 curo1305
|
5950a3f5c2
|
feat(03-03): wire get_current_user into /api/topics/*; add load_topics_for_user; POST /api/admin/topics
- api/topics.py: add get_current_user dep to all 5 handlers (list, create, update, delete, suggest)
- list_topics: uses load_topics_for_user (system topics + user's own) with user-scoped doc counts
- create_topic: passes user_id=current_user.id (never creates system topics via regular endpoint)
- update_topic/delete_topic: ownership assertion — system topics and other users' topics return 404
- api/admin.py: add SystemTopicCreate model + POST /api/admin/topics (user_id=NULL, admin-only)
- services/storage.py: add or_ import; load_topics_for_user (D-17); create_topic gains user_id param with namespace-scoped dedup; topic_doc_counts gains optional user_id for user-scoped counts; add load_topics_for_user to __all__
- services/classifier.py: replace load_topics with load_topics_for_user(doc.user_id); pass user_id=doc.user_id to create_topic for AI-suggested topics (D-11)
- Tests: update all topic tests to pass auth headers; implement test_topic_namespace, test_admin_create_system_topic, test_regular_user_cannot_create_system_topic, test_topics_require_auth
|
2026-05-23 20:15:44 +02:00 |
|
|
curo1305
|
1882edfff6
|
feat(02-02): auth API endpoints + security hardening + Python 3.9 compat
- backend/api/auth.py: register, login (TOTP+backup), refresh, logout,
me, change-password; per-account Redis rate limit; HIBP check
- backend/main.py: Origin validation middleware, CSP headers middleware,
CORS locked to settings.cors_origins, Redis lifespan (app.state.redis),
admin bootstrap, auth router included, slowapi SlowAPIMiddleware
- backend/services/email.py: already created in Plan 01 (verified exists)
- Python 3.9 compat: fixed match statement in ai/__init__.py,
str|None union syntax in openai_provider.py, api/documents.py,
api/topics.py, api/settings.py, services/classifier.py
All 17 tests in test_auth_api.py pass.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
2026-05-22 19:35:38 +02:00 |
|
|
curo1305
|
c1931fd566
|
feat(01-05): wire main.py lifespan+health and rewrite documents+topics to async session
- Rewrite main.py lifespan: MinIO client created at startup, docuvault bucket
auto-created if missing, stored on app.state.minio; engine.dispose() on shutdown
- Extend /health endpoint: probes PostgreSQL (SELECT 1) and MinIO (bucket_exists)
returning {"status": "ok"|"degraded", "checks": {"postgres": ..., "minio": ...}}
- Rewrite api/documents.py: all routes inject session: AsyncSession = Depends(get_db);
save_upload/save_metadata/list_metadata/get_metadata/delete_document all async;
upload handler queues extract_and_classify.delay() instead of inline classification;
/classify endpoint retains synchronous await classifier.classify_document() for
backward-compatible immediate response
- Rewrite api/topics.py: all routes inject session dependency; all storage calls
are async with session parameter; Pydantic models TopicCreate/TopicUpdate/
SuggestRequest preserved verbatim
|
2026-05-22 09:47:00 +02:00 |
|