fix: credit tracking, voice clone TTL, avatar upload ui, asset serving fallback, OAuth encryption, free plan video renders, backlink outreach sprint

backend/routers/backlink_outreach.py

@@ -1,47 +1,97 @@
-"""Backlink outreach router."""
+"""Backlink outreach router with Clerk auth."""
 
-from fastapi import APIRouter, Query, HTTPException
+from typing import Dict, Any
+from fastapi import APIRouter, Depends, Query, HTTPException
+from fastapi.responses import Response
 
 from services.backlink_outreach_models import (
     BacklinkDiscoveryResponse, BacklinkKeywordInput, DeepKeywordInput,
     LeadCreateRequest, LeadStatusUpdateRequest,
     PolicyValidationRequest, PolicyValidationResponse,
+    SendOutreachRequest, SendOutreachResponse,
+    OutreachAttemptListResponse, OutreachAttemptRecord,
+    OutreachReplyListResponse, OutreachReplyRecord,
+    ScheduleFollowUpRequest, FollowUpScheduleRecord,
+    EmailTemplateRequest, EmailTemplateRecord,
+    GenerateEmailRequest, GeneratedEmailResponse,
+    PersonalizeEmailRequest, SubjectLinesRequest, SubjectLinesResponse,
+    FollowUpRequest,
+    BacklinkReportingSnapshot,
+    CampaignAnalyticsResponse, CampaignVolumeResponse,
+    ConversionFunnelResponse, BulkStatusUpdateRequest, BulkStatusUpdateResponse,
+    SuppressionAddRequest,
 )
 from services.backlink_outreach_service import backlink_outreach_service
 from services.backlink_outreach_storage import BacklinkOutreachStorageService
+from services.backlink_outreach_sender import backlink_outreach_sender
+from services.backlink_outreach_reply_monitor import backlink_outreach_reply_monitor
+from services.backlink_outreach_template_generator import (
+    generate_outreach_email,
+    generate_personalized_email,
+    generate_subject_lines,
+    generate_follow_up,
+)
+from middleware.auth_middleware import get_current_user
 from pydantic import BaseModel, Field
 
 router = APIRouter(prefix="/api/backlink-outreach", tags=["backlink-outreach"])
 
 
 class BacklinkCampaignCreateRequest(BaseModel):
-    user_id: str = Field(..., min_length=1)
     workspace_id: str = Field(..., min_length=1)
     name: str = Field(..., min_length=3)
 
 
+def _resolve_user_id(current_user: Dict[str, Any]) -> str:
+    return current_user.get("id") or current_user.get("clerk_user_id") or "default"
+
+
+# -- Auth-Required Endpoints --
+
 @router.get("/modules")
-async def get_backlink_module_registry():
+async def get_backlink_module_registry(
+    current_user: Dict[str, Any] = Depends(get_current_user),
+):
     return {"feature": "backlink_outreach", "modules": backlink_outreach_service.list_backlink_modules()}
 
 
 @router.get("/query-templates")
-async def get_backlink_query_templates(keyword: str = Query(..., min_length=1)):
+async def get_backlink_query_templates(
+    keyword: str = Query(..., min_length=1),
+    current_user: Dict[str, Any] = Depends(get_current_user),
+):
     return {"keyword": keyword, "queries": backlink_outreach_service.generate_guest_post_queries(keyword)}
 
 
 @router.post("/discover", response_model=BacklinkDiscoveryResponse)
-async def discover_backlink_opportunities(payload: BacklinkKeywordInput):
+async def discover_backlink_opportunities(
+    payload: BacklinkKeywordInput,
+    current_user: Dict[str, Any] = Depends(get_current_user),
+):
     return backlink_outreach_service.discover_opportunities(payload.keyword, payload.max_results)
 
