arbret/backend/main.py

from contextlib import asynccontextmanager
from fastapi import FastAPI, Depends, HTTPException, Response, status
from fastapi.middleware.cors import CORSMiddleware
from sqlalchemy import select
from sqlalchemy.ext.asyncio import AsyncSession

from database import engine, get_db, Base
from models import Counter, User
from auth import (
    ACCESS_TOKEN_EXPIRE_MINUTES,
    COOKIE_NAME,
    UserCreate,
    UserLogin,
    UserResponse,
    get_password_hash,
    get_user_by_email,
    authenticate_user,
    create_access_token,
    get_current_user,
)


@asynccontextmanager
async def lifespan(app: FastAPI):
    async with engine.begin() as conn:
        await conn.run_sync(Base.metadata.create_all)
    yield


app = FastAPI(lifespan=lifespan)

app.add_middleware(
    CORSMiddleware,
    allow_origins=["http://localhost:3000"],
    allow_methods=["*"],
    allow_headers=["*"],
    allow_credentials=True,
)


def set_auth_cookie(response: Response, token: str) -> None:
    response.set_cookie(
        key=COOKIE_NAME,
        value=token,
        httponly=True,
        secure=False,  # Set to True in production with HTTPS
        samesite="lax",
        max_age=ACCESS_TOKEN_EXPIRE_MINUTES * 60,
    )


# Auth endpoints
@app.post("/api/auth/register", response_model=UserResponse)
async def register(
    user_data: UserCreate,
    response: Response,
    db: AsyncSession = Depends(get_db),
):
    existing_user = await get_user_by_email(db, user_data.email)
    if existing_user:
        raise HTTPException(
            status_code=status.HTTP_400_BAD_REQUEST,
            detail="Email already registered",
        )
    
    user = User(
        email=user_data.email,
        hashed_password=get_password_hash(user_data.password),
    )
    db.add(user)
    await db.commit()
    await db.refresh(user)
    
    access_token = create_access_token(data={"sub": str(user.id)})
    set_auth_cookie(response, access_token)
    return UserResponse(id=user.id, email=user.email)


@app.post("/api/auth/login", response_model=UserResponse)
async def login(
    user_data: UserLogin,
    response: Response,
    db: AsyncSession = Depends(get_db),
):
    user = await authenticate_user(db, user_data.email, user_data.password)
    if not user:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Incorrect email or password",
        )
    
    access_token = create_access_token(data={"sub": str(user.id)})
    set_auth_cookie(response, access_token)
    return UserResponse(id=user.id, email=user.email)


@app.post("/api/auth/logout")
async def logout(response: Response):
    response.delete_cookie(key=COOKIE_NAME)
    return {"ok": True}


@app.get("/api/auth/me", response_model=UserResponse)
async def get_me(current_user: User = Depends(get_current_user)):
    return UserResponse(id=current_user.id, email=current_user.email)


# Counter endpoints
async def get_or_create_counter(db: AsyncSession) -> Counter:
    result = await db.execute(select(Counter).where(Counter.id == 1))
    counter = result.scalar_one_or_none()
    if not counter:
        counter = Counter(id=1, value=0)
        db.add(counter)
        await db.commit()
        await db.refresh(counter)
    return counter


@app.get("/api/counter")
async def get_counter(
    db: AsyncSession = Depends(get_db),
    _current_user: User = Depends(get_current_user),
):
    counter = await get_or_create_counter(db)
    return {"value": counter.value}


@app.post("/api/counter/increment")
async def increment_counter(
    db: AsyncSession = Depends(get_db),
    _current_user: User = Depends(get_current_user),
):
    counter = await get_or_create_counter(db)
    counter.value += 1
    await db.commit()
    return {"value": counter.value}
with some tests 2025-12-18 21:48:41 +01:00			`from contextlib import asynccontextmanager`
first round of review 2025-12-18 22:24:46 +01:00			`from fastapi import FastAPI, Depends, HTTPException, Response, status`
starting 2025-12-18 21:37:28 +01:00			`from fastapi.middleware.cors import CORSMiddleware`
with some tests 2025-12-18 21:48:41 +01:00			`from sqlalchemy import select`
			`from sqlalchemy.ext.asyncio import AsyncSession`
starting 2025-12-18 21:37:28 +01:00
with some tests 2025-12-18 21:48:41 +01:00			`from database import engine, get_db, Base`
tests passing 2025-12-18 22:08:31 +01:00			`from models import Counter, User`
			`from auth import (`
first round of review 2025-12-18 22:24:46 +01:00			`ACCESS_TOKEN_EXPIRE_MINUTES,`
			`COOKIE_NAME,`
tests passing 2025-12-18 22:08:31 +01:00			`UserCreate,`
			`UserLogin,`
			`UserResponse,`
			`get_password_hash,`
			`get_user_by_email,`
			`authenticate_user,`
			`create_access_token,`
			`get_current_user,`
			`)`
with some tests 2025-12-18 21:48:41 +01:00

