Restrict podcast task status access by owner

backend/api/podcast/handlers/dubbing.py

@@ -203,7 +203,10 @@ async def create_audio_dubbing_task(
     """
     user_id = require_authenticated_user(current_user)
     
-    task_id = task_manager.create_task("audio_dubbing")
+    task_id = task_manager.create_task(
+        "audio_dubbing",
+        metadata={"owner_user_id": user_id},
+    )
     
     background_tasks.add_task(
         _execute_dubbing_task,
@@ -240,7 +243,7 @@ async def get_dubbing_result(
     """
     user_id = require_authenticated_user(current_user)
     
-    task_status = task_manager.get_task_status(task_id)
+    task_status = task_manager.get_task_status(task_id, requester_user_id=user_id)
     
     if not task_status:
         raise HTTPException(status_code=404, detail="Task not found")
@@ -403,7 +406,10 @@ async def create_voice_clone_task(
     """
     user_id = require_authenticated_user(current_user)
     
-    task_id = task_manager.create_task("voice_clone")
+    task_id = task_manager.create_task(
+        "voice_clone",
+        metadata={"owner_user_id": user_id},
+    )
     
     background_tasks.add_task(
         _execute_voice_clone_task,
@@ -434,7 +440,7 @@ async def get_voice_clone_result(
     """
     user_id = require_authenticated_user(current_user)
     
-    task_status = task_manager.get_task_status(task_id)
+    task_status = task_manager.get_task_status(task_id, requester_user_id=user_id)
     
     if not task_status:
         raise HTTPException(status_code=404, detail="Task not found")

backend/api/podcast/handlers/video.py

@@ -222,7 +222,7 @@ def _execute_podcast_video_task(
         )
 
         # Verify the task status was updated correctly
-        updated_status = task_manager.get_task_status(task_id)
+        updated_status = task_manager.get_task_status(task_id, requester_user_id=user_id)
         logger.info(
             f"[Podcast] Task status after update: task_id={task_id}, status={updated_status.get('status') if updated_status else 'None'}, has_result={bool(updated_status.get('result') if updated_status else False)}, video_url={updated_status.get('result', {}).get('video_url') if updated_status else 'N/A'}"
         )
@@ -358,7 +358,10 @@ async def generate_podcast_video(
         logger.warning(f"[Podcast] Failed to extract auth token from headers: {e}")
 
     # Create async task
-    task_id = task_manager.create_task("podcast_video_generation")
+    task_id = task_manager.create_task(
+        "podcast_video_generation",
+        metadata={"owner_user_id": user_id},
+    )
     background_tasks.add_task(
         _execute_podcast_video_task,
         task_id=task_id,
@@ -488,7 +491,10 @@ async def combine_podcast_videos(
         raise HTTPException(status_code=400, detail="No scene videos provided")
     
     # Create async task
-    task_id = task_manager.create_task("podcast_combine_videos")
+    task_id = task_manager.create_task(
+        "podcast_combine_videos",
+        metadata={"owner_user_id": user_id},
+    )
     
     # Extract token for authenticated URL building
     auth_token = None

backend/api/podcast/router.py

@@ -4,7 +4,7 @@ Podcast Maker API Router
 Main router that imports and registers all handler modules.
 """
 
-from fastapi import APIRouter, Depends
+from fastapi import APIRouter, Depends, HTTPException
 from typing import Dict, Any
 
 from middleware.auth_middleware import get_current_user
@@ -32,5 +32,8 @@ router.include_router(dubbing.router)
 @router.get("/task/{task_id}/status")
 async def podcast_task_status(task_id: str, current_user: Dict[str, Any] = Depends(get_current_user)):
     """Expose task status under podcast namespace (reuses shared task manager)."""
-    require_authenticated_user(current_user)
+    user_id = require_authenticated_user(current_user)
-    return task_manager.get_task_status(task_id)
+    task_status = task_manager.get_task_status(task_id, requester_user_id=user_id)
+    if not task_status:
+        raise HTTPException(status_code=404, detail="Task not found")
+    return task_status

backend/api/story_writer/task_manager.py

@@ -34,9 +34,14 @@ class TaskManager:
             del self.task_storage[task_id]
             logger.debug(f"[StoryWriter] Cleaned up old task: {task_id}")
     