 
+@router.get("/migration-coverage")
+async def get_backlink_migration_coverage(
+    current_user: Dict[str, Any] = Depends(get_current_user),
+):
+    return backlink_outreach_service.get_migration_coverage()
+
+
+# -- Auth-Required Endpoints --
+
 @router.post("/discover/deep")
-async def discover_deep_backlink_opportunities(payload: DeepKeywordInput):
+async def discover_deep_backlink_opportunities(
+    payload: DeepKeywordInput,
+    current_user: Dict[str, Any] = Depends(get_current_user),
+):
     """Enhanced discovery using Exa neural search + DuckDuckGo with full-page scraping."""
+    user_id = _resolve_user_id(current_user)
     result = await backlink_outreach_service.deep_discover(payload.keyword, payload.max_results)
     if payload.campaign_id:
         storage = BacklinkOutreachStorageService()
-        user_id = "default"
+        saved = 0
+        save_failed = 0
         for opp in result.get("opportunities", []):
             try:
                 storage.add_lead(
@@ -55,26 +105,42 @@ async def discover_deep_backlink_opportunities(payload: DeepKeywordInput):
                     confidence_score=opp.get("confidence_score", 0.0),
                     discovery_source=opp.get("discovery_source", "duckduckgo"),
                 )
+                saved += 1
             except Exception:
-                continue
+                save_failed += 1
+        result["saved_to_campaign"] = saved
+        result["save_failed"] = save_failed
     return result
 
 
 @router.post("/campaigns")
-async def create_backlink_campaign(payload: BacklinkCampaignCreateRequest):
+async def create_backlink_campaign(
+    payload: BacklinkCampaignCreateRequest,
+    current_user: Dict[str, Any] = Depends(get_current_user),
+):
+    user_id = _resolve_user_id(current_user)
     storage = BacklinkOutreachStorageService()
-    return storage.create_campaign(payload.user_id, payload.workspace_id, payload.name)
+    return storage.create_campaign(user_id, payload.workspace_id, payload.name)
 
 
 @router.get("/campaigns")
-async def list_backlink_campaigns(user_id: str, workspace_id: str, limit: int = 50):
+async def list_backlink_campaigns(
+    workspace_id: str = Query(None),
+    limit: int = 50,
+    current_user: Dict[str, Any] = Depends(get_current_user),
+):
+    user_id = _resolve_user_id(current_user)
     storage = BacklinkOutreachStorageService()
-    return {"campaigns": storage.list_campaigns(user_id, workspace_id, limit)}
+    return {"campaigns": storage.list_campaigns(user_id, workspace_id or user_id, limit)}
 
 
 @router.get("/campaigns/{campaign_id}")
-async def get_backlink_campaign(campaign_id: str, user_id: str = Query(...)):
+async def get_backlink_campaign(
+    campaign_id: str,
+    current_user: Dict[str, Any] = Depends(get_current_user),
+):
     """Get campaign detail with leads."""
+    user_id = _resolve_user_id(current_user)
     storage = BacklinkOutreachStorageService()
     campaign = storage.get_campaign(campaign_id, user_id)
     if not campaign:
@@ -84,22 +150,30 @@ async def get_backlink_campaign(campaign_id: str, user_id: str = Query(...)):
 
 @router.get("/campaigns/{campaign_id}/leads")
 async def list_campaign_leads(
-    campaign_id: str, user_id: str = Query(...), status: str = Query(None)
+    campaign_id: str,
+    status: str = Query(None),
+    current_user: Dict[str, Any] = Depends(get_current_user),
 ):
     """List leads for a campaign, optionally filtered by status."""
+    user_id = _resolve_user_id(current_user)
     storage = BacklinkOutreachStorageService()
     leads = storage.list_leads(campaign_id, user_id, status=status or None)
     return {"leads": leads, "total": len(leads)}
 
 
 @router.post("/campaigns/{campaign_id}/leads")
-async def add_campaign_lead(campaign_id: str, payload: LeadCreateRequest):
+async def add_campaign_lead(
+    campaign_id: str,
+    payload: LeadCreateRequest,
+    current_user: Dict[str, Any] = Depends(get_current_user),
+):
     """Add a single lead to a campaign."""
+    user_id = _resolve_user_id(current_user)
     storage = BacklinkOutreachStorageService()
     try:
         lead = storage.add_lead(
-            campaign_id=payload.campaign_id,
-            user_id="default",
+            campaign_id=campaign_id,
+            user_id=user_id,
             url=payload.url,
             domain=payload.domain,
             page_title=payload.page_title or "",
@@ -110,29 +184,480 @@ async def add_campaign_lead(campaign_id: str, payload: LeadCreateRequest):
         )
         return lead
     except Exception as e:
-        raise HTTPException(status_code=500, detail=str(e))
+        raise HTTPException(status_code=500, detail="Failed to add lead")
+
+
+@router.post("/leads/bulk-status", response_model=BulkStatusUpdateResponse)
+async def bulk_update_lead_status(
+    payload: BulkStatusUpdateRequest,
+    current_user: Dict[str, Any] = Depends(get_current_user),
+):
+    """Bulk update lead statuses."""
+    user_id = _resolve_user_id(current_user)
+    storage = BacklinkOutreachStorageService()
+    updated = 0
+    failed: list[str] = []
+    for lid in payload.lead_ids:
+        try:
+            lead = storage.update_lead_status(lid, user_id, payload.status, payload.notes)
+            if lead:
+                updated += 1
+            else:
+                failed.append(lid)
+        except Exception:
+            failed.append(lid)
+    return BulkStatusUpdateResponse(updated=updated, failed=failed)
 