			`@asynccontextmanager`
			`async def lifespan(app: FastAPI):`
			`async with engine.begin() as conn:`
			`await conn.run_sync(Base.metadata.create_all)`
			`yield`


			`app = FastAPI(lifespan=lifespan)`
starting 2025-12-18 21:37:28 +01:00
			`app.add_middleware(`
			`CORSMiddleware,`
			`allow_origins=["http://localhost:3000"],`
			`allow_methods=["*"],`
			`allow_headers=["*"],`
tests passing 2025-12-18 22:08:31 +01:00			`allow_credentials=True,`
starting 2025-12-18 21:37:28 +01:00			`)`


first round of review 2025-12-18 22:24:46 +01:00			`def set_auth_cookie(response: Response, token: str) -> None:`
			`response.set_cookie(`
			`key=COOKIE_NAME,`
			`value=token,`
			`httponly=True,`
			`secure=False, # Set to True in production with HTTPS`
			`samesite="lax",`
			`max_age=ACCESS_TOKEN_EXPIRE_MINUTES * 60,`
			`)`


tests passing 2025-12-18 22:08:31 +01:00			`# Auth endpoints`
first round of review 2025-12-18 22:24:46 +01:00			`@app.post("/api/auth/register", response_model=UserResponse)`
			`async def register(`
			`user_data: UserCreate,`
			`response: Response,`
			`db: AsyncSession = Depends(get_db),`
			`):`
tests passing 2025-12-18 22:08:31 +01:00			`existing_user = await get_user_by_email(db, user_data.email)`
			`if existing_user:`
			`raise HTTPException(`
			`status_code=status.HTTP_400_BAD_REQUEST,`
			`detail="Email already registered",`
			`)`

			`user = User(`
			`email=user_data.email,`
			`hashed_password=get_password_hash(user_data.password),`
			`)`
			`db.add(user)`
			`await db.commit()`
			`await db.refresh(user)`

			`access_token = create_access_token(data={"sub": str(user.id)})`
first round of review 2025-12-18 22:24:46 +01:00			`set_auth_cookie(response, access_token)`
			`return UserResponse(id=user.id, email=user.email)`
tests passing 2025-12-18 22:08:31 +01:00

first round of review 2025-12-18 22:24:46 +01:00			`@app.post("/api/auth/login", response_model=UserResponse)`
			`async def login(`
			`user_data: UserLogin,`
			`response: Response,`
			`db: AsyncSession = Depends(get_db),`
			`):`
tests passing 2025-12-18 22:08:31 +01:00			`user = await authenticate_user(db, user_data.email, user_data.password)`
			`if not user:`
			`raise HTTPException(`
			`status_code=status.HTTP_401_UNAUTHORIZED,`
			`detail="Incorrect email or password",`
			`)`

			`access_token = create_access_token(data={"sub": str(user.id)})`
first round of review 2025-12-18 22:24:46 +01:00			`set_auth_cookie(response, access_token)`
			`return UserResponse(id=user.id, email=user.email)`


			`@app.post("/api/auth/logout")`
			`async def logout(response: Response):`
			`response.delete_cookie(key=COOKIE_NAME)`
			`return {"ok": True}`
tests passing 2025-12-18 22:08:31 +01:00

			`@app.get("/api/auth/me", response_model=UserResponse)`
			`async def get_me(current_user: User = Depends(get_current_user)):`
			`return UserResponse(id=current_user.id, email=current_user.email)`


			`# Counter endpoints`
with some tests 2025-12-18 21:48:41 +01:00			`async def get_or_create_counter(db: AsyncSession) -> Counter:`
			`result = await db.execute(select(Counter).where(Counter.id == 1))`
			`counter = result.scalar_one_or_none()`
			`if not counter:`
			`counter = Counter(id=1, value=0)`
			`db.add(counter)`
			`await db.commit()`
			`await db.refresh(counter)`
			`return counter`


			`@app.get("/api/counter")`
tests passing 2025-12-18 22:08:31 +01:00			`async def get_counter(`
			`db: AsyncSession = Depends(get_db),`
			`_current_user: User = Depends(get_current_user),`
			`):`
with some tests 2025-12-18 21:48:41 +01:00			`counter = await get_or_create_counter(db)`
			`return {"value": counter.value}`


			`@app.post("/api/counter/increment")`
tests passing 2025-12-18 22:08:31 +01:00			`async def increment_counter(`
			`db: AsyncSession = Depends(get_db),`
			`_current_user: User = Depends(get_current_user),`
			`):`
with some tests 2025-12-18 21:48:41 +01:00			`counter = await get_or_create_counter(db)`
			`counter.value += 1`
			`await db.commit()`
			`return {"value": counter.value}`
starting 2025-12-18 21:37:28 +01:00