Spaces:

Arkm20
/

authapi

Running

App Files Files Community

Arkm20 commited on Jul 4

Commit

121e50f

verified ·

1 Parent(s): 661788f

Update app.py

Browse files

Files changed (1) hide show

app.py +66 -49

app.py CHANGED Viewed

@@ -1,10 +1,10 @@
 import os
 import json
 import uuid
 from datetime import datetime, timedelta
 from typing import List, Dict, Optional, Any
-import secrets
 from fastapi import FastAPI, Depends, HTTPException, status, UploadFile, File, Query
 from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm
 from fastapi.staticfiles import StaticFiles
@@ -41,13 +41,12 @@ class Token(BaseModel):
 class TokenData(BaseModel):
     username: Optional[str] = None
-# NEW: Model for a single watch history record, including the timestamp
 class WatchHistoryEntry(BaseModel):
     show_id: str
     show_title: str
     season_number: int
     episode_number: int
-    watch_timestamp: datetime # Will be stored as an ISO 8601 string in JSON
 class UserBase(BaseModel):
     username: str
@@ -58,26 +57,29 @@ class UserCreate(UserBase):
 class UserInDB(UserBase):
     hashed_password: str
     profile_picture_url: Optional[str] = None
-    # This reflects the raw data stored in the JSON file
     watch_history: List[Dict[str, Any]] = Field(default_factory=list)
 class UserPublic(UserBase):
     profile_picture_url: Optional[str] = None
     watch_history_detailed: Dict[str, Any] = Field(default_factory=dict)
 # --- Database Helper Functions (using JSON file) ---
 def load_users() -> Dict[str, Dict]:
     if not os.path.exists(USERS_DB_FILE):
         return {}
-    with open(USERS_DB_FILE, "r") as f:
-        try:
             return json.load(f)
-        except json.JSONDecodeError:
-            return {}
 def save_users(users_db: Dict[str, Dict]):
-    # Use a custom default function to handle datetime objects during JSON serialization
     def json_serializer(obj):
         if isinstance(obj, datetime):
             return obj.isoformat()
@@ -130,7 +132,6 @@ async def get_current_user(token: str = Depends(oauth2_scheme)) -> UserInDB:
 # --- FastAPI App Initialization ---
 app = FastAPI(title="Media Auth API")
-# CORS middleware to allow the frontend to communicate with the API
 app.add_middleware(
     CORSMiddleware,
     allow_origins=["*"],
@@ -139,12 +140,9 @@ app.add_middleware(
     allow_headers=["*"],
 )
-# --- Helper function to structure watch history for the frontend ---
-# MODIFIED: Now includes the watch timestamp for each episode.
 def structure_watch_history(history_list: List[Dict]) -> Dict:
-    """Transforms a flat list of watched episodes into a nested dictionary."""
     structured = {}
-    # Sort by timestamp to ensure the latest watch time is used if duplicates exist
     sorted_history = sorted(history_list, key=lambda x: x.get("watch_timestamp", ""), reverse=True)
     for item in sorted_history:
@@ -154,6 +152,9 @@ def structure_watch_history(history_list: List[Dict]) -> Dict:
         episode_num = item.get("episode_number")
         timestamp = item.get("watch_timestamp")
         if show_id not in structured:
             structured[show_id] = {
                 "show_id": show_id,
@@ -165,7 +166,6 @@ def structure_watch_history(history_list: List[Dict]) -> Dict:
                 "season_number": season_num,
                 "episodes": {}
             }
-        # Store the timestamp instead of just 'True'
         structured[show_id]["seasons"][season_num]["episodes"][episode_num] = timestamp
     return structured
@@ -174,12 +174,9 @@ def structure_watch_history(history_list: List[Dict]) -> Dict:
 @app.post("/token", response_model=Token, tags=["Authentication"])
 async def login_for_access_token(form_data: OAuth2PasswordRequestForm = Depends()):
-    """
-    Standard OAuth2 login. Takes username and password from a form.
-    """
     users_db = load_users()
     user_data = users_db.get(form_data.username)
-    if not user_data or not verify_password(form_data.password, user_data["hashed_password"]):
         raise HTTPException(
             status_code=status.HTTP_401_UNAUTHORIZED,
             detail="Incorrect username or password",
@@ -194,9 +191,6 @@ async def login_for_access_token(form_data: OAuth2PasswordRequestForm = Depends(