 
 @router.patch("/leads/{lead_id}/status")
-async def update_lead_status(lead_id: str, payload: LeadStatusUpdateRequest):
+async def update_lead_status(
+    lead_id: str,
+    payload: LeadStatusUpdateRequest,
+    current_user: Dict[str, Any] = Depends(get_current_user),
+):
     """Update lead status (discovered -> contacted -> replied -> placed)."""
+    user_id = _resolve_user_id(current_user)
     storage = BacklinkOutreachStorageService()
-    lead = storage.update_lead_status(lead_id, "default", payload.status, payload.notes)
+    lead = storage.update_lead_status(lead_id, user_id, payload.status, payload.notes)
     if not lead:
         raise HTTPException(status_code=404, detail="Lead not found")
     return lead
 
 
 @router.post("/policy-validate", response_model=PolicyValidationResponse)
-async def validate_outreach_policy(payload: PolicyValidationRequest):
+async def validate_outreach_policy(
+    payload: PolicyValidationRequest,
+    current_user: Dict[str, Any] = Depends(get_current_user),
+):
     return backlink_outreach_service.validate_send_policy(payload)
 
 
-@router.get("/reporting")
-async def get_backlink_reporting_snapshot():
-    return backlink_outreach_service.get_reporting_snapshot()
+@router.get("/reporting", response_model=BacklinkReportingSnapshot)
+async def get_backlink_reporting_snapshot(
+    current_user: Dict[str, Any] = Depends(get_current_user),
+):
+    user_id = _resolve_user_id(current_user)
+    return backlink_outreach_service.get_reporting_snapshot(user_id=user_id)
 