-    def create_task(self, task_type: str = "story_generation") -> str:
+    def create_task(
+        self,
+        task_type: str = "story_generation",
+        metadata: Optional[Dict[str, Any]] = None,
+    ) -> str:
         """Create a new task and return its ID."""
         task_id = str(uuid.uuid4())
+        task_metadata = metadata or {}
         
         self.task_storage[task_id] = {
             "status": "pending",
@@ -45,13 +50,14 @@ class TaskManager:
             "error": None,
             "progress_messages": [],
             "task_type": task_type,
-            "progress": 0.0
+            "progress": 0.0,
+            "metadata": task_metadata,
         }
         
         logger.info(f"[StoryWriter] Created task: {task_id} (type: {task_type})")
         return task_id
     
-    def get_task_status(self, task_id: str) -> Optional[Dict[str, Any]]:
+    def get_task_status(self, task_id: str, requester_user_id: Optional[str] = None) -> Optional[Dict[str, Any]]:
         """Get the status of a task."""
         self.cleanup_old_tasks()
         
@@ -62,6 +68,15 @@ class TaskManager:
             return None
         
         task = self.task_storage[task_id]
+        metadata = task.get("metadata", {}) or {}
+        owner_user_id = metadata.get("owner_user_id")
+
+        if requester_user_id is not None and owner_user_id is not None and requester_user_id != owner_user_id:
+            logger.warning(
+                f"[StoryWriter] Task access denied for task {task_id}: requester does not match owner"
+            )
+            return None
+
         response = {
             "task_id": task_id,
             "status": task["status"],

backend/app.py

@@ -48,8 +48,6 @@ load_dotenv(backend_dir / '.env')  # backend/.env
 load_dotenv(project_root / '.env')  # root .env (fallback)
 load_dotenv()  # CWD .env (fallback)
 
-PODCAST_ONLY_DEMO_MODE = os.getenv("PODCAST_ONLY_DEMO_MODE", "false").lower() in {"1", "true", "yes", "on"}
-
 # Set up clean logging for end users
 from logging_config import setup_clean_logging
 setup_clean_logging()
@@ -112,37 +110,36 @@ from services.startup_health import (
 # Import OAuth token monitoring routes
 from api.oauth_token_monitoring_routes import router as oauth_token_monitoring_router
 
-if not PODCAST_ONLY_DEMO_MODE:
+# Import SEO Dashboard endpoints
-    # Import SEO Dashboard endpoints only when non-demo features are enabled
+from api.seo_dashboard import (
-    from api.seo_dashboard import (
+    get_seo_dashboard_data,
-        get_seo_dashboard_data,
+    get_seo_health_score,
-        get_seo_health_score,
+    get_seo_metrics,
-        get_seo_metrics,
+    get_platform_status,
-        get_platform_status,
+    get_ai_insights,
-        get_ai_insights,
+    seo_dashboard_health_check,
-        seo_dashboard_health_check,
+    analyze_seo_comprehensive,
-        analyze_seo_comprehensive,
+    analyze_seo_full,
-        analyze_seo_full,
+    get_seo_metrics_detailed,
-        get_seo_metrics_detailed,
+    get_analysis_summary,
-        get_analysis_summary,
+    batch_analyze_urls,
-        batch_analyze_urls,
+    SEOAnalysisRequest,
-        SEOAnalysisRequest,
+    get_seo_dashboard_overview,
-        get_seo_dashboard_overview,
+    get_gsc_raw_data,
-        get_gsc_raw_data,
+    get_bing_raw_data,
-        get_bing_raw_data,
+    get_competitive_insights,
-        get_competitive_insights,
+    get_deep_competitor_analysis,
-        get_deep_competitor_analysis,
+    run_strategic_insights,
-        run_strategic_insights,
+    get_strategic_insights_history,
-        get_strategic_insights_history,
+    refresh_analytics_data,
-        refresh_analytics_data,
+    analyze_urls_ai,
-        analyze_urls_ai,
+    AnalyzeURLsRequest,
-        AnalyzeURLsRequest,
+    get_analyzed_pages,
-        get_analyzed_pages,
+    get_semantic_health,
-        get_semantic_health,
+    get_semantic_cache_stats,
-        get_semantic_cache_stats,
+    get_sif_indexing_health,
-        get_sif_indexing_health,
+    get_onboarding_task_health,
-        get_onboarding_task_health,
+)
-    )
 
