alexei.dolgolyov/personal-ai-assistant
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fed6a3df1b4493d582da8b1997a848a7fa5e4d94
personal-ai-assistant/backend/app/api/v1/auth.py
dolgolyov.alexei fed6a3df1b Phase 6: PDF & Polish — PDF generation, admin users/settings, AI tool 
Backend:
- Setting + GeneratedPdf models, Alembic migration with default settings seed
- PDF generation service (WeasyPrint + Jinja2 with autoescape)
- Health report HTML template with memory entries + document excerpts
- Admin user management: list, create, update (role/max_chats/is_active)
- Admin settings: self_registration_enabled, default_max_chats
- Self-registration check wired into auth register endpoint
- default_max_chats applied to new user registrations
- AI tool: generate_pdf creates health compilation PDFs
- PDF compile/list/download API endpoints
- WeasyPrint system deps added to Dockerfile

Frontend:
- PDF reports page with generate + download
- Admin users page with create/edit/activate/deactivate
- Admin settings page with self-registration toggle + max chats
- Extended sidebar with PDF reports + admin users/settings links
- English + Russian translations for all new UI

Review fixes applied:
- Jinja2 autoescape enabled (XSS prevention in PDFs)
- db.refresh after flush (created_at populated correctly)
- storage_path removed from API response (no internal path leak)
- Role field uses Literal["user", "admin"] validation
- React hooks called before conditional returns (rules of hooks)
- default_max_chats setting now applied during registration

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-19 14:37:43 +03:00

77 lines
2.2 KiB
Python
Raw Blame History

from typing import Annotated
from fastapi import APIRouter, Depends, Request, status
from sqlalchemy.ext.asyncio import AsyncSession
from app.api.deps import get_current_user
from app.database import get_db
from app.models.user import User
from app.schemas.auth import (
AuthResponse,
LoginRequest,
RefreshRequest,
TokenResponse,
UserResponse,
RegisterRequest,
)
from app.services import auth_service
router = APIRouter(prefix="/auth", tags=["auth"])
@router.post("/register", response_model=AuthResponse, status_code=status.HTTP_201_CREATED)
async def register(
data: RegisterRequest,
request: Request,
db: Annotated[AsyncSession, Depends(get_db)],
):
from app.services.setting_service import get_setting_value
registration_enabled = await get_setting_value(db, "self_registration_enabled", True)
if not registration_enabled:
from fastapi import HTTPException
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Registration is currently disabled")
return await auth_service.register_user(
db,
data,
ip_address=request.client.host if request.client else None,
device_info=request.headers.get("user-agent"),
)
@router.post("/login", response_model=AuthResponse)
async def login(
data: LoginRequest,
request: Request,
db: Annotated[AsyncSession, Depends(get_db)],
):
return await auth_service.login_user(
db,
email=data.email,
password=data.password,
remember_me=data.remember_me,
ip_address=request.client.host if request.client else None,
device_info=request.headers.get("user-agent"),
)
@router.post("/refresh", response_model=TokenResponse)
async def refresh(
data: RefreshRequest,
db: Annotated[AsyncSession, Depends(get_db)],
):
return await auth_service.refresh_tokens(db, data.refresh_token)
@router.post("/logout", status_code=status.HTTP_204_NO_CONTENT)
async def logout(
data: RefreshRequest,
db: Annotated[AsyncSession, Depends(get_db)],
):
await auth_service.logout_user(db, data.refresh_token)
@router.get("/me", response_model=UserResponse)
async def me(user: Annotated[User, Depends(get_current_user)]):
return UserResponse.model_validate(user)
Reference in New Issue View Git Blame Copy Permalink