curo/kite
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b28bb01995392dfab3f37cd68206e036e27bbfc6
kite/backend
T
History
curo1305 b28bb01995 feat(03-03): add get_regular_user dep; wire auth + ownership into /api/documents/* 
- Add get_regular_user FastAPI dep (rejects admin with 403) to deps/auth.py
- Wire Depends(get_regular_user) into all 6 /api/documents/* handlers
- upload-url: replace null-user/... object_key with str(current_user.id)/...; set user_id=current_user.id
- confirm: remove Wave 2 doc.user_id is None guard — quota runs unconditionally; add ownership assertion (404 on cross-user)
- list: filter by user_id=current_user.id via storage.list_metadata(user_id=...)
- get/delete/classify: ownership assertion (doc.user_id != current_user.id → 404)
- storage.list_metadata: add required user_id param + Document.user_id == user_id filter
- storage.delete_document: remove if doc.user_id is not None guard; use CASE WHEN for SQLite-compat quota decrement
- Tests: update existing tests to pass auth headers; implement test_cross_user_access_404, test_admin_cannot_access_documents, test_documents_require_auth; mark test_confirm_endpoint xfail(strict=False) for SQLite UUID mismatch
2026-05-23 20:05:34 +02:00
..
ai
feat(02-02): auth API endpoints + security hardening + Python 3.9 compat
2026-05-22 19:35:38 +02:00
api
feat(03-03): add get_regular_user dep; wire auth + ownership into /api/documents/*
2026-05-23 20:05:34 +02:00
db
feat(02-01): add BackupCode ORM model, password_must_change field, Alembic migration, extend Settings
2026-05-22 19:19:52 +02:00
deps
feat(03-03): add get_regular_user dep; wire auth + ownership into /api/documents/*
2026-05-23 20:05:34 +02:00
migrations
feat(03-01): create Alembic migration 0003 for multi-user isolation
2026-05-23 13:44:22 +02:00
services
feat(03-03): add get_regular_user dep; wire auth + ownership into /api/documents/*
2026-05-23 20:05:34 +02:00
storage
feat(03-02): extend StorageBackend ABC and MinIOBackend with presigned PUT and stat_object
2026-05-23 13:52:16 +02:00
tasks
feat(03-02): implement presigned upload flow, quota enforcement, cleanup task
2026-05-23 14:32:12 +02:00
tests
feat(03-03): add get_regular_user dep; wire auth + ownership into /api/documents/*
2026-05-23 20:05:34 +02:00
alembic.ini
feat(01-03): scaffold Alembic async config and author 0001_initial_schema migration
2026-05-22 09:20:49 +02:00
celery_app.py
feat(03-02): implement presigned upload flow, quota enforcement, cleanup task
2026-05-23 14:32:12 +02:00
config.py
feat(03-02): extend StorageBackend ABC and MinIOBackend with presigned PUT and stat_object
2026-05-23 13:52:16 +02:00
Dockerfile
chore: initial commit — existing single-user document scanner codebase
2026-05-22 08:53:28 +02:00
main.py
feat(02-04): implement admin API endpoints — user CRUD, quota management, AI config
2026-05-22 20:01:37 +02:00
pytest.ini
chore: initial commit — existing single-user document scanner codebase
2026-05-22 08:53:28 +02:00
requirements.txt
feat(02-01): add BackupCode ORM model, password_must_change field, Alembic migration, extend Settings
2026-05-22 19:19:52 +02:00