 
 # Initialize FastAPI app
@@ -262,184 +259,194 @@ async def onboarding_status():
     return onboarding_manager.get_onboarding_status()
 
 # Include routers using modular utilities
-if not PODCAST_ONLY_DEMO_MODE:
+router_manager.include_core_routers()
-    router_manager.include_core_routers()
+router_manager.include_optional_routers()
-    router_manager.include_optional_routers()
-else:
-    logger.info("PODCAST_ONLY_DEMO_MODE enabled: including only podcast and subscription feature routers.")
-    app.include_router(subscription_router)
 
 # Include assets serving router (must be mounted to serve generated images)
 app.include_router(assets_serving_router)
 
-if not PODCAST_ONLY_DEMO_MODE:
+# SEO Dashboard endpoints
-    # SEO Dashboard endpoints
+@app.get("/api/seo-dashboard/data")
-    @app.get("/api/seo-dashboard/data")
+async def seo_dashboard_data():
-    async def seo_dashboard_data():
+    """Get complete SEO dashboard data."""
-        """Get complete SEO dashboard data."""
+    return await get_seo_dashboard_data()
-        return await get_seo_dashboard_data()
 
-    @app.get("/api/seo-dashboard/health-score")
+@app.get("/api/seo-dashboard/health-score")
-    async def seo_health_score():
+async def seo_health_score():
-        """Get SEO health score."""
+    """Get SEO health score."""
-        return await get_seo_health_score()
+    return await get_seo_health_score()
 
-    @app.get("/api/seo-dashboard/metrics")
+@app.get("/api/seo-dashboard/metrics")
-    async def seo_metrics():
+async def seo_metrics():
-        """Get SEO metrics."""
+    """Get SEO metrics."""
-        return await get_seo_metrics()
+    return await get_seo_metrics()
 
-    @app.get("/api/seo-dashboard/platforms")
+@app.get("/api/seo-dashboard/platforms")
-    async def seo_platforms(current_user: dict = Depends(get_current_user)):
+async def seo_platforms(current_user: dict = Depends(get_current_user)):
-        """Get platform status."""
+    """Get platform status."""
-        return await get_platform_status(current_user)
+    return await get_platform_status(current_user)
 
-    @app.get("/api/seo-dashboard/insights")
+@app.get("/api/seo-dashboard/insights")
-    async def seo_insights():
+async def seo_insights():
-        """Get AI insights."""
+    """Get AI insights."""
-        return await get_ai_insights()
+    return await get_ai_insights()
 
-    # New SEO Dashboard endpoints with real data
+# New SEO Dashboard endpoints with real data
-    @app.get("/api/seo-dashboard/overview")
+@app.get("/api/seo-dashboard/overview")
-    async def seo_dashboard_overview_endpoint(current_user: dict = Depends(get_current_user), site_url: str = None):
+async def seo_dashboard_overview_endpoint(current_user: dict = Depends(get_current_user), site_url: str = None):
-        """Get comprehensive SEO dashboard overview with real GSC/Bing data."""
+    """Get comprehensive SEO dashboard overview with real GSC/Bing data."""
-        return await get_seo_dashboard_overview(current_user, site_url)
+    return await get_seo_dashboard_overview(current_user, site_url)
 
-    @app.get("/api/seo-dashboard/gsc/raw")
+@app.get("/api/seo-dashboard/gsc/raw")
-    async def gsc_raw_data_endpoint(current_user: dict = Depends(get_current_user), site_url: str = None):
+async def gsc_raw_data_endpoint(current_user: dict = Depends(get_current_user), site_url: str = None):
-        """Get raw GSC data for the specified site."""
+    """Get raw GSC data for the specified site."""
-        return await get_gsc_raw_data(current_user, site_url)
+    return await get_gsc_raw_data(current_user, site_url)
 
