From 16be2b21f456b0a133959897c0ba4824fb76a692 Mon Sep 17 00:00:00 2001 From: ajaysi Date: Sun, 22 Mar 2026 11:02:35 +0530 Subject: [PATCH] Fix user data endpoints to require authenticated user ID - Add get_current_user authentication to all user data endpoints - Pass authenticated user_id from auth context to service methods - Add proper HTTPException handling for missing data - Fix user_id type from int to str in service methods - Ensure endpoints only return data for authenticated user --- backend/api/user_data.py | 47 +++++++++++++++++++++------ backend/services/user_data_service.py | 10 +++--- 2 files changed, 42 insertions(+), 15 deletions(-) diff --git a/backend/api/user_data.py b/backend/api/user_data.py index 1531eb97..0c1db148 100644 --- a/backend/api/user_data.py +++ b/backend/api/user_data.py @@ -1,29 +1,38 @@ """User Data API endpoints for ALwrity.""" from fastapi import APIRouter, HTTPException, Depends -from typing import Dict, Any, Optional from loguru import logger from services.user_data_service import UserDataService from services.database import get_db_session +from middleware.auth_middleware import get_current_user router = APIRouter(prefix="/api/user-data", tags=["user-data"]) @router.get("/") -async def get_user_data(): +async def get_user_data(current_user: dict = Depends(get_current_user)): """Get comprehensive user data from onboarding.""" + db_session = None try: + user_id = str(current_user.get("id")) db_session = get_db_session() if not db_session: raise HTTPException(status_code=500, detail="Database connection failed") user_data_service = UserDataService(db_session) - user_data = user_data_service.get_user_onboarding_data() + user_data = user_data_service.get_user_onboarding_data(user_id) if not user_data: - return {"message": "No user data found"} + raise HTTPException(status_code=404, detail="No onboarding data found for user") + + website_url = user_data_service.get_user_website_url(user_id) + if user_data.get("website_analysis"): + user_data["website_url"] = website_url return user_data + + except HTTPException: + raise except Exception as e: logger.error(f"Error getting user data: {str(e)}") @@ -33,20 +42,29 @@ async def get_user_data(): db_session.close() @router.get("/website-url") -async def get_website_url(): +async def get_website_url(current_user: dict = Depends(get_current_user)): """Get the user's website URL from onboarding data.""" + db_session = None try: + user_id = str(current_user.get("id")) db_session = get_db_session() if not db_session: raise HTTPException(status_code=500, detail="Database connection failed") user_data_service = UserDataService(db_session) - website_url = user_data_service.get_user_website_url() + onboarding_data = user_data_service.get_user_onboarding_data(user_id) + if not onboarding_data: + raise HTTPException(status_code=404, detail="No onboarding data found for user") + + website_url = user_data_service.get_user_website_url(user_id) if not website_url: return {"website_url": None, "message": "No website URL found"} return {"website_url": website_url} + + except HTTPException: + raise except Exception as e: logger.error(f"Error getting website URL: {str(e)}") @@ -56,24 +74,33 @@ async def get_website_url(): db_session.close() @router.get("/onboarding") -async def get_onboarding_data(): +async def get_onboarding_data(current_user: dict = Depends(get_current_user)): """Get onboarding data for the user.""" + db_session = None try: + user_id = str(current_user.get("id")) db_session = get_db_session() if not db_session: raise HTTPException(status_code=500, detail="Database connection failed") user_data_service = UserDataService(db_session) - onboarding_data = user_data_service.get_user_onboarding_data() + onboarding_data = user_data_service.get_user_onboarding_data(user_id) if not onboarding_data: - return {"message": "No onboarding data found"} + raise HTTPException(status_code=404, detail="No onboarding data found for user") + + website_url = user_data_service.get_user_website_url(user_id) + if onboarding_data.get("website_analysis"): + onboarding_data["website_url"] = website_url return onboarding_data + + except HTTPException: + raise except Exception as e: logger.error(f"Error getting onboarding data: {str(e)}") raise HTTPException(status_code=500, detail=f"Error getting onboarding data: {str(e)}") finally: if db_session: - db_session.close() \ No newline at end of file + db_session.close() diff --git a/backend/services/user_data_service.py b/backend/services/user_data_service.py index 5f5f7957..a96616cc 100644 --- a/backend/services/user_data_service.py +++ b/backend/services/user_data_service.py @@ -17,19 +17,19 @@ class UserDataService: self.db = db_session self.integration_service = OnboardingDataIntegrationService() - def get_user_website_url(self, user_id: int = 1) -> Optional[str]: + def get_user_website_url(self, user_id: str) -> Optional[str]: """ Get the website URL for a user from their onboarding data. Args: - user_id: The user ID (defaults to 1 for single-user setup) + user_id: The user ID Returns: Website URL or None if not found """ try: # Use SSOT integration service - integrated_data = self.integration_service.get_integrated_data_sync(str(user_id), self.db) + integrated_data = self.integration_service.get_integrated_data_sync(user_id, self.db) website_analysis = integrated_data.get('website_analysis', {}) if not website_analysis: @@ -52,7 +52,7 @@ class UserDataService: Get comprehensive onboarding data for a user. Args: - user_id: The user ID (defaults to 1 for single-user setup) + user_id: The user ID Returns: Dictionary with onboarding data or None if not found @@ -81,7 +81,7 @@ class UserDataService: Get website analysis data for a user. Args: - user_id: The user ID (defaults to 1 for single-user setup) + user_id: The user ID Returns: Website analysis data or None if not found