Full app rebuild: FastAPI backend + React Native mobile with auth, championships, admin

Backend (FastAPI + SQLAlchemy + SQLite): - JWT auth with access/refresh tokens, bcrypt password hashing - User model with member/organizer/admin roles, auto-approve members - Championship, Registration, ParticipantList, Notification models - Alembic async migrations, seed data with test users - Registration endpoint returns tokens for members, pending for organizers - /registrations/my returns championship title/date/location via eager loading - Admin endpoints: list users, approve/reject organizers Mobile (React Native + Expo + TypeScript): - Zustand auth store, Axios client with token refresh interceptor - Role-based registration (Member vs Organizer) with contextual form labels - Tab navigation with Ionicons, safe area headers, admin tab for admin role - Championships list with status badges, detail screen with registration progress - My Registrations with championship title, progress bar, and tap-to-navigate - Admin panel with pending/all filter, approve/reject with confirmation - Profile screen with role badge, Ionicons info rows, sign out - Password visibility toggle (Ionicons), keyboard flow hints (returnKeyType) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-25 22:46:50 +03:00
parent 9eb68695e9
commit 789d2bf0a6
81 changed files with 16283 additions and 310 deletions
--- a/backend/app/routers/init.py
+++ b/backend/app/routers/init.py
@@ -0,0 +1,3 @@
+from app.routers import auth, championships, registrations, participant_lists, users
+
+__all__ = ["auth", "championships", "registrations", "participant_lists", "users"]
--- a/backend/app/routers/auth.py
+++ b/backend/app/routers/auth.py
@@ -0,0 +1,79 @@
+from fastapi import APIRouter, Depends, HTTPException, status
+from sqlalchemy.ext.asyncio import AsyncSession
+
+from app.crud import crud_user
+from app.database import get_db
+from app.dependencies import get_current_user
+from app.models.user import User
+from app.schemas.auth import LogoutRequest, RefreshRequest, RegisterResponse, TokenPair, TokenRefreshed
+from app.schemas.user import UserLogin, UserOut, UserRegister, UserUpdate
+from app.services.auth_service import (
+    create_access_token,
+    create_refresh_token,
+    revoke_refresh_token,
+    rotate_refresh_token,
+    verify_password,
+)
+
+router = APIRouter()
+
+
+@router.post("/register", response_model=RegisterResponse, status_code=status.HTTP_201_CREATED)
+async def register(data: UserRegister, db: AsyncSession = Depends(get_db)):
+    if await crud_user.get_by_email(db, data.email):
+        raise HTTPException(status_code=400, detail="Email already registered")
+    user = await crud_user.create(db, data)
+    # Members are auto-approved — issue tokens immediately so they can log in right away
+    if user.role == "member":
+        access_token = create_access_token(user.id)
+        refresh_token = await create_refresh_token(db, user.id)
+        return RegisterResponse(
+            user=UserOut.model_validate(user),
+            access_token=access_token,
+            refresh_token=refresh_token,
+        )
+    # Organizers must wait for admin approval
+    return RegisterResponse(user=UserOut.model_validate(user))
+
+
+@router.post("/login", response_model=TokenPair)
+async def login(data: UserLogin, db: AsyncSession = Depends(get_db)):
+    user = await crud_user.get_by_email(db, data.email)
+    if not user or not verify_password(data.password, user.hashed_password):
+        raise HTTPException(status_code=401, detail="Invalid credentials")
+    access_token = create_access_token(user.id)
+    refresh_token = await create_refresh_token(db, user.id)
+    return TokenPair(
+        access_token=access_token,
+        refresh_token=refresh_token,
+        user=UserOut.model_validate(user),
+    )
+
+
+@router.post("/refresh", response_model=TokenRefreshed)
+async def refresh(data: RefreshRequest, db: AsyncSession = Depends(get_db)):
+    result = await rotate_refresh_token(db, data.refresh_token)
+    if result is None:
+        raise HTTPException(status_code=401, detail="Invalid or expired refresh token")
+    new_refresh, user_id = result
+    access_token = create_access_token(user_id)
+    return TokenRefreshed(access_token=access_token, refresh_token=new_refresh)
+
+
+@router.post("/logout", status_code=status.HTTP_204_NO_CONTENT)
+async def logout(data: LogoutRequest, db: AsyncSession = Depends(get_db)):
+    await revoke_refresh_token(db, data.refresh_token)
+
+
+@router.get("/me", response_model=UserOut)
+async def me(current_user: User = Depends(get_current_user)):
+    return current_user
+
+
+@router.patch("/me", response_model=UserOut)
+async def update_me(
+    data: UserUpdate,
+    current_user: User = Depends(get_current_user),
+    db: AsyncSession = Depends(get_db),
+):
+    return await crud_user.update(db, current_user, data)
--- a/backend/app/routers/championships.py
+++ b/backend/app/routers/championships.py
@@ -0,0 +1,69 @@
+import uuid
+
