Fix user data endpoints to require authenticated user ID
- Add get_current_user authentication to all user data endpoints - Pass authenticated user_id from auth context to service methods - Add proper HTTPException handling for missing data - Fix user_id type from int to str in service methods - Ensure endpoints only return data for authenticated user
This commit is contained in:
@@ -1,29 +1,38 @@
|
|||||||
"""User Data API endpoints for ALwrity."""
|
"""User Data API endpoints for ALwrity."""
|
||||||
|
|
||||||
from fastapi import APIRouter, HTTPException, Depends
|
from fastapi import APIRouter, HTTPException, Depends
|
||||||
from typing import Dict, Any, Optional
|
|
||||||
from loguru import logger
|
from loguru import logger
|
||||||
|
|
||||||
from services.user_data_service import UserDataService
|
from services.user_data_service import UserDataService
|
||||||
from services.database import get_db_session
|
from services.database import get_db_session
|
||||||
|
from middleware.auth_middleware import get_current_user
|
||||||
|
|
||||||
router = APIRouter(prefix="/api/user-data", tags=["user-data"])
|
router = APIRouter(prefix="/api/user-data", tags=["user-data"])
|
||||||
|
|
||||||
@router.get("/")
|
@router.get("/")
|
||||||
async def get_user_data():
|
async def get_user_data(current_user: dict = Depends(get_current_user)):
|
||||||
"""Get comprehensive user data from onboarding."""
|
"""Get comprehensive user data from onboarding."""
|
||||||
|
db_session = None
|
||||||
try:
|
try:
|
||||||
|
user_id = str(current_user.get("id"))
|
||||||
db_session = get_db_session()
|
db_session = get_db_session()
|
||||||
if not db_session:
|
if not db_session:
|
||||||
raise HTTPException(status_code=500, detail="Database connection failed")
|
raise HTTPException(status_code=500, detail="Database connection failed")
|
||||||
|
|
||||||
user_data_service = UserDataService(db_session)
|
user_data_service = UserDataService(db_session)
|
||||||
user_data = user_data_service.get_user_onboarding_data()
|
user_data = user_data_service.get_user_onboarding_data(user_id)
|
||||||
|
|
||||||
if not user_data:
|
if not user_data:
|
||||||
return {"message": "No user data found"}
|
raise HTTPException(status_code=404, detail="No onboarding data found for user")
|
||||||
|
|
||||||
|
website_url = user_data_service.get_user_website_url(user_id)
|
||||||
|
if user_data.get("website_analysis"):
|
||||||
|
user_data["website_url"] = website_url
|
||||||
|
|
||||||
return user_data
|
return user_data
|
||||||
|
|
||||||
|
except HTTPException:
|
||||||
|
raise
|
||||||
|
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
logger.error(f"Error getting user data: {str(e)}")
|
logger.error(f"Error getting user data: {str(e)}")
|
||||||
@@ -33,20 +42,29 @@ async def get_user_data():
|
|||||||
db_session.close()
|
db_session.close()
|
||||||
|
|
||||||
@router.get("/website-url")
|
@router.get("/website-url")
|
||||||
async def get_website_url():
|
async def get_website_url(current_user: dict = Depends(get_current_user)):
|
||||||
"""Get the user's website URL from onboarding data."""
|
"""Get the user's website URL from onboarding data."""
|
||||||
|
db_session = None
|
||||||
try:
|
try:
|
||||||
|
user_id = str(current_user.get("id"))
|
||||||
db_session = get_db_session()
|
db_session = get_db_session()
|
||||||
if not db_session:
|
if not db_session:
|
||||||
raise HTTPException(status_code=500, detail="Database connection failed")
|
raise HTTPException(status_code=500, detail="Database connection failed")
|
||||||
|
|
||||||
user_data_service = UserDataService(db_session)
|
user_data_service = UserDataService(db_session)
|
||||||
website_url = user_data_service.get_user_website_url()
|
onboarding_data = user_data_service.get_user_onboarding_data(user_id)
|
||||||
|
if not onboarding_data:
|
||||||
|
raise HTTPException(status_code=404, detail="No onboarding data found for user")
|
||||||
|
|
||||||
|
website_url = user_data_service.get_user_website_url(user_id)
|
||||||
|
|
||||||
if not website_url:
|
if not website_url:
|
||||||
return {"website_url": None, "message": "No website URL found"}
|
return {"website_url": None, "message": "No website URL found"}
|
||||||
|
|
||||||
return {"website_url": website_url}
|
return {"website_url": website_url}
|
||||||
|
|
||||||
|
except HTTPException:
|
||||||
|
raise
|
||||||
|
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
logger.error(f"Error getting website URL: {str(e)}")
|
logger.error(f"Error getting website URL: {str(e)}")
|
||||||
@@ -56,24 +74,33 @@ async def get_website_url():
|
|||||||
db_session.close()
|
db_session.close()
|
||||||
|
|
||||||
@router.get("/onboarding")
|
@router.get("/onboarding")
|
||||||
async def get_onboarding_data():
|
async def get_onboarding_data(current_user: dict = Depends(get_current_user)):
|
||||||
"""Get onboarding data for the user."""