 
-@router.get("/migration-coverage")
-async def get_backlink_migration_coverage():
-    return backlink_outreach_service.get_migration_coverage()
+# -- Outreach Attempts --
+
+@router.post("/send-outreach", response_model=SendOutreachResponse)
+async def send_outreach(
+    payload: SendOutreachRequest,
+    current_user: Dict[str, Any] = Depends(get_current_user),
+):
+    """Validate policy, record attempt, personalize, and send email."""
+    user_id = _resolve_user_id(current_user)
+    storage = BacklinkOutreachStorageService()
+    subject = payload.subject
+    body = payload.body
+
+    if payload.template_id:
+        tmpl = storage.get_template(payload.template_id, user_id)
+        if tmpl:
+            variables = payload.template_variables or {}
+            subject = backlink_outreach_sender.personalize(tmpl.get("subject_template", subject), variables)
+            body = backlink_outreach_sender.personalize(tmpl.get("body_template", body), variables)
+
+    result = backlink_outreach_service.send_outreach(
+        SendOutreachRequest(
+            lead_id=payload.lead_id,
+            campaign_id=payload.campaign_id,
+            user_id=user_id,
+            workspace_id=payload.workspace_id,
+            sender_email=payload.sender_email,
+            subject=subject,
+            body=body,
+            idempotency_key=payload.idempotency_key,
+        )
+    )
+
+    lead_email = ""
+    if result.attempt_id:
+        lead = storage.get_lead(payload.lead_id, user_id=user_id)
+        lead_email = (lead.get("email") or "") if lead else ""
+
+    if result.policy_allowed and lead_email:
+        sent = await backlink_outreach_sender.send_email(
+            to_email=lead_email,
+            subject=subject,
+            body=body,
+        )
+        status = "sent" if sent else "failed"
+        storage.update_attempt_status(result.attempt_id, status, user_id=user_id)
+        result.status = status
+        if sent:
+            storage.mark_idempotency(payload.idempotency_key, user_id)
+            storage.increment_user_send_counter(user_id)
+            domain = lead_email.split("@")[-1] if "@" in lead_email else "unknown"
+            storage.increment_domain_send_counter(domain, user_id=user_id)
+    elif result.policy_allowed and not lead_email:
+        storage.update_attempt_status(result.attempt_id, "failed", user_id=user_id)
+        result.status = "failed"
+        result.policy_reasons = (result.policy_reasons or []) + ["lead_has_no_email"]
+
+    return result
+
+
+@router.get("/campaigns/{campaign_id}/attempts", response_model=OutreachAttemptListResponse)
+async def list_campaign_attempts(
+    campaign_id: str,
+    limit: int = Query(50),
+    current_user: Dict[str, Any] = Depends(get_current_user),
+):
+    """List outreach attempts for a campaign."""
+    user_id = _resolve_user_id(current_user)
+    storage = BacklinkOutreachStorageService()
+    attempts = storage.list_attempts(campaign_id, limit, user_id=user_id)
+    return {"attempts": attempts, "total": len(attempts)}
+
+
+# -- Replies --
+
+@router.get("/campaigns/{campaign_id}/replies", response_model=OutreachReplyListResponse)
+async def list_campaign_replies(
+    campaign_id: str,
+    limit: int = Query(50),
+    current_user: Dict[str, Any] = Depends(get_current_user),
+):
+    """List received replies for a campaign."""
+    user_id = _resolve_user_id(current_user)
+    storage = BacklinkOutreachStorageService()
+    replies = storage.list_replies(campaign_id, limit, user_id=user_id)
+    return {"replies": replies, "total": len(replies)}
+
+
+@router.post("/replies/poll")
+async def poll_replies(
+    sent_from_email: str = Query(..., min_length=3),
+    current_user: Dict[str, Any] = Depends(get_current_user),
+):
+    """Poll IMAP inbox for new replies and store them."""
+    user_id = _resolve_user_id(current_user)
+    if not backlink_outreach_reply_monitor.is_configured():
+        raise HTTPException(status_code=503, detail="IMAP not configured")
+
+    storage = BacklinkOutreachStorageService()
+    raw_replies = await backlink_outreach_reply_monitor.poll_replies(sent_from_email)
+    stored = []
+    skipped = 0
+    failed = 0
+    for raw in raw_replies:
+        try:
+            from_email = raw.get("from_email", "")
+            subject = raw.get("subject", "")
+            if storage.reply_exists(from_email, subject, user_id=user_id):
+                skipped += 1
+                continue
+            attempt_id = storage.find_attempt_by_from_email(from_email, user_id=user_id) or ""
+            reply = storage.add_reply(
+                attempt_id=attempt_id,
+                from_email=from_email,
+                subject=subject,
+                body=raw.get("body", ""),
+                classification=raw.get("classification", "replied"),
+                user_id=user_id,
+            )
+            stored.append(reply)
+        except Exception:
+            failed += 1
+    return {"polled": len(raw_replies), "stored": len(stored), "skipped": skipped, "failed": failed, "replies": stored}
+
+
+# -- Follow-ups --
+
+@router.post("/campaigns/{campaign_id}/schedule-followup")
+async def schedule_followup(
+    campaign_id: str,
+    payload: ScheduleFollowUpRequest,
+    current_user: Dict[str, Any] = Depends(get_current_user),
+):
+    """Schedule a follow-up for an outreach attempt."""
