Fix user data endpoints to require authenticated user ID

- Add get_current_user authentication to all user data endpoints
- Pass authenticated user_id from auth context to service methods
- Add proper HTTPException handling for missing data
- Fix user_id type from int to str in service methods
- Ensure endpoints only return data for authenticated user
This commit is contained in:
ajaysi
2026-03-22 11:02:35 +05:30
parent 1a2ec68095
commit 16be2b21f4
2 changed files with 42 additions and 15 deletions

View File

@@ -1,30 +1,39 @@
"""User Data API endpoints for ALwrity.""" """User Data API endpoints for ALwrity."""
from fastapi import APIRouter, HTTPException, Depends from fastapi import APIRouter, HTTPException, Depends
from typing import Dict, Any, Optional
from loguru import logger from loguru import logger
from services.user_data_service import UserDataService from services.user_data_service import UserDataService
from services.database import get_db_session from services.database import get_db_session
from middleware.auth_middleware import get_current_user
router = APIRouter(prefix="/api/user-data", tags=["user-data"]) router = APIRouter(prefix="/api/user-data", tags=["user-data"])
@router.get("/") @router.get("/")
async def get_user_data(): async def get_user_data(current_user: dict = Depends(get_current_user)):
"""Get comprehensive user data from onboarding.""" """Get comprehensive user data from onboarding."""
db_session = None
try: try:
user_id = str(current_user.get("id"))
db_session = get_db_session() db_session = get_db_session()
if not db_session: if not db_session:
raise HTTPException(status_code=500, detail="Database connection failed") raise HTTPException(status_code=500, detail="Database connection failed")
user_data_service = UserDataService(db_session) user_data_service = UserDataService(db_session)
user_data = user_data_service.get_user_onboarding_data() user_data = user_data_service.get_user_onboarding_data(user_id)
if not user_data: if not user_data:
return {"message": "No user data found"} raise HTTPException(status_code=404, detail="No onboarding data found for user")
website_url = user_data_service.get_user_website_url(user_id)
if user_data.get("website_analysis"):
user_data["website_url"] = website_url
return user_data return user_data
except HTTPException:
raise
except Exception as e: except Exception as e:
logger.error(f"Error getting user data: {str(e)}") logger.error(f"Error getting user data: {str(e)}")
raise HTTPException(status_code=500, detail=f"Error getting user data: {str(e)}") raise HTTPException(status_code=500, detail=f"Error getting user data: {str(e)}")
@@ -33,21 +42,30 @@ async def get_user_data():
db_session.close() db_session.close()
@router.get("/website-url") @router.get("/website-url")
async def get_website_url(): async def get_website_url(current_user: dict = Depends(get_current_user)):
"""Get the user's website URL from onboarding data.""" """Get the user's website URL from onboarding data."""
db_session = None
try: try:
user_id = str(current_user.get("id"))
db_session = get_db_session() db_session = get_db_session()
if not db_session: if not db_session:
raise HTTPException(status_code=500, detail="Database connection failed") raise HTTPException(status_code=500, detail="Database connection failed")
user_data_service = UserDataService(db_session) user_data_service = UserDataService(db_session)
website_url = user_data_service.get_user_website_url() onboarding_data = user_data_service.get_user_onboarding_data(user_id)
if not onboarding_data:
raise HTTPException(status_code=404, detail="No onboarding data found for user")
website_url = user_data_service.get_user_website_url(user_id)
if not website_url: if not website_url:
return {"website_url": None, "message": "No website URL found"} return {"website_url": None, "message": "No website URL found"}
return {"website_url": website_url} return {"website_url": website_url}
except HTTPException:
raise
except Exception as e: except Exception as e:
logger.error(f"Error getting website URL: {str(e)}") logger.error(f"Error getting website URL: {str(e)}")
raise HTTPException(status_code=500, detail=f"Error getting website URL: {str(e)}") raise HTTPException(status_code=500, detail=f"Error getting website URL: {str(e)}")
@@ -56,21 +74,30 @@ async def get_website_url():
db_session.close() db_session.close()
@router.get("/onboarding") @router.get("/onboarding")
async def get_onboarding_data(): async def get_onboarding_data(current_user: dict = Depends(get_current_user)):
"""Get onboarding data for the user.""" """Get onboarding data for the user."""
db_session = None
try: try:
user_id = str(current_user.get("id"))
db_session = get_db_session() db_session = get_db_session()
if not db_session: if not db_session:
raise HTTPException(status_code=500, detail="Database connection failed") raise HTTPException(status_code=500, detail="Database connection failed")
user_data_service = UserDataService(db_session) user_data_service = UserDataService(db_session)
onboarding_data = user_data_service.get_user_onboarding_data() onboarding_data = user_data_service.get_user_onboarding_data(user_id)
if not onboarding_data: if not onboarding_data:
return {"message": "No onboarding data found"} raise HTTPException(status_code=404, detail="No onboarding data found for user")
website_url = user_data_service.get_user_website_url(user_id)
if onboarding_data.get("website_analysis"):
onboarding_data["website_url"] = website_url
return onboarding_data return onboarding_data
except HTTPException:
raise
except Exception as e: except Exception as e:
logger.error(f"Error getting onboarding data: {str(e)}") logger.error(f"Error getting onboarding data: {str(e)}")
raise HTTPException(status_code=500, detail=f"Error getting onboarding data: {str(e)}") raise HTTPException(status_code=500, detail=f"Error getting onboarding data: {str(e)}")

View File

@@ -17,19 +17,19 @@ class UserDataService:
self.db = db_session self.db = db_session
self.integration_service = OnboardingDataIntegrationService() self.integration_service = OnboardingDataIntegrationService()
def get_user_website_url(self, user_id: int = 1) -> Optional[str]: def get_user_website_url(self, user_id: str) -> Optional[str]:
""" """
Get the website URL for a user from their onboarding data. Get the website URL for a user from their onboarding data.
Args: Args:
user_id: The user ID (defaults to 1 for single-user setup) user_id: The user ID
Returns: Returns:
Website URL or None if not found Website URL or None if not found
""" """
try: try:
# Use SSOT integration service # Use SSOT integration service
integrated_data = self.integration_service.get_integrated_data_sync(str(user_id), self.db) integrated_data = self.integration_service.get_integrated_data_sync(user_id, self.db)
website_analysis = integrated_data.get('website_analysis', {}) website_analysis = integrated_data.get('website_analysis', {})
if not website_analysis: if not website_analysis:
@@ -52,7 +52,7 @@ class UserDataService:
Get comprehensive onboarding data for a user. Get comprehensive onboarding data for a user.
Args: Args:
user_id: The user ID (defaults to 1 for single-user setup) user_id: The user ID
Returns: Returns:
Dictionary with onboarding data or None if not found Dictionary with onboarding data or None if not found
@@ -81,7 +81,7 @@ class UserDataService:
Get website analysis data for a user. Get website analysis data for a user.
Args: Args:
user_id: The user ID (defaults to 1 for single-user setup) user_id: The user ID
Returns: Returns:
Website analysis data or None if not found Website analysis data or None if not found