-    @app.get("/api/seo-dashboard/bing/raw")
+@app.get("/api/seo-dashboard/bing/raw")
-    async def bing_raw_data_endpoint(current_user: dict = Depends(get_current_user), site_url: str = None):
+async def bing_raw_data_endpoint(current_user: dict = Depends(get_current_user), site_url: str = None):
-        """Get raw Bing data for the specified site."""
+    """Get raw Bing data for the specified site."""
-        return await get_bing_raw_data(current_user, site_url)
+    return await get_bing_raw_data(current_user, site_url)
 
-    @app.get("/api/seo-dashboard/competitive-insights")
+@app.get("/api/seo-dashboard/competitive-insights")
-    async def competitive_insights_endpoint(current_user: dict = Depends(get_current_user), site_url: str = None):
+async def competitive_insights_endpoint(current_user: dict = Depends(get_current_user), site_url: str = None):
-        """Get competitive insights from onboarding step 3 data."""
+    """Get competitive insights from onboarding step 3 data."""
-        return await get_competitive_insights(current_user, site_url)
+    return await get_competitive_insights(current_user, site_url)
 
-    @app.get("/api/seo-dashboard/deep-competitor-analysis")
+@app.get("/api/seo-dashboard/deep-competitor-analysis")
-    async def deep_competitor_analysis_endpoint(current_user: dict = Depends(get_current_user), site_url: str = None):
+async def deep_competitor_analysis_endpoint(current_user: dict = Depends(get_current_user), site_url: str = None):
-        """Get deep competitor analysis results (auto-scheduled post-onboarding)."""
+    """Get deep competitor analysis results (auto-scheduled post-onboarding)."""
-        return await get_deep_competitor_analysis(current_user, site_url)
+    return await get_deep_competitor_analysis(current_user, site_url)
 
-    @app.post("/api/seo-dashboard/strategic-insights/run")
+@app.post("/api/seo-dashboard/strategic-insights/run")
-    async def run_strategic_insights_endpoint(current_user: dict = Depends(get_current_user)):
+async def run_strategic_insights_endpoint(current_user: dict = Depends(get_current_user)):
-        """Run AI-powered strategic insights analysis manually."""
+    """Run AI-powered strategic insights analysis manually."""
-        return await run_strategic_insights(current_user)
+    return await run_strategic_insights(current_user)
 
-    @app.get("/api/seo-dashboard/strategic-insights/history")
+@app.get("/api/seo-dashboard/strategic-insights/history")
-    async def get_strategic_insights_history_endpoint(current_user: dict = Depends(get_current_user)):
+async def get_strategic_insights_history_endpoint(current_user: dict = Depends(get_current_user)):
-        """Fetch the history of strategic insights for the user."""
+    """Fetch the history of strategic insights for the user."""
-        return await get_strategic_insights_history(current_user)
+    return await get_strategic_insights_history(current_user)
 
-    @app.post("/api/seo-dashboard/refresh")
+@app.post("/api/seo-dashboard/refresh")
-    async def refresh_analytics_data_endpoint(current_user: dict = Depends(get_current_user), site_url: str = None):
+async def refresh_analytics_data_endpoint(current_user: dict = Depends(get_current_user), site_url: str = None):
-        """Refresh analytics data by invalidating cache and fetching fresh data."""
+    """Refresh analytics data by invalidating cache and fetching fresh data."""
-        return await refresh_analytics_data(current_user, site_url)
+    return await refresh_analytics_data(current_user, site_url)
 
-    @app.get("/api/seo-dashboard/onboarding-task-health")
-    async def onboarding_task_health_endpoint(current_user: dict = Depends(get_current_user), site_url: str = None):
-        """Get consolidated health for onboarding-scheduled SEO tasks."""
-        return await get_onboarding_task_health(current_user, site_url)
 
-    @app.get("/api/seo-dashboard/health")
-    async def seo_dashboard_health():
-        """Health check for SEO dashboard."""
-        return await seo_dashboard_health_check()
 
-    # Phase 2B: Semantic health monitoring endpoint (24-hour polling)
+@app.get("/api/seo-dashboard/onboarding-task-health")
-    @app.get("/api/seo-dashboard/semantic-health")
+async def onboarding_task_health_endpoint(current_user: dict = Depends(get_current_user), site_url: str = None):
-    async def semantic_health_endpoint(current_user: dict = Depends(get_current_user)):
+    """Get consolidated health for onboarding-scheduled SEO tasks."""
-        """Get real-time semantic health metrics for content and competitors."""
+    return await get_onboarding_task_health(current_user, site_url)
-        return await get_semantic_health(current_user)
 
