Sync from GitHub via hub-sync

api/router.py

@@ -1,6 +1,6 @@
 from fastapi import APIRouter
 
-from api.v1 import analyze, auth, health, history, report
+from api.v1 import analyze, auth, health, history, report, stats
 
 api_router = APIRouter(prefix="/api/v1")
 api_router.include_router(health.router)
@@ -9,3 +9,4 @@ api_router.include_router(analyze.jobs_router)  # Phase 19.3
 api_router.include_router(report.router)
 api_router.include_router(auth.router)
 api_router.include_router(history.router)
+api_router.include_router(stats.router)

api/v1/analyze.py

@@ -259,9 +259,7 @@ async def analyze_image(
         media_type="image",
         verdict=label,
         authenticity_score=float(score),
-        result_json=json.dumps(resp.model_dump(
-            exclude={"explainability": {"heatmap_base64", "ela_base64", "boxes_base64"}}
-        )),
+        result_json=json.dumps(resp.model_dump()),
         media_hash=media_hash,
         media_path=media_path,
         thumbnail_url=thumbnail_url,
@@ -526,8 +524,13 @@ async def analyze_text_endpoint(
     # lower confidence, but should not give a high floor when classifier is very fake.
     manip_penalty = min(len(manip) * 5, 30)
     raw_score = (1.0 - effective_fake_prob) * 100.0
-    heuristic_score = max(0, 100 - sens.score) * 0.60 + max(0, 100 - manip_penalty) * 0.40
-    weighted = raw_score * 0.90 + heuristic_score * 0.10
+    
+    if lang == "en":
+        heuristic_score = max(0, 100 - sens.score) * 0.60 + max(0, 100 - manip_penalty) * 0.40
+        weighted = raw_score * 0.90 + heuristic_score * 0.10
+    else:
+        weighted = raw_score
+
     score = int(round(max(0.0, min(100.0, weighted))))
     label, severity = get_verdict_label(score)
     duration_ms = int((time.perf_counter() - start) * 1000)
@@ -685,12 +688,18 @@ async def analyze_screenshot_endpoint(
     manip_penalty = min(len(manip) * 5, 30)
     layout_penalty = min(len(layout) * 5, 15)
     raw_score = (1.0 - effective_fake_prob) * 100.0
-    heuristic_score = (
-        max(0, 100 - sens.score) * 0.45
-        + max(0, 100 - manip_penalty) * 0.35
-        + max(0, 100 - layout_penalty) * 0.20
-    )
-    weighted = raw_score * 0.90 + heuristic_score * 0.10
+    
+    if lang == "en":
+        heuristic_score = (
+            max(0, 100 - sens.score) * 0.45
+            + max(0, 100 - manip_penalty) * 0.35
+            + max(0, 100 - layout_penalty) * 0.20
+        )
+        weighted = raw_score * 0.90 + heuristic_score * 0.10
+    else:
+        layout_heuristic = max(0, 100 - layout_penalty)
+        weighted = raw_score * 0.90 + layout_heuristic * 0.10
+
     if not full_text.strip():
         weighted = 50
     score = int(round(max(0.0, min(100.0, weighted))))

api/v1/report.py

@@ -16,13 +16,21 @@ from services.report_service import cleanup_expired, create_report_row, generate
 router = APIRouter(prefix="/report", tags=["report"])
 
 
-def _assert_record_access(record: AnalysisRecord, user: User | None) -> None:
+def _assert_record_access(record: AnalysisRecord, user: User | None, token: str | None = None) -> None:
     """Phase 15.1 — allow access if the requester owns the record, or if the record
-    is anonymous (user_id is None). Everything else is 403."""
-    if record.user_id is None:
-        return
+    is anonymous (user_id is None) AND they provide the correct UUID token. Everything else is 403."""
     if user is not None and record.user_id == user.id:
         return
+    if record.user_id is None:
+        if not token:
+            raise HTTPException(status.HTTP_403_FORBIDDEN, "Anonymous reports require a token")
+        try:
+            import json
+            data = json.loads(record.result_json)
+            if data.get("analysis_id") == token:
+                return
+        except Exception:
+            pass
     raise HTTPException(status.HTTP_403_FORBIDDEN, "You do not own this analysis")
 
 
@@ -32,6 +40,7 @@ def _assert_record_access(record: AnalysisRecord, user: User | None) -> None:
 def generate(
     request: Request,
     analysis_id: int,
+    token: str | None = Query(None),
     db: Session = Depends(get_db),
     user: User | None = Depends(optional_current_user),
 ):
@@ -39,7 +48,7 @@ def generate(
     if not record:
         raise HTTPException(status_code=404, detail="analysis not found")
 