+    user_id = _resolve_user_id(current_user)
+    storage = BacklinkOutreachStorageService()
+    sched = storage.schedule_followup(
+        attempt_id=payload.attempt_id,
+        scheduled_for=payload.scheduled_for,
+        subject=payload.subject or "",
+        body=payload.body or "",
+        user_id=user_id,
+    )
+    return {"campaign_id": campaign_id, "schedule": sched}
+
+
+@router.get("/campaigns/{campaign_id}/followups")
+async def list_followups(
+    campaign_id: str,
+    limit: int = Query(50),
+    current_user: Dict[str, Any] = Depends(get_current_user),
+):
+    """List scheduled follow-ups for a campaign."""
+    user_id = _resolve_user_id(current_user)
+    storage = BacklinkOutreachStorageService()
+    followups = storage.list_followups(campaign_id, limit, user_id=user_id)
+    return {"followups": followups, "total": len(followups)}
+
+
+# -- Email Templates --
+
+@router.post("/templates")
+async def create_template(
+    payload: EmailTemplateRequest,
+    current_user: Dict[str, Any] = Depends(get_current_user),
+):
+    """Create an email template."""
+    user_id = _resolve_user_id(current_user)
+    storage = BacklinkOutreachStorageService()
+    return storage.create_template(
+        user_id=user_id,
+        name=payload.name,
+        subject_template=payload.subject_template,
+        body_template=payload.body_template,
+        variables=payload.variables,
+    )
+
+
+@router.get("/templates")
+async def list_templates(
+    current_user: Dict[str, Any] = Depends(get_current_user),
+):
+    """List email templates for the authenticated user."""
+    user_id = _resolve_user_id(current_user)
+    storage = BacklinkOutreachStorageService()
+    return {"templates": storage.list_templates(user_id)}
+
+
+@router.get("/templates/{template_id}")
+async def get_template(
+    template_id: str,
+    current_user: Dict[str, Any] = Depends(get_current_user),
+):
+    """Get a specific email template."""
+    user_id = _resolve_user_id(current_user)
+    storage = BacklinkOutreachStorageService()
+    tmpl = storage.get_template(template_id, user_id)
+    if not tmpl:
+        raise HTTPException(status_code=404, detail="Template not found")
+    return tmpl
+
+
+@router.delete("/templates/{template_id}")
+async def delete_template(
+    template_id: str,
+    current_user: Dict[str, Any] = Depends(get_current_user),
+):
+    """Delete an email template."""
+    user_id = _resolve_user_id(current_user)
+    storage = BacklinkOutreachStorageService()
+    if not storage.delete_template(template_id, user_id):
+        raise HTTPException(status_code=404, detail="Template not found")
+    return {"deleted": True}
+
+
+@router.post("/templates/generate", response_model=GeneratedEmailResponse)
+async def generate_email_template(
+    payload: GenerateEmailRequest,
+    current_user: Dict[str, Any] = Depends(get_current_user),
+):
+    """Generate an outreach email using AI."""
+    user_id = _resolve_user_id(current_user)
+    existing_body = None
+    if payload.existing_template_id:
+        storage = BacklinkOutreachStorageService()
+        tmpl = storage.get_template(payload.existing_template_id, user_id)
+        if tmpl:
+            existing_body = tmpl.get("body_template")
+
+    result = generate_outreach_email(
+        topic=payload.topic,
+        target_site=payload.target_site,
+        tone=payload.tone,
+        user_id=user_id,
+        existing_body=existing_body,
+    )
+    return result
+
+
+@router.post("/generate/personalized", response_model=GeneratedEmailResponse)
+async def generate_personalized_email_endpoint(
+    payload: PersonalizeEmailRequest,
+    current_user: Dict[str, Any] = Depends(get_current_user),
+):
+    """Personalize an outreach email for a specific lead."""
+    user_id = _resolve_user_id(current_user)
+    result = generate_personalized_email(
+        lead_name=payload.lead_name,
+        lead_site=payload.lead_site,
+        lead_content_topic=payload.lead_content_topic,
+        pitch_topic=payload.pitch_topic,
+        existing_body=payload.existing_body,
+        user_id=user_id,
+    )
+    return result
+
+
+@router.post("/generate/subject-lines", response_model=SubjectLinesResponse)
+async def generate_subject_lines_endpoint(
+    payload: SubjectLinesRequest,
+    current_user: Dict[str, Any] = Depends(get_current_user),
+):
+    """Generate subject line suggestions for an email body."""
+    user_id = _resolve_user_id(current_user)
+    subjects = generate_subject_lines(
+        body=payload.body,
+        count=payload.count,
+        user_id=user_id,
+    )
+    return {"subjects": subjects}
+
+
+@router.post("/generate/follow-up", response_model=GeneratedEmailResponse)
+async def generate_follow_up_endpoint(
+    payload: FollowUpRequest,
+    current_user: Dict[str, Any] = Depends(get_current_user),
+):
+    """Generate a follow-up email for an outreach attempt."""
+    user_id = _resolve_user_id(current_user)
+    result = generate_follow_up(
+        original_subject=payload.original_subject,
+        original_body=payload.original_body,
+        days_elapsed=payload.days_elapsed,
+        reply_context=payload.reply_context,
+        user_id=user_id,
+    )
+    return result
+
+
+# -- Suppression --
+
+@router.get("/suppression")
+async def list_suppression(
+    current_user: Dict[str, Any] = Depends(get_current_user),