+from fastapi import APIRouter, Depends, HTTPException, Query, status
+from sqlalchemy.ext.asyncio import AsyncSession
+
+from app.crud import crud_championship
+from app.database import get_db
+from app.dependencies import get_approved_user, get_organizer
+from app.models.user import User
+from app.schemas.championship import ChampionshipCreate, ChampionshipOut, ChampionshipUpdate
+
+router = APIRouter()
+
+
+@router.get("", response_model=list[ChampionshipOut])
+async def list_championships(
+    status: str | None = Query(None),
+    skip: int = 0,
+    limit: int = 50,
+    _user: User = Depends(get_approved_user),
+    db: AsyncSession = Depends(get_db),
+):
+    return await crud_championship.list_all(db, status=status, skip=skip, limit=limit)
+
+
+@router.get("/{champ_id}", response_model=ChampionshipOut)
+async def get_championship(
+    champ_id: uuid.UUID,
+    _user: User = Depends(get_approved_user),
+    db: AsyncSession = Depends(get_db),
+):
+    champ = await crud_championship.get(db, champ_id)
+    if not champ:
+        raise HTTPException(status_code=404, detail="Championship not found")
+    return champ
+
+
+@router.post("", response_model=ChampionshipOut, status_code=status.HTTP_201_CREATED)
+async def create_championship(
+    data: ChampionshipCreate,
+    _user: User = Depends(get_organizer),
+    db: AsyncSession = Depends(get_db),
+):
+    return await crud_championship.create(db, data)
+
+
+@router.patch("/{champ_id}", response_model=ChampionshipOut)
+async def update_championship(
+    champ_id: uuid.UUID,
+    data: ChampionshipUpdate,
+    _user: User = Depends(get_organizer),
+    db: AsyncSession = Depends(get_db),
+):
+    champ = await crud_championship.get(db, champ_id)
+    if not champ:
+        raise HTTPException(status_code=404, detail="Championship not found")
+    return await crud_championship.update(db, champ, data)
+
+
+@router.delete("/{champ_id}", status_code=status.HTTP_204_NO_CONTENT)
+async def delete_championship(
+    champ_id: uuid.UUID,
+    _user: User = Depends(get_organizer),
+    db: AsyncSession = Depends(get_db),
+):
+    champ = await crud_championship.get(db, champ_id)
+    if not champ:
+        raise HTTPException(status_code=404, detail="Championship not found")
+    await crud_championship.delete(db, champ)
--- a/backend/app/routers/participant_lists.py
+++ b/backend/app/routers/participant_lists.py
@@ -0,0 +1,55 @@
+import uuid
+
+from fastapi import APIRouter, Depends, HTTPException, status
+from sqlalchemy.ext.asyncio import AsyncSession
+
+from app.crud import crud_participant, crud_registration
+from app.database import get_db
+from app.dependencies import get_approved_user, get_organizer
+from app.models.user import User
+from app.schemas.participant import ParticipantListOut, ParticipantListPublish
+from app.schemas.registration import RegistrationWithUser
+
+router = APIRouter()
+
+
+@router.get("/championships/{champ_id}/participant-list", response_model=ParticipantListOut | None)
+async def get_participant_list(
+    champ_id: uuid.UUID,
+    _user: User = Depends(get_approved_user),
+    db: AsyncSession = Depends(get_db),
+):
+    return await crud_participant.get_for_championship(db, champ_id)
+
+
+@router.post(
+    "/championships/{champ_id}/participant-list/publish",
+    response_model=ParticipantListOut,
+    status_code=status.HTTP_201_CREATED,
+)
+async def publish_participant_list(
+    champ_id: uuid.UUID,
+    data: ParticipantListPublish,
+    current_user: User = Depends(get_organizer),
+    db: AsyncSession = Depends(get_db),
+):
+    pl = await crud_participant.create_or_get(db, champ_id, current_user.id)
+    if pl.is_published:
+        raise HTTPException(status_code=409, detail="Participant list already published")
+    pl = await crud_participant.publish(db, pl, data.notes)
+
+    # TODO: send push notifications to accepted participants
+    return pl
+
+
+@router.get(
+    "/championships/{champ_id}/participant-list/registrations",
+    response_model=list[RegistrationWithUser],
+)
+async def list_accepted_registrations(
+    champ_id: uuid.UUID,
+    _user: User = Depends(get_approved_user),
+    db: AsyncSession = Depends(get_db),
+):
+    regs = await crud_registration.list_for_championship(db, champ_id)
+    return [r for r in regs if r.status == "accepted"]
--- a/backend/app/routers/registrations.py
+++ b/backend/app/routers/registrations.py
@@ -0,0 +1,108 @@
+import uuid
+
+from fastapi import APIRouter, Depends, HTTPException, status
+from sqlalchemy.ext.asyncio import AsyncSession
+
+from app.crud import crud_championship, crud_registration
+from app.database import get_db
+from app.dependencies import get_approved_user, get_organizer
+from app.models.user import User
+from app.schemas.registration import (
+    RegistrationCreate,
+    RegistrationListItem,
+    RegistrationOut,
+    RegistrationUpdate,
+    RegistrationWithUser,
+)
+
+router = APIRouter()
+
+
+@router.post("", response_model=RegistrationOut, status_code=status.HTTP_201_CREATED)