|
"""Get onboarding data for the user."""
|
||||||
|
db_session = None
|
||||||
try:
|
try:
|
||||||
|
user_id = str(current_user.get("id"))
|
||||||
db_session = get_db_session()
|
db_session = get_db_session()
|
||||||
if not db_session:
|
if not db_session:
|
||||||
raise HTTPException(status_code=500, detail="Database connection failed")
|
raise HTTPException(status_code=500, detail="Database connection failed")
|
||||||
|
|
||||||
user_data_service = UserDataService(db_session)
|
user_data_service = UserDataService(db_session)
|
||||||
onboarding_data = user_data_service.get_user_onboarding_data()
|
onboarding_data = user_data_service.get_user_onboarding_data(user_id)
|
||||||
|
|
||||||
if not onboarding_data:
|
if not onboarding_data:
|
||||||
return {"message": "No onboarding data found"}
|
raise HTTPException(status_code=404, detail="No onboarding data found for user")
|
||||||
|
|
||||||
|
website_url = user_data_service.get_user_website_url(user_id)
|
||||||
|
if onboarding_data.get("website_analysis"):
|
||||||
|
onboarding_data["website_url"] = website_url
|
||||||
|
|
||||||
return onboarding_data
|
return onboarding_data
|
||||||
|
|
||||||
|
except HTTPException:
|
||||||
|
raise
|
||||||
|
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
logger.error(f"Error getting onboarding data: {str(e)}")
|
logger.error(f"Error getting onboarding data: {str(e)}")
|
||||||
raise HTTPException(status_code=500, detail=f"Error getting onboarding data: {str(e)}")
|
raise HTTPException(status_code=500, detail=f"Error getting onboarding data: {str(e)}")
|
||||||
finally:
|
finally:
|
||||||
if db_session:
|
if db_session:
|
||||||
db_session.close()
|
db_session.close()
|
||||||
|
|||||||
@@ -17,19 +17,19 @@ class UserDataService:
|
|||||||
self.db = db_session
|
self.db = db_session
|
||||||
self.integration_service = OnboardingDataIntegrationService()
|
self.integration_service = OnboardingDataIntegrationService()
|
||||||
|
|
||||||
def get_user_website_url(self, user_id: int = 1) -> Optional[str]:
|
def get_user_website_url(self, user_id: str) -> Optional[str]:
|
||||||
"""
|
"""
|
||||||
Get the website URL for a user from their onboarding data.
|
Get the website URL for a user from their onboarding data.
|
||||||
|
|
||||||
Args:
|
Args:
|
||||||
user_id: The user ID (defaults to 1 for single-user setup)
|
user_id: The user ID
|
||||||
|
|
||||||
Returns:
|
Returns:
|
||||||
Website URL or None if not found
|
Website URL or None if not found
|
||||||
"""
|
"""
|
||||||
try:
|
try:
|
||||||
# Use SSOT integration service
|
# Use SSOT integration service
|
||||||
integrated_data = self.integration_service.get_integrated_data_sync(str(user_id), self.db)
|
integrated_data = self.integration_service.get_integrated_data_sync(user_id, self.db)
|
||||||
website_analysis = integrated_data.get('website_analysis', {})
|
website_analysis = integrated_data.get('website_analysis', {})
|
||||||
|
|
||||||
if not website_analysis:
|
if not website_analysis:
|
||||||
@@ -52,7 +52,7 @@ class UserDataService:
|
|||||||
Get comprehensive onboarding data for a user.
|
Get comprehensive onboarding data for a user.
|
||||||
|
|
||||||
Args:
|
Args:
|
||||||
user_id: The user ID (defaults to 1 for single-user setup)
|
user_id: The user ID
|
||||||
|
|
||||||
Returns:
|
Returns:
|
||||||
Dictionary with onboarding data or None if not found
|
Dictionary with onboarding data or None if not found
|
||||||
@@ -81,7 +81,7 @@ class UserDataService:
|
|||||||
Get website analysis data for a user.
|
Get website analysis data for a user.
|
||||||
|
|
||||||
Args:
|
Args:
|
||||||
user_id: The user ID (defaults to 1 for single-user setup)
|
user_id: The user ID
|
||||||
|
|
||||||
Returns:
|
Returns:
|
||||||
Website analysis data or None if not found
|
Website analysis data or None if not found
|
||||||
|
|||||||
Reference in New Issue
Block a user