+):
+    """List suppressed recipients."""
+    user_id = _resolve_user_id(current_user)
+    storage = BacklinkOutreachStorageService()
+    return {"suppressed": storage.list_suppressed(user_id)}
+
+
+@router.post("/suppression")
+async def add_suppression(
+    payload: SuppressionAddRequest,
+    current_user: Dict[str, Any] = Depends(get_current_user),
+):
+    """Add a recipient to the suppression list."""
+    user_id = _resolve_user_id(current_user)
+    storage = BacklinkOutreachStorageService()
+    return storage.add_suppressed(email=payload.email, domain=payload.domain, reason=payload.reason, user_id=user_id)
+
+
+@router.get("/campaigns/{campaign_id}/analytics/volume", response_model=CampaignVolumeResponse)
+async def get_campaign_analytics_volume(
+    campaign_id: str,
+    days: int = Query(30, ge=1, le=365),
+    current_user: Dict[str, Any] = Depends(get_current_user),
+):
+    """Get daily send volume for a campaign over the last N days."""
+    user_id = _resolve_user_id(current_user)
+    return backlink_outreach_service.get_campaign_volume(campaign_id, days, user_id=user_id)
+
+
+@router.get("/campaigns/{campaign_id}/analytics/funnel", response_model=ConversionFunnelResponse)
+async def get_campaign_analytics_funnel(
+    campaign_id: str,
+    current_user: Dict[str, Any] = Depends(get_current_user),
+):
+    """Get conversion funnel (lead status breakdown) for a campaign."""
+    user_id = _resolve_user_id(current_user)
+    return backlink_outreach_service.get_campaign_funnel(campaign_id, user_id=user_id)
+
+
+@router.get("/campaigns/{campaign_id}/export/leads")
+async def export_campaign_leads_csv(
+    campaign_id: str,
+    current_user: Dict[str, Any] = Depends(get_current_user),
+):
+    """Export campaign leads as CSV."""
+    user_id = _resolve_user_id(current_user)
+    csv_content = backlink_outreach_service.export_leads_csv(campaign_id, user_id=user_id)
+    return Response(content=csv_content, media_type="text/csv",
+                    headers={"Content-Disposition": f"attachment; filename=leads_{campaign_id}.csv"})
+
+
+@router.get("/campaigns/{campaign_id}/export/attempts")
+async def export_campaign_attempts_csv(
+    campaign_id: str,
+    current_user: Dict[str, Any] = Depends(get_current_user),
+):
+    """Export campaign outreach attempts as CSV."""
+    user_id = _resolve_user_id(current_user)
+    csv_content = backlink_outreach_service.export_attempts_csv(campaign_id, user_id=user_id)
+    return Response(content=csv_content, media_type="text/csv",
+                    headers={"Content-Disposition": f"attachment; filename=attempts_{campaign_id}.csv"})
+
+
+@router.get("/campaigns/{campaign_id}/export/replies")
+async def export_campaign_replies_csv(
+    campaign_id: str,
+    current_user: Dict[str, Any] = Depends(get_current_user),
+):
+    """Export campaign replies as CSV."""
+    user_id = _resolve_user_id(current_user)
+    csv_content = backlink_outreach_service.export_replies_csv(campaign_id, user_id=user_id)
+    return Response(content=csv_content, media_type="text/csv",
+                    headers={"Content-Disposition": f"attachment; filename=replies_{campaign_id}.csv"})
+
+
+# -- Audit Log --
+
+@router.get("/audit-logs")
+async def list_audit_logs(
+    campaign_id: str = Query(None),
+    limit: int = Query(100),
+    current_user: Dict[str, Any] = Depends(get_current_user),
+):
+    """List audit log entries, optionally filtered by campaign."""
+    user_id = _resolve_user_id(current_user)
+    storage = BacklinkOutreachStorageService()
+    return {"logs": storage.list_audit_logs(campaign_id or None, limit, user_id=user_id)}
+
+
+# -- Analytics --
+
+@router.get("/campaigns/{campaign_id}/analytics", response_model=CampaignAnalyticsResponse)
+async def get_campaign_analytics(
+    campaign_id: str,
+    current_user: Dict[str, Any] = Depends(get_current_user),
+):
+    """Get campaign analytics: send volume, response/placement rates, reply breakdown."""
+    user_id = _resolve_user_id(current_user)
+    storage = BacklinkOutreachStorageService()
+    campaign = storage.get_campaign(campaign_id, user_id)
+    if not campaign:
+        raise HTTPException(status_code=404, detail="Campaign not found")
+
+    attempts = storage.list_attempts(campaign_id, user_id=user_id)
+    replies = storage.list_replies(campaign_id, user_id=user_id)
+    leads = storage.list_leads_all(campaign_id, user_id=user_id)
+
+    total_sent = sum(1 for a in attempts if a.get("status") == "sent")
+    total_blocked = sum(1 for a in attempts if a.get("status") == "blocked")
+    total_replied = len(replies)
+    total_placed = sum(1 for l in leads if l.get("status") == "placed")
+
+    reply_classification = {}
+    for r in replies:
+        cls = r.get("classification", "replied")
+        reply_classification[cls] = reply_classification.get(cls, 0) + 1
+
+    return CampaignAnalyticsResponse(
+        campaign_id=campaign_id,
+        lead_count=campaign.get("lead_count", 0),
+        send_volume=total_sent,
+        blocked_count=total_blocked,
+        reply_count=total_replied,
+        response_rate=round(total_replied / total_sent, 4) if total_sent > 0 else 0.0,
+        placement_rate=round(total_placed / campaign.get("lead_count", 1), 4) if campaign.get("lead_count", 0) > 0 else 0.0,
+        reply_classification=reply_classification,
+    )

