from contextlib import asynccontextmanager from datetime import datetime from typing import List from fastapi import FastAPI, Depends, HTTPException, Response, status, Query from fastapi.middleware.cors import CORSMiddleware from pydantic import BaseModel from sqlalchemy import select, func, desc from sqlalchemy.ext.asyncio import AsyncSession from database import engine, get_db, Base from models import Counter, User, SumRecord, CounterRecord, Permission, Role from auth import ( ACCESS_TOKEN_EXPIRE_MINUTES, COOKIE_NAME, UserCreate, UserLogin, UserResponse, get_password_hash, get_user_by_email, authenticate_user, create_access_token, get_current_user, require_permission, build_user_response, ) @asynccontextmanager async def lifespan(app: FastAPI): async with engine.begin() as conn: await conn.run_sync(Base.metadata.create_all) yield app = FastAPI(lifespan=lifespan) app.add_middleware( CORSMiddleware, allow_origins=["http://localhost:3000"], allow_methods=["*"], allow_headers=["*"], allow_credentials=True, ) def set_auth_cookie(response: Response, token: str) -> None: response.set_cookie( key=COOKIE_NAME, value=token, httponly=True, secure=False, # Set to True in production with HTTPS samesite="lax", max_age=ACCESS_TOKEN_EXPIRE_MINUTES * 60, ) async def get_default_role(db: AsyncSession) -> Role | None: """Get the default 'regular' role for new users.""" result = await db.execute(select(Role).where(Role.name == "regular")) return result.scalar_one_or_none() # Auth endpoints @app.post("/api/auth/register", response_model=UserResponse) async def register( user_data: UserCreate, response: Response, db: AsyncSession = Depends(get_db), ): existing_user = await get_user_by_email(db, user_data.email) if existing_user: raise HTTPException( status_code=status.HTTP_400_BAD_REQUEST, detail="Email already registered", ) user = User( email=user_data.email, hashed_password=get_password_hash(user_data.password), ) # Assign default role if it exists default_role = await get_default_role(db) if default_role: user.roles.append(default_role) db.add(user) await db.commit() await db.refresh(user) access_token = create_access_token(data={"sub": str(user.id)}) set_auth_cookie(response, access_token) return await build_user_response(user, db) @app.post("/api/auth/login", response_model=UserResponse) async def login( user_data: UserLogin, response: Response, db: AsyncSession = Depends(get_db), ): user = await authenticate_user(db, user_data.email, user_data.password) if not user: raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Incorrect email or password", ) access_token = create_access_token(data={"sub": str(user.id)}) set_auth_cookie(response, access_token) return await build_user_response(user, db) @app.post("/api/auth/logout") async def logout(response: Response): response.delete_cookie(key=COOKIE_NAME) return {"ok": True} @app.get("/api/auth/me", response_model=UserResponse) async def get_me( current_user: User = Depends(get_current_user), db: AsyncSession = Depends(get_db), ): return await build_user_response(current_user, db) # Counter endpoints async def get_or_create_counter(db: AsyncSession) -> Counter: result = await db.execute(select(Counter).where(Counter.id == 1)) counter = result.scalar_one_or_none() if not counter: counter = Counter(id=1, value=0) db.add(counter) await db.commit() await db.refresh(counter) return counter @app.get("/api/counter") async def get_counter( db: AsyncSession = Depends(get_db), _current_user: User = Depends(require_permission(Permission.VIEW_COUNTER)), ): counter = await get_or_create_counter(db) return {"value": counter.value} @app.post("/api/counter/increment") async def increment_counter( db: AsyncSession = Depends(get_db), current_user: User = Depends(require_permission(Permission.INCREMENT_COUNTER)), ): counter = await get_or_create_counter(db) value_before = counter.value counter.value += 1 record = CounterRecord( user_id=current_user.id, value_before=value_before, value_after=counter.value, ) db.add(record) await db.commit() return {"value": counter.value} # Sum endpoints class SumRequest(BaseModel): a: float b: float class SumResponse(BaseModel): a: float b: float result: float @app.post("/api/sum", response_model=SumResponse) async def calculate_sum( data: SumRequest, db: AsyncSession = Depends(get_db), current_user: User = Depends(require_permission(Permission.USE_SUM)), ): result = data.a + data.b record = SumRecord( user_id=current_user.id, a=data.a, b=data.b, result=result, ) db.add(record) await db.commit() return SumResponse(a=data.a, b=data.b, result=result) # Audit endpoints class CounterRecordResponse(BaseModel): id: int user_email: str value_before: int value_after: int created_at: datetime class SumRecordResponse(BaseModel): id: int user_email: str a: float b: float result: float created_at: datetime class PaginatedCounterRecords(BaseModel): records: List[CounterRecordResponse] total: int page: int per_page: int total_pages: int class PaginatedSumRecords(BaseModel): records: List[SumRecordResponse] total: int page: int per_page: int total_pages: int @app.get("/api/audit/counter", response_model=PaginatedCounterRecords) async def get_counter_records( page: int = Query(1, ge=1), per_page: int = Query(10, ge=1, le=100), db: AsyncSession = Depends(get_db), _current_user: User = Depends(require_permission(Permission.VIEW_AUDIT)), ): # Get total count count_result = await db.execute(select(func.count(CounterRecord.id))) total = count_result.scalar() or 0 total_pages = (total + per_page - 1) // per_page if total > 0 else 1 # Get paginated records with user email offset = (page - 1) * per_page query = ( select(CounterRecord, User.email) .join(User, CounterRecord.user_id == User.id) .order_by(desc(CounterRecord.created_at)) .offset(offset) .limit(per_page) ) result = await db.execute(query) rows = result.all() records = [ CounterRecordResponse( id=record.id, user_email=email, value_before=record.value_before, value_after=record.value_after, created_at=record.created_at, ) for record, email in rows ] return PaginatedCounterRecords( records=records, total=total, page=page, per_page=per_page, total_pages=total_pages, ) @app.get("/api/audit/sum", response_model=PaginatedSumRecords) async def get_sum_records( page: int = Query(1, ge=1), per_page: int = Query(10, ge=1, le=100), db: AsyncSession = Depends(get_db), _current_user: User = Depends(require_permission(Permission.VIEW_AUDIT)), ): # Get total count count_result = await db.execute(select(func.count(SumRecord.id))) total = count_result.scalar() or 0 total_pages = (total + per_page - 1) // per_page if total > 0 else 1 # Get paginated records with user email offset = (page - 1) * per_page query = ( select(SumRecord, User.email) .join(User, SumRecord.user_id == User.id) .order_by(desc(SumRecord.created_at)) .offset(offset) .limit(per_page) ) result = await db.execute(query) rows = result.all() records = [ SumRecordResponse( id=record.id, user_email=email, a=record.a, b=record.b, result=record.result, created_at=record.created_at, ) for record, email in rows ] return PaginatedSumRecords( records=records, total=total, page=page, per_page=per_page, total_pages=total_pages, )