 @app.post("/signup", status_code=status.HTTP_201_CREATED, tags=["Authentication"])
 async def signup_user(user: UserCreate):
-    """
-    Creates a new user account.
-    """
     users_db = load_users()
     if user.username in users_db:
         raise HTTPException(
@@ -204,9 +198,13 @@ async def signup_user(user: UserCreate):
             detail="Username already registered",
         )
     hashed_password = get_password_hash(user.password)
-    # Note: watch_history defaults to an empty list
-    new_user = UserInDB(username=user.username, hashed_password=hashed_password)
-    # Pydantic's .dict() serializes the model to a dictionary suitable for JSON
     users_db[user.username] = new_user.dict()
     save_users(users_db)
     return {"message": "User created successfully. Please login."}
@@ -214,13 +212,12 @@ async def signup_user(user: UserCreate):
 @app.get("/users/me", response_model=UserPublic, tags=["User"])
 async def read_users_me(current_user: UserInDB = Depends(get_current_user)):
-    """
-    Fetch the profile of the currently authenticated user.
-    """
     detailed_history = structure_watch_history(current_user.watch_history)
     user_public_data = UserPublic(
         username=current_user.username,
         profile_picture_url=current_user.profile_picture_url,
         watch_history_detailed=detailed_history
     )
@@ -232,10 +229,10 @@ async def upload_profile_picture(
     file: UploadFile = File(...),
     current_user: UserInDB = Depends(get_current_user)
 ):
-    """
-    Upload or update the user's profile picture.
-    """
-    file_extension = os.path.splitext(file.filename)[1]
     unique_filename = f"{uuid.uuid4()}{file_extension}"
     file_path = os.path.join(UPLOAD_DIR, unique_filename)
@@ -251,53 +248,73 @@ async def upload_profile_picture(
     detailed_history = structure_watch_history(current_user.watch_history)
     return UserPublic(
         username=current_user.username,
         profile_picture_url=current_user.profile_picture_url,
         watch_history_detailed=detailed_history
     )
-# MODIFIED: Changed from POST to GET, accepts query parameters, and adds a timestamp.
 @app.get("/users/me/watch-history", status_code=status.HTTP_200_OK, tags=["User"])
 async def update_watch_history(
-    show_id: str = Query(..., description="The unique ID of the show (e.g., from TMDB)"),
-    show_title: str = Query(..., description="The title of the show"),
-    season_number: int = Query(..., ge=0, description="The season number"),
-    episode_number: int = Query(..., ge=1, description="The episode number"),
     current_user: UserInDB = Depends(get_current_user)
 ):
-    """
-    Adds a new episode to the user's watch history via GET query parameters.
-    Includes a server-generated timestamp for when the episode was marked as watched.
-    """
     users_db = load_users()
     user_data = users_db[current_user.username]
-    # Create a unique identifier for the episode to prevent duplicates
     episode_id = f"{show_id}_{season_number}_{episode_number}"
-    # Check if this exact episode is already in the history
     is_already_watched = any(
         (f"{item.get('show_id')}_{item.get('season_number')}_{item.get('episode_number')}" == episode_id)
-        for item in user_data["watch_history"]
     )
     if not is_already_watched:
-        # Create a new entry using our Pydantic model for validation and structure
         new_entry = WatchHistoryEntry(
             show_id=show_id,
             show_title=show_title,
             season_number=season_number,
             episode_number=episode_number,
-            watch_timestamp=datetime.utcnow() # Add server-side timestamp
         )
-        # .dict() converts the model (including the datetime object) to a JSON-serializable dict
-        user_data["watch_history"].append(new_entry.dict())
         save_users(users_db)
         return {"message": "Watch history updated."}
     return {"message": "Episode already in watch history."}
 # --- Static File Serving ---
 app.mount("/uploads", StaticFiles(directory=UPLOAD_DIR), name="uploads")
 app.mount("/", StaticFiles(directory="static", html=True), name="static")

