def save_pocketid_config(
|
||||
body: PocketIDConfig,
|
||||
db: AsyncSession = Depends(get_db),
|
||||
current_user: User = Depends(get_current_user),
|
||||
):
|
||||
if not current_user.is_admin:
|
||||
raise HTTPException(403, "Admin only")
|
||||
if body.issuer is not None:
|
||||
current_user.pocketid_issuer = body.issuer.rstrip("/") if body.issuer else None
|
||||
if body.client_id is not None:
|
||||
current_user.pocketid_client_id = body.client_id or None
|
||||
if body.client_secret is not None:
|
||||
current_user.pocketid_client_secret = body.client_secret or None
|
||||
await db.commit()
|
||||
return {"status": "ok"}
|
||||
|
||||
|
||||
# ── Weight log ─────────────────────────────────────────────────────────────
|
||||
|
||||
class WeightEntry(BaseModel):
|
||||
date: datetime
|
||||
weight_kg: float
|
||||
body_fat_pct: Optional[float] = None
|
||||
note: Optional[str] = None
|
||||
|
||||
|
||||
class WeightOut(BaseModel):
|
||||
id: int
|
||||
date: datetime
|
||||
weight_kg: float
|
||||
body_fat_pct: Optional[float]
|
||||
note: Optional[str]
|
||||
|
||||
class Config:
|
||||
from_attributes = True
|
||||
|
||||
|
||||
@router.get("/weight", response_model=List[WeightOut])
|
||||
async def list_weight(
|
||||
limit: int = 365,
|
||||
db: AsyncSession = Depends(get_db),
|
||||
current_user: User = Depends(get_current_user),
|
||||
):
|
||||
result = await db.execute(
|
||||
select(WeightLog)
|
||||
.where(WeightLog.user_id == current_user.id)
|
||||
.order_by(desc(WeightLog.date))
|
||||
.limit(limit)
|
||||
)
|
||||
return result.scalars().all()
|
||||
|
||||
|
||||
@router.post("/weight", response_model=WeightOut)
|
||||
async def log_weight(
|
||||
body: WeightEntry,
|
||||
db: AsyncSession = Depends(get_db),
|
||||
current_user: User = Depends(get_current_user),
|
||||
):
|
||||
if not (20 <= body.weight_kg <= 500):
|
||||
raise HTTPException(400, "Weight must be 20–500 kg")
|
||||
entry = WeightLog(
|
||||
user_id=current_user.id,
|
||||
date=body.date,
|
||||
weight_kg=body.weight_kg,
|
||||
body_fat_pct=body.body_fat_pct,
|
||||
note=body.note,
|
||||
)
|
||||
db.add(entry)
|
||||
await db.commit()
|
||||
await db.refresh(entry)
|
||||
return entry
|
||||
|
||||
|
||||
@router.delete("/weight/{entry_id}", status_code=204)
|
||||
async def delete_weight(
|
||||
entry_id: int,
|
||||
db: AsyncSession = Depends(get_db),
|
||||
current_user: User = Depends(get_current_user),
|
||||
):
|
||||
result = await db.execute(
|
||||
select(WeightLog).where(
|
||||
WeightLog.id == entry_id,
|
||||
WeightLog.user_id == current_user.id,
|
||||
)
|
||||
)
|
||||
entry = result.scalar_one_or_none()
|
||||
if not entry:
|
||||
raise HTTPException(404, "Not found")
|
||||
await db.delete(entry)
|
||||
await db.commit()
|
||||
@@ -3,7 +3,7 @@ from sqlalchemy.ext.asyncio import AsyncSession
|
||||
from sqlalchemy import select, desc
|
||||
from pydantic import BaseModel
|
||||
from typing import Optional, List
|
||||
from datetime import datetime
|
||||
from datetime import datetime, timedelta, timezone
|
||||
|
||||
from app.core.database import get_db
|
||||
from app.core.security import get_current_user
|
||||
@@ -23,7 +23,7 @@ class RouteCreate(BaseModel):
|
||||
name: str
|
||||
description: Optional[str] = None
|
||||
sport_type: Optional[str] = None
|
||||
activity_id: int # use this activity as the reference route
|
||||
activity_id: int
|
||||
|
||||
|
||||
class RouteOut(BaseModel):
|
||||
@@ -34,6 +34,7 @@ class RouteOut(BaseModel):
|
||||
reference_polyline: Optional[str]
|
||||
bounding_box: Optional[dict]
|
||||
distance_m: Optional[float]
|
||||
auto_detected: Optional[bool]
|
||||
created_at: datetime
|
||||
|
||||
class Config:
|
||||
@@ -64,13 +65,44 @@ async def list_routes(
|
||||
return result.scalars().all()
|
||||
|
||||
|
||||
@router.get("/recent-activities")
|
||||
async def recent_activities_for_route(
|
||||
days: int = Query(14, ge=1, le=90),
|
||||
sport_type: Optional[str] = None,
|
||||
db: AsyncSession = Depends(get_db),
|
||||
current_user: User = Depends(get_current_user),
|
||||
):
|
||||
"""Return recent activities for the route creation dropdown."""