+async def register_for_championship(
+    data: RegistrationCreate,
+    current_user: User = Depends(get_approved_user),
+    db: AsyncSession = Depends(get_db),
+):
+    champ = await crud_championship.get(db, data.championship_id)
+    if not champ:
+        raise HTTPException(status_code=404, detail="Championship not found")
+    if champ.status != "open":
+        raise HTTPException(status_code=400, detail="Registration is not open for this championship")
+
+    existing = await crud_registration.get_by_user_and_championship(db, current_user.id, data.championship_id)
+    if existing:
+        raise HTTPException(status_code=409, detail="Already registered for this championship")
+
+    return await crud_registration.create(db, current_user.id, data)
+
+
+@router.get("/my", response_model=list[RegistrationListItem])
+async def my_registrations(
+    current_user: User = Depends(get_approved_user),
+    db: AsyncSession = Depends(get_db),
+):
+    return await crud_registration.list_for_user(db, current_user.id)
+
+
+@router.get("/{reg_id}", response_model=RegistrationOut)
+async def get_registration(
+    reg_id: uuid.UUID,
+    current_user: User = Depends(get_approved_user),
+    db: AsyncSession = Depends(get_db),
+):
+    reg = await crud_registration.get(db, reg_id)
+    if not reg:
+        raise HTTPException(status_code=404, detail="Registration not found")
+    if reg.user_id != current_user.id and current_user.role not in ("organizer", "admin"):
+        raise HTTPException(status_code=403, detail="Access denied")
+    return reg
+
+
+@router.patch("/{reg_id}", response_model=RegistrationOut)
+async def update_registration(
+    reg_id: uuid.UUID,
+    data: RegistrationUpdate,
+    current_user: User = Depends(get_approved_user),
+    db: AsyncSession = Depends(get_db),
+):
+    reg = await crud_registration.get(db, reg_id)
+    if not reg:
+        raise HTTPException(status_code=404, detail="Registration not found")
+
+    # Members can only update their own registration (video_url, notes)
+    if current_user.role == "member":
+        if reg.user_id != current_user.id:
+            raise HTTPException(status_code=403, detail="Access denied")
+        allowed_fields = {"video_url", "notes"}
+        update_data = data.model_dump(exclude_none=True)
+        if not set(update_data.keys()).issubset(allowed_fields):
+            raise HTTPException(status_code=403, detail="Members can only update video_url and notes")
+
+    return await crud_registration.update(db, reg, data)
+
+
+@router.delete("/{reg_id}", status_code=status.HTTP_204_NO_CONTENT)
+async def cancel_registration(
+    reg_id: uuid.UUID,
+    current_user: User = Depends(get_approved_user),
+    db: AsyncSession = Depends(get_db),
+):
+    reg = await crud_registration.get(db, reg_id)
+    if not reg:
+        raise HTTPException(status_code=404, detail="Registration not found")
+    if reg.user_id != current_user.id and current_user.role not in ("organizer", "admin"):
+        raise HTTPException(status_code=403, detail="Access denied")
+    await crud_registration.delete(db, reg)
+
+
+# Organizer: list all registrations for a championship
+@router.get("/championship/{champ_id}", response_model=list[RegistrationWithUser])
+async def list_registrations_for_championship(
+    champ_id: uuid.UUID,
+    _user: User = Depends(get_organizer),
+    db: AsyncSession = Depends(get_db),
+    skip: int = 0,
+    limit: int = 100,
+):
+    return await crud_registration.list_for_championship(db, champ_id, skip=skip, limit=limit)
--- a/backend/app/routers/users.py
+++ b/backend/app/routers/users.py
@@ -0,0 +1,46 @@
+import uuid
+
+from fastapi import APIRouter, Depends, HTTPException
+from sqlalchemy.ext.asyncio import AsyncSession
+
+from app.crud import crud_user
+from app.database import get_db
+from app.dependencies import get_admin
+from app.models.user import User
+from app.schemas.user import UserOut
+
+router = APIRouter()
+
+
+@router.get("", response_model=list[UserOut])
+async def list_users(
+    _admin: User = Depends(get_admin),
+    db: AsyncSession = Depends(get_db),
+    skip: int = 0,
+    limit: int = 100,
+):
+    return await crud_user.list_all(db, skip=skip, limit=limit)
+
+
+@router.patch("/{user_id}/approve", response_model=UserOut)
+async def approve_user(
+    user_id: uuid.UUID,
+    _admin: User = Depends(get_admin),
+    db: AsyncSession = Depends(get_db),
+):
+    user = await crud_user.get_by_id(db, user_id)
+    if not user:
+        raise HTTPException(status_code=404, detail="User not found")
+    return await crud_user.set_status(db, user, "approved")
+
+
+@router.patch("/{user_id}/reject", response_model=UserOut)
+async def reject_user(
+    user_id: uuid.UUID,
+    _admin: User = Depends(get_admin),
+    db: AsyncSession = Depends(get_db),
+):
+    user = await crud_user.get_by_id(db, user_id)
+    if not user:
+        raise HTTPException(status_code=404, detail="User not found")
+    return await crud_user.set_status(db, user, "rejected")