backend/routers/image_studio/save.py

@@ -63,8 +63,8 @@ async def save_to_library(
     file_path = assets_dir / filename
     file_path.write_bytes(image_bytes)
 
-    # Build serving URL (assets_serving.py serves /{user_id}/avatars/{filename})
-    file_url = f"/api/assets/{safe_user}/avatars/{filename}"
+    # Build serving URL (assets_serving.py serves /{user_id}/images/{filename})
+    file_url = f"/api/assets/{safe_user}/images/{filename}"
 
     # Save to unified asset library via existing utility
     from utils.asset_tracker import save_asset_to_library

backend/routers/wordpress.py

@@ -87,7 +87,7 @@ async def get_wordpress_status(user: dict = Depends(get_current_user)):
         logger.info(f"Checking WordPress status for user: {user_id}")
         
         # Get user's WordPress sites
-sites = wp_service.get_user_sites(user_id)
+        sites = wp_service.get_user_sites(user_id)
 
         if sites:
             site_responses = [

backend/routers/wordpress_oauth.py

@@ -8,11 +8,12 @@ from fastapi.responses import RedirectResponse, HTMLResponse, JSONResponse
 from typing import Dict, Any, Optional
 from pydantic import BaseModel
 from loguru import logger
-import json
-import os
-from urllib.parse import urlparse
 
 from services.integrations.wordpress_oauth import WordPressOAuthService
+from services.integrations.oauth_callback_utils import (
+    build_oauth_callback_html,
+    sanitize_string,
+)
 from middleware.auth_middleware import get_current_user
 
 router = APIRouter(prefix="/wp", tags=["WordPress OAuth"])
@@ -20,65 +21,6 @@ router = APIRouter(prefix="/wp", tags=["WordPress OAuth"])
 # Initialize OAuth service
 oauth_service = WordPressOAuthService()
 