|
||||
cutoff = datetime.now(timezone.utc) - timedelta(days=days)
|
||||
q = select(Activity).where(
|
||||
Activity.user_id == current_user.id,
|
||||
Activity.start_time >= cutoff,
|
||||
Activity.sport_type != "swimming",
|
||||
)
|
||||
if sport_type:
|
||||
q = q.where(Activity.sport_type == sport_type)
|
||||
q = q.order_by(desc(Activity.start_time)).limit(50)
|
||||
result = await db.execute(q)
|
||||
activities = result.scalars().all()
|
||||
return [
|
||||
{
|
||||
"id": a.id,
|
||||
"name": a.name,
|
||||
"sport_type": a.sport_type,
|
||||
"start_time": a.start_time,
|
||||
"distance_m": a.distance_m,
|
||||
"duration_s": a.duration_s,
|
||||
}
|
||||
for a in activities
|
||||
]
|
||||
|
||||
|
||||
@router.post("/", response_model=RouteOut)
|
||||
async def create_route(
|
||||
body: RouteCreate,
|
||||
db: AsyncSession = Depends(get_db),
|
||||
current_user: User = Depends(get_current_user),
|
||||
):
|
||||
# Load the reference activity
|
||||
act_result = await db.execute(
|
||||
select(Activity).where(
|
||||
Activity.id == body.activity_id,
|
||||
@@ -89,11 +121,10 @@ async def create_route(
|
||||
reference_polyline=activity.polyline,
|
||||
bounding_box=activity.bounding_box,
|
||||
distance_m=activity.distance_m,
|
||||
auto_detected=False,
|
||||
)
|
||||
db.add(route)
|
||||
await db.flush()
|
||||
|
||||
# Link this activity to the route
|
||||
activity.named_route_id = route.id
|
||||
await db.commit()
|
||||
await db.refresh(route)
|
||||
@@ -124,7 +155,6 @@ async def route_activities(
|
||||
db: AsyncSession = Depends(get_db),
|
||||
current_user: User = Depends(get_current_user),
|
||||
):
|
||||
"""All activities on this named route, ordered fastest first."""
|
||||
result = await db.execute(
|
||||
select(Activity).where(
|
||||
Activity.named_route_id == route_id,
|
||||
@@ -153,7 +183,6 @@ async def assign_activity_to_route(
|
||||
db: AsyncSession = Depends(get_db),
|
||||
current_user: User = Depends(get_current_user),
|
||||
):
|
||||
"""Manually assign an activity to a named route."""
|
||||
activity_id = body.get("activity_id")
|
||||
act_result = await db.execute(
|
||||
select(Activity).where(
|
||||
@@ -164,7 +193,6 @@ async def assign_activity_to_route(
|
||||
activity = act_result.scalar_one_or_none()
|
||||
if not activity:
|
||||
raise HTTPException(status_code=404, detail="Activity not found")
|
||||
|
||||
activity.named_route_id = route_id
|
||||
await db.commit()
|
||||
return {"status": "ok"}
|
||||
|
||||
Reference in New Issue
Block a user