 import os
 import json
 import uuid
+import secrets
 from datetime import datetime, timedelta
 from typing import List, Dict, Optional, Any
 from fastapi import FastAPI, Depends, HTTPException, status, UploadFile, File, Query
 from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm
 from fastapi.staticfiles import StaticFiles
 class TokenData(BaseModel):
     username: Optional[str] = None
 class WatchHistoryEntry(BaseModel):
     show_id: str
     show_title: str
     season_number: int
     episode_number: int
+    watch_timestamp: datetime
 class UserBase(BaseModel):
     username: str
 class UserInDB(UserBase):
     hashed_password: str
     profile_picture_url: Optional[str] = None
     watch_history: List[Dict[str, Any]] = Field(default_factory=list)
 class UserPublic(UserBase):
     profile_picture_url: Optional[str] = None
     watch_history_detailed: Dict[str, Any] = Field(default_factory=dict)
+    email: Optional[str] = None # Added for display on settings page
+# NEW: Model for the password change request
+class PasswordChange(BaseModel):
+    current_password: str
+    new_password: str
 # --- Database Helper Functions (using JSON file) ---
 def load_users() -> Dict[str, Dict]:
     if not os.path.exists(USERS_DB_FILE):
         return {}
+    try:
+        with open(USERS_DB_FILE, "r") as f:
             return json.load(f)
+    except (json.JSONDecodeError, FileNotFoundError):
+        return {}
 def save_users(users_db: Dict[str, Dict]):
     def json_serializer(obj):
         if isinstance(obj, datetime):
             return obj.isoformat()
 # --- FastAPI App Initialization ---
 app = FastAPI(title="Media Auth API")
 app.add_middleware(
     CORSMiddleware,
     allow_origins=["*"],
     allow_headers=["*"],
 )
+# --- Helper function to structure watch history ---
 def structure_watch_history(history_list: List[Dict]) -> Dict:
     structured = {}
     sorted_history = sorted(history_list, key=lambda x: x.get("watch_timestamp", ""), reverse=True)
     for item in sorted_history:
         episode_num = item.get("episode_number")
         timestamp = item.get("watch_timestamp")
+        if not all([show_id, season_num is not None, episode_num is not None, timestamp]):
+            continue
         if show_id not in structured:
             structured[show_id] = {
                 "show_id": show_id,
                 "season_number": season_num,
                 "episodes": {}
             }
         structured[show_id]["seasons"][season_num]["episodes"][episode_num] = timestamp
     return structured
 @app.post("/token", response_model=Token, tags=["Authentication"])
 async def login_for_access_token(form_data: OAuth2PasswordRequestForm = Depends()):
     users_db = load_users()
     user_data = users_db.get(form_data.username)
+    if not user_data or not verify_password(form_data.password, user_data.get("hashed_password")):
         raise HTTPException(
             status_code=status.HTTP_401_UNAUTHORIZED,
             detail="Incorrect username or password",
 @app.post("/signup", status_code=status.HTTP_201_CREATED, tags=["Authentication"])
 async def signup_user(user: UserCreate):
     users_db = load_users()
     if user.username in users_db:
         raise HTTPException(
             detail="Username already registered",
         )
     hashed_password = get_password_hash(user.password)
+    # Using UserInDB model ensures all default fields like watch_history are present
+    new_user = UserInDB(
+        username=user.username,
+        hashed_password=hashed_password,
+        profile_picture_url=None,
+        watch_history=[]
+    )
     users_db[user.username] = new_user.dict()
     save_users(users_db)
     return {"message": "User created successfully. Please login."}
 @app.get("/users/me", response_model=UserPublic, tags=["User"])
 async def read_users_me(current_user: UserInDB = Depends(get_current_user)):
     detailed_history = structure_watch_history(current_user.watch_history)
+    # We add the email field for the UI, which is the same as the username
     user_public_data = UserPublic(
         username=current_user.username,
+        email=current_user.username,
         profile_picture_url=current_user.profile_picture_url,
         watch_history_detailed=detailed_history
     )
     file: UploadFile = File(...),
     current_user: UserInDB = Depends(get_current_user)
 ):
+    file_extension = os.path.splitext(file.filename)[1].lower()
+    if file_extension not in ['.png', '.jpg', '.jpeg', '.gif', '.webp']:
+        raise HTTPException(status_code=400, detail="Invalid file type.")
     unique_filename = f"{uuid.uuid4()}{file_extension}"
     file_path = os.path.join(UPLOAD_DIR, unique_filename)
     detailed_history = structure_watch_history(current_user.watch_history)
     return UserPublic(
         username=current_user.username,
+        email=current_user.username,
         profile_picture_url=current_user.profile_picture_url,
         watch_history_detailed=detailed_history
     )
 @app.get("/users/me/watch-history", status_code=status.HTTP_200_OK, tags=["User"])
 async def update_watch_history(
+    show_id: str = Query(...),
+    show_title: str = Query(...),
+    season_number: int = Query(..., ge=0),
+    episode_number: int = Query(..., ge=1),
     current_user: UserInDB = Depends(get_current_user)
 ):
     users_db = load_users()
     user_data = users_db[current_user.username]
     episode_id = f"{show_id}_{season_number}_{episode_number}"
     is_already_watched = any(
         (f"{item.get('show_id')}_{item.get('season_number')}_{item.get('episode_number')}" == episode_id)
+        for item in user_data.get("watch_history", [])
     )
     if not is_already_watched:
         new_entry = WatchHistoryEntry(
             show_id=show_id,
             show_title=show_title,
             season_number=season_number,
             episode_number=episode_number,
+            watch_timestamp=datetime.utcnow()
         )
+        user_data.setdefault("watch_history", []).append(new_entry.dict())
         save_users(users_db)
         return {"message": "Watch history updated."}
     return {"message": "Episode already in watch history."}
+# NEW: Endpoint for changing the user's password
+@app.post("/users/me/password", status_code=status.HTTP_200_OK, tags=["User"])
+async def change_user_password(
+    password_data: PasswordChange,
+    current_user: UserInDB = Depends(get_current_user)
+):
+    """
+    Allows an authenticated user to change their password.
+    """
+    users_db = load_users()
+    user_data = users_db[current_user.username]
+    # 1. Verify the current password is correct
+    if not verify_password(password_data.current_password, user_data["hashed_password"]):
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="Incorrect current password",
+        )
+    # 2. Hash the new password
+    new_hashed_password = get_password_hash(password_data.new_password)
+    # 3. Update the password in the database
+    user_data["hashed_password"] = new_hashed_password
+    save_users(users_db)
+    return {"message": "Password updated successfully"}
 # --- Static File Serving ---
 app.mount("/uploads", StaticFiles(directory=UPLOAD_DIR), name="uploads")
 app.mount("/", StaticFiles(directory="static", html=True), name="static")