-
-def _sanitize_string(value: Any, max_len: int = 500) -> str:
-    if value is None:
-        return ""
-    return " ".join(str(value).split())[:max_len]
-
-
-def _normalize_origin(url: Optional[str]) -> Optional[str]:
-    if not url:
-        return None
-    parsed = urlparse(url.strip())
-    if parsed.scheme not in {"http", "https"} or not parsed.netloc:
-        return None
-    return f"{parsed.scheme}://{parsed.netloc}"
-
-
-def _trusted_frontend_origin() -> Optional[str]:
-    origins_env = os.getenv("OAUTH_CALLBACK_ALLOWED_ORIGINS", "")
-    configured_origins = [
-        _normalize_origin(origin)
-        for origin in origins_env.split(",")
-        if origin.strip()
-    ]
-    configured_origins = [origin for origin in configured_origins if origin]
-    if configured_origins:
-        return configured_origins[0]
-    return _normalize_origin(os.getenv("FRONTEND_URL"))
-
-
-def _oauth_callback_html(payload: Dict[str, Any], title: str, heading: str, message: str) -> str:
-    payload_json = json.dumps(payload)
-    target_origin = json.dumps(_trusted_frontend_origin() or "")
-    heading_html = heading.replace("&", "&amp;").replace("<", "&lt;").replace(">", "&gt;")
-    message_html = message.replace("&", "&amp;").replace("<", "&lt;").replace(">", "&gt;")
-    return f"""
-    <!DOCTYPE html>
-    <html>
-    <head><title>{title}</title></head>
-    <body>
-      <h1>{heading_html}</h1>
-      <p>{message_html}</p>
-      <script>
-        (function() {{
-          var payload = {payload_json};
-          var targetOrigin = {target_origin};
-          var destination = window.opener || window.parent;
-          if (destination && targetOrigin) {{
-            try {{
-              destination.postMessage(payload, targetOrigin);
-              window.close();
-              return;
-            }} catch (_e) {{}}
-          }}
-        }})();
-      </script>
-    </body>
-    </html>
-    """
-
 # Pydantic Models
 class WordPressOAuthResponse(BaseModel):
     auth_url: str
@@ -140,8 +82,8 @@ async def handle_wordpress_callback(
                     status_code=status.HTTP_400_BAD_REQUEST,
                     content={"success": False, "error": error}
                 )
-            html_content = _oauth_callback_html(
-                payload={"type": "WPCOM_OAUTH_ERROR", "success": False, "error": _sanitize_string(error)},
+            html_content = build_oauth_callback_html(
+                payload={"type": "WPCOM_OAUTH_ERROR", "success": False, "error": sanitize_string(error)},
                 title="WordPress.com Connection Failed",
                 heading="Connection Failed",
                 message="There was an error connecting to WordPress.com. You can close this window and try again."
@@ -158,7 +100,7 @@ async def handle_wordpress_callback(
                     status_code=status.HTTP_400_BAD_REQUEST,
                     content={"success": False, "error": "Missing parameters"}
                 )
-            html_content = _oauth_callback_html(
+            html_content = build_oauth_callback_html(
                 payload={"type": "WPCOM_OAUTH_ERROR", "success": False, "error": "Missing parameters"},
                 title="WordPress.com Connection Failed",
                 heading="Connection Failed",
@@ -179,7 +121,7 @@ async def handle_wordpress_callback(
                     status_code=status.HTTP_400_BAD_REQUEST,
                     content={"success": False, "error": "Token exchange failed"}
                 )
-            html_content = _oauth_callback_html(
+            html_content = build_oauth_callback_html(
                 payload={"type": "WPCOM_OAUTH_ERROR", "success": False, "error": "Token exchange failed"},
                 title="WordPress.com Connection Failed",
                 heading="Connection Failed",
@@ -201,12 +143,12 @@ async def handle_wordpress_callback(
                 }
             )
 
-        html_content = _oauth_callback_html(
+        html_content = build_oauth_callback_html(
             payload={
                 "type": "WPCOM_OAUTH_SUCCESS",
                 "success": True,
-                "blogUrl": _sanitize_string(blog_url, 300),
-                "blogId": _sanitize_string(blog_id, 128)
+                "blogUrl": sanitize_string(blog_url, 300),
+                "blogId": sanitize_string(blog_id, 128)
             },
             title="WordPress.com Connection Successful",
             heading="Connection Successful",
@@ -220,7 +162,7 @@ async def handle_wordpress_callback(
         
     except Exception as e:
         logger.error(f"Error handling WordPress OAuth callback: {e}")
-        html_content = _oauth_callback_html(
+        html_content = build_oauth_callback_html(
             payload={"type": "WPCOM_OAUTH_ERROR", "success": False, "error": "Callback error"},
             title="WordPress.com Connection Failed",
             heading="Connection Failed",