-    _assert_record_access(record, user)
+    _assert_record_access(record, user, token)
 
     existing = db.query(Report).filter(Report.analysis_id == analysis_id).first()
     if existing and Path(existing.file_path).exists():
@@ -70,13 +79,14 @@ def generate(
 def download(
     request: Request,
     analysis_id: int,
+    token: str | None = Query(None),
     db: Session = Depends(get_db),
     user: User | None = Depends(optional_current_user),
 ):
     record = db.query(AnalysisRecord).filter(AnalysisRecord.id == analysis_id).first()
     if not record:
         raise HTTPException(status_code=404, detail="analysis not found")
-    _assert_record_access(record, user)
+    _assert_record_access(record, user, token)
 
     row = db.query(Report).filter(Report.analysis_id == analysis_id).first()
     if not row:

api/v1/stats.py

@@ -0,0 +1,16 @@
+from datetime import datetime, timedelta
+from fastapi import APIRouter, Depends
+from sqlalchemy.orm import Session
+from sqlalchemy import func
+
+from db.database import get_db
+from db.models import AnalysisRecord
+
+router = APIRouter(prefix="/stats", tags=["stats"])
+
+@router.get("/recent")
+def get_recent_stats(db: Session = Depends(get_db)):
+    """Phase 20.4 — Live Engagement Counter."""
+    twenty_four_hours_ago = datetime.utcnow() - timedelta(hours=24)
+    count = db.query(func.count(AnalysisRecord.id)).filter(AnalysisRecord.created_at >= twenty_four_hours_ago).scalar()
+    return {"count_24h": count or 0}

requirements.txt

@@ -66,4 +66,4 @@ ffmpeg-python==0.2.0   # Python wrapper for ffmpeg subprocess (audio extraction)
 
 asyncpg
 psycopg2-binary
-alembic
+alembicslowapi==0.1.9

services/report_service.py

@@ -76,9 +76,10 @@ def _extract_llm_summary(analysis_json: dict) -> dict | None:
 
 
 def render_html(analysis_json: dict) -> str:
-    score = analysis_json.get("verdict", {}).get("authenticity_score", 50)
-    sc = _score_class(score)
-    donut_b64 = _make_donut_chart(score, sc)
+    auth_score = analysis_json.get("verdict", {}).get("authenticity_score", 50)
+    fake_score = 100 - auth_score
+    sc = _score_class(auth_score)
+    donut_b64 = _make_donut_chart(fake_score, sc)
     llm_summary = _extract_llm_summary(analysis_json)
     expl: dict[str, Any] = analysis_json.get("explainability") or {}
 
@@ -96,6 +97,7 @@ def render_html(analysis_json: dict) -> str:
             "AI-based analysis may not be 100% accurate.",
         ),
         score_class=sc,
+        fake_score=fake_score,
         generated_at=datetime.now(timezone.utc).strftime("%Y-%m-%d %H:%M UTC"),
         donut_b64=donut_b64,
         llm_summary=llm_summary,
@@ -134,11 +136,11 @@ def _fallback_pdf(record: AnalysisRecord, analysis_json: dict, out_path: Path) -
         Paragraph("DeepShield Analysis Report", styles["Title"]),
         Paragraph(f"Record #{record.id} · {analysis_json.get('media_type', record.media_type)}", styles["Normal"]),
         Spacer(1, 8),
-        Paragraph("Verdict", styles["Heading2"]),
+        Paragraph("Deepfake Probability", styles["Heading2"]),
         Table(
             [
                 ["Label", verdict.get("label", record.verdict)],
-                ["Authenticity score", f"{verdict.get('authenticity_score', record.authenticity_score)}/100"],
+                ["Deepfake probability", f"{100 - verdict.get('authenticity_score', record.authenticity_score)}/100"],
                 ["Model label", verdict.get("model_label", "")],
                 ["Model confidence", f"{float(verdict.get('model_confidence', 0.0)):.3f}"],
             ],
@@ -147,6 +149,14 @@ def _fallback_pdf(record: AnalysisRecord, analysis_json: dict, out_path: Path) -
         Spacer(1, 8),
     ]
 
+    llm_summary = _extract_llm_summary(analysis_json)
+    if llm_summary and llm_summary.get("paragraph"):
+        story.extend([
+            Paragraph("AI Explanation", styles["Heading2"]),
+            Paragraph(llm_summary["paragraph"], styles["Normal"]),
+            Spacer(1, 8),
+        ])
+
     exif = expl.get("exif") or {}
     if exif:
         story.extend([

templates/report.html

@@ -84,11 +84,11 @@
   </table>
 
   {# ── Verdict ── #}
-  <h2>Verdict</h2>
+  <h2>Deepfake Probability</h2>
   <table class="verdict-table">
     <tr>
       <td class="verdict-score-cell">
-        <div class="score-num score {{ score_class }}">{{ verdict.authenticity_score }}</div>
+        <div class="score-num score {{ score_class }}">{{ fake_score }}</div>
         <div class="score-denom">/ 100</div>
       </td>
       <td class="verdict-detail-cell">
@@ -206,7 +206,7 @@
         <td><b>{{ sc2 }}</b>/100</td>
         <td>
           <span class="vlm-score-bar-wrap">
-            <span class="vlm-score-bar {{ bar_cls }}" style="width:{{ sc2 }}%;display:block;"></span>
+            <span class="vlm-score-bar {{ bar_cls }}" style="display: block; width: {{ sc2 }}%;"></span>
           </span>
         </td>
         <td class="muted">{{ comp.notes if comp else '' }}</td>