-    @app.get("/api/seo-dashboard/cache-stats")
+@app.get("/api/seo-dashboard/health")
-    async def semantic_cache_stats_endpoint(current_user: dict = Depends(get_current_user)):
+async def seo_dashboard_health():
-        """Get semantic cache performance statistics."""
+    """Health check for SEO dashboard."""
-        return await get_semantic_cache_stats(current_user)
+    return await seo_dashboard_health_check()
 
-    @app.get("/api/seo-dashboard/sif-health")
+# Phase 2B: Semantic health monitoring endpoint (24-hour polling)
-    async def sif_indexing_health_endpoint(current_user: dict = Depends(get_current_user)):
+@app.get("/api/seo-dashboard/semantic-health")
-        """Get SIF indexing health summary for the current user."""
+async def semantic_health_endpoint(current_user: dict = Depends(get_current_user)):
-        return await get_sif_indexing_health(current_user)
+    """
+    Get real-time semantic health metrics for content and competitors.
+    This endpoint provides Phase 2B semantic intelligence monitoring data.
+    
+    Returns semantic health score, status, and recommendations.
+    Data is cached and updated every 24 hours via scheduler.
+    """
+    return await get_semantic_health(current_user)
 
-    # Comprehensive SEO Analysis endpoints
-    @app.post("/api/seo-dashboard/analyze-comprehensive")
-    async def analyze_seo_comprehensive_endpoint(request: SEOAnalysisRequest):
-        """Analyze a URL for comprehensive SEO performance."""
-        return await analyze_seo_comprehensive(request)
 
-    @app.post("/api/seo-dashboard/analyze-full")
+@app.get("/api/seo-dashboard/cache-stats")
-    async def analyze_seo_full_endpoint(request: SEOAnalysisRequest):
+async def semantic_cache_stats_endpoint(current_user: dict = Depends(get_current_user)):
-        """Analyze a URL for comprehensive SEO performance."""
+    """
-        return await analyze_seo_full(request)
+    Get semantic cache performance statistics.
+    Returns hit rate, memory usage, and eviction counts.
+    """
+    return await get_semantic_cache_stats(current_user)
 
-    @app.get("/api/seo-dashboard/metrics-detailed")
-    async def seo_metrics_detailed(url: str):
-        """Get detailed SEO metrics for a URL."""
-        return await get_seo_metrics_detailed(url)
 
-    @app.get("/api/seo-dashboard/analysis-summary")
+@app.get("/api/seo-dashboard/sif-health")
-    async def seo_analysis_summary(url: str):
+async def sif_indexing_health_endpoint(current_user: dict = Depends(get_current_user)):
-        """Get a quick summary of SEO analysis for a URL."""
+    """
-        return await get_analysis_summary(url)
+    Get SIF indexing health summary for the current user.
+    Used by the Semantic Indexing Status widget on the dashboard.
+    """
+    return await get_sif_indexing_health(current_user)
 
-    @app.post("/api/seo-dashboard/batch-analyze")
+# Comprehensive SEO Analysis endpoints
-    async def batch_analyze_urls_endpoint(urls: list[str]):
+@app.post("/api/seo-dashboard/analyze-comprehensive")
-        """Analyze multiple URLs in batch."""
+async def analyze_seo_comprehensive_endpoint(request: SEOAnalysisRequest):
-        return await batch_analyze_urls(urls)
+    """Analyze a URL for comprehensive SEO performance."""
+    return await analyze_seo_comprehensive(request)
 
-    @app.post("/api/seo-dashboard/analyze-urls-ai")
+@app.post("/api/seo-dashboard/analyze-full")
-    async def analyze_urls_ai_endpoint(request: AnalyzeURLsRequest, current_user: dict = Depends(get_current_user)):
+async def analyze_seo_full_endpoint(request: SEOAnalysisRequest):
-        """Run AI-powered SEO analysis on selected URLs."""
+    """Analyze a URL for comprehensive SEO performance."""
-        return await analyze_urls_ai(request, current_user)
+    return await analyze_seo_full(request)
 
-    # Include platform analytics router
+@app.get("/api/seo-dashboard/metrics-detailed")
-    from routers.platform_analytics import router as platform_analytics_router
+async def seo_metrics_detailed(url: str):
-    app.include_router(platform_analytics_router)
+    """Get detailed SEO metrics for a URL."""
-    # Include Bing Analytics Storage router to expose storage-backed endpoints
+    return await get_seo_metrics_detailed(url)
-    from routers.bing_analytics_storage import router as bing_analytics_storage_router
-    app.include_router(bing_analytics_storage_router)
-    app.include_router(images_router)
-    app.include_router(image_studio_router)
-    app.include_router(product_marketing_router)
-    app.include_router(campaign_creator_router)
 
-    # Include content assets router
+@app.get("/api/seo-dashboard/analysis-summary")
-    from api.content_assets.router import router as content_assets_router
+async def seo_analysis_summary(url: str):
-    app.include_router(content_assets_router)
+    """Get a quick summary of SEO analysis for a URL."""
+    return await get_analysis_summary(url)
+
+@app.post("/api/seo-dashboard/batch-analyze")
+async def batch_analyze_urls_endpoint(urls: list[str]):
+    """Analyze multiple URLs in batch."""
+    return await batch_analyze_urls(urls)
+
+@app.post("/api/seo-dashboard/analyze-urls-ai")
+async def analyze_urls_ai_endpoint(request: AnalyzeURLsRequest, current_user: dict = Depends(get_current_user)):
+    """Run AI-powered SEO analysis on selected URLs."""
+    return await analyze_urls_ai(request, current_user)
+
+# Include platform analytics router
+from routers.platform_analytics import router as platform_analytics_router
+app.include_router(platform_analytics_router)
+# Include Bing Analytics Storage router to expose storage-backed endpoints
+from routers.bing_analytics_storage import router as bing_analytics_storage_router
+app.include_router(bing_analytics_storage_router)
+app.include_router(images_router)
+app.include_router(image_studio_router)
+app.include_router(product_marketing_router)
+app.include_router(campaign_creator_router)
+
+# Include content assets router
+from api.content_assets.router import router as content_assets_router
+app.include_router(content_assets_router)
 
 # Include Podcast Maker router
 from api.podcast.router import router as podcast_router
 app.include_router(podcast_router)
 
-if not PODCAST_ONLY_DEMO_MODE:
+# Include YouTube Creator Studio router
-    # Include YouTube Creator Studio router
+from api.youtube.router import router as youtube_router
-    from api.youtube.router import router as youtube_router
+app.include_router(youtube_router, prefix="/api")
-    app.include_router(youtube_router, prefix="/api")
 
-    # Include research configuration router
+# Include research configuration router
-    app.include_router(research_config_router, prefix="/api/research", tags=["research"])
+app.include_router(research_config_router, prefix="/api/research", tags=["research"])
 
-    # Include Research Engine router (standalone AI research module)
+# Include Research Engine router (standalone AI research module)
-    from api.research.router import router as research_engine_router
+from api.research.router import router as research_engine_router
-    app.include_router(research_engine_router, tags=["Research Engine"])
+app.include_router(research_engine_router, tags=["Research Engine"])
 
-    # Scheduler dashboard routes
+# Scheduler dashboard routes
-    from api.scheduler_dashboard import router as scheduler_dashboard_router
+from api.scheduler_dashboard import router as scheduler_dashboard_router
-    app.include_router(scheduler_dashboard_router)
+app.include_router(scheduler_dashboard_router)
-    app.include_router(oauth_token_monitoring_router)
+app.include_router(oauth_token_monitoring_router)
 
-    # Autonomous Agents API routes (Phase 3A)
+# Autonomous Agents API routes (Phase 3A)
-    from api.agents_api import router as agents_router
+from api.agents_api import router as agents_router
-    app.include_router(agents_router)
+app.include_router(agents_router)
 
-    # Today workflow routes
+# Today workflow routes
-    from api.today_workflow import router as today_workflow_router
+from api.today_workflow import router as today_workflow_router
-    app.include_router(today_workflow_router)
+app.include_router(today_workflow_router)
 
 # Setup frontend serving using modular utilities
 frontend_serving.setup_frontend_serving()