feat: implement core backend API structure and frontend service layer for case management and authentication

This commit is contained in:
2026-05-12 15:41:57 +03:00
parent ee39a3d83b
commit bd73f18d5c
13 changed files with 718 additions and 63 deletions

View File

@@ -17,8 +17,14 @@ app.config['UPLOAD_FOLDER'] = UPLOAD_FOLDER
# Register blueprints (routes)
from .routes.cases import cases_blueprint
from .routes.credentials import credentials_blueprint
from .routes.auth import auth_blueprint
from .routes.dashboard import dashboard_blueprint
from .routes.reports import reports_blueprint
app.register_blueprint(cases_blueprint, url_prefix='/api')
app.register_blueprint(credentials_blueprint, url_prefix='/api')
app.register_blueprint(auth_blueprint, url_prefix='/api')
app.register_blueprint(dashboard_blueprint, url_prefix='/api')
app.register_blueprint(reports_blueprint, url_prefix='/api')
if __name__ == '__main__':
# Use host 0.0.0.0 for Docker compatibility, port 5000

32
backend/middleware.py Normal file
View File

@@ -0,0 +1,32 @@
import os
import jwt
from functools import wraps
from flask import request, jsonify
# Should ideally be set in .env
SECRET_KEY = os.getenv('JWT_SECRET', 'super-secret-jwt-key-automarket')
def token_required(f):
@wraps(f)
def decorated(*args, **kwargs):
token = None
auth_header = request.headers.get('Authorization')
if auth_header and auth_header.startswith('Bearer '):
token = auth_header.split(" ")[1]
# Fallback to query param for file downloads
if not token:
token = request.args.get('token')
if not token:
return jsonify({'message': 'Token is missing!'}), 401
try:
data = jwt.decode(token, SECRET_KEY, algorithms=["HS256"])
current_user_id = data['user_id']
except Exception as e:
return jsonify({'message': 'Token is invalid or expired!'}), 401
return f(current_user_id, *args, **kwargs)
return decorated

View File

@@ -4,3 +4,7 @@ python-dotenv==1.0.1
psycopg2-binary==2.9.9
Werkzeug==3.0.3
requests==2.31.0
PyJWT==2.8.0
bcrypt==4.1.3
reportlab==4.1.0
pandas==2.2.1

88
backend/routes/auth.py Normal file
View File

@@ -0,0 +1,88 @@
# backend/routes/auth.py
from flask import Blueprint, request, jsonify
from datetime import datetime, timedelta
import bcrypt
import jwt
from ..db import get_db_connection, release_db_connection
from ..middleware import SECRET_KEY, token_required
auth_blueprint = Blueprint('auth', __name__)
@auth_blueprint.route('/auth/register', methods=['POST'])
def register():
data = request.json
username = data.get('username')
password = data.get('password')
if not username or not password:
return jsonify({"error": "Username and password are required"}), 400
conn = get_db_connection()
cur = conn.cursor()
# Check if exists
cur.execute("SELECT id FROM users WHERE username = %s", (username,))
if cur.fetchone():
release_db_connection(conn)
return jsonify({"error": "Username already exists"}), 400
hashed_password = bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt()).decode('utf-8')
cur.execute(
"INSERT INTO users (username, password_hash) VALUES (%s, %s) RETURNING id",
(username, hashed_password)
)
user_id = cur.fetchone()[0]
conn.commit()
release_db_connection(conn)
return jsonify({"message": "User registered successfully", "user_id": user_id}), 201
@auth_blueprint.route('/auth/login', methods=['POST'])
def login():
data = request.json
username = data.get('username')
password = data.get('password')
conn = get_db_connection()
cur = conn.cursor()
cur.execute("SELECT id, password_hash FROM users WHERE username = %s", (username,))
user = cur.fetchone()
release_db_connection(conn)
if not user or not bcrypt.checkpw(password.encode('utf-8'), user[1].encode('utf-8')):
return jsonify({"error": "Invalid credentials"}), 401
token = jwt.encode({
'user_id': user[0],
'exp': datetime.utcnow() + timedelta(days=7)
}, SECRET_KEY, algorithm="HS256")
return jsonify({"token": token})
@auth_blueprint.route('/auth/me', methods=['GET'])
@token_required
def get_me(current_user_id):
conn = get_db_connection()
cur = conn.cursor()
cur.execute("SELECT id, username, plan FROM users WHERE id = %s", (current_user_id,))
user = cur.fetchone()
release_db_connection(conn)
if not user:
return jsonify({"error": "User not found"}), 404
return jsonify({"id": user[0], "username": user[1], "plan": user[2]})
@auth_blueprint.route('/auth/upgrade', methods=['POST'])
@token_required
def upgrade_plan(current_user_id):
"""Simulates payment success and upgrades to PRO."""
conn = get_db_connection()
cur = conn.cursor()
cur.execute("UPDATE users SET plan = 'pro' WHERE id = %s", (current_user_id,))
conn.commit()
release_db_connection(conn)
return jsonify({"message": "Successfully upgraded to PRO"}), 200

View File

@@ -5,6 +5,7 @@ from werkzeug.utils import secure_filename
from datetime import datetime
from ..db import get_db_connection, release_db_connection
from ..middleware import token_required
cases_blueprint = Blueprint('cases', __name__)
@@ -24,7 +25,8 @@ def serialize_case(row):
# ---------- CASE CRUD ----------
@cases_blueprint.route('/cases', methods=['GET'])
def list_cases():
@token_required
def list_cases(current_user_id):
# optional filters: ?article=...&status=...&platform=...
article = request.args.get('article')
status = request.args.get('status')
@@ -32,8 +34,8 @@ def list_cases():
conn = get_db_connection()
cur = conn.cursor()
query = "SELECT id, platform, violator_url, violator_article, my_article, comment, status, created_at, updated_at FROM cases"
params = []
conditions = []
params = [current_user_id]
conditions = ["user_id = %s"]
if article:
conditions.append("violator_article = %s")
params.append(article)
@@ -52,7 +54,8 @@ def list_cases():
return jsonify([serialize_case(r) for r in rows])
@cases_blueprint.route('/cases', methods=['POST'])
def create_case():
@token_required
def create_case(current_user_id):
data = request.json
required = ["platform", "violator_url", "violator_article"]
for f in required:
@@ -61,9 +64,10 @@ def create_case():
conn = get_db_connection()
cur = conn.cursor()
cur.execute(
"""INSERT INTO cases (platform, violator_url, violator_article, my_article, comment, status)
VALUES (%s, %s, %s, %s, %s, %s) RETURNING id""",
"""INSERT INTO cases (user_id, platform, violator_url, violator_article, my_article, comment, status)
VALUES (%s, %s, %s, %s, %s, %s, %s) RETURNING id""",
(
current_user_id,
data.get('platform'),
data.get('violator_url'),
data.get('violator_article'),
@@ -78,10 +82,11 @@ def create_case():
return jsonify({"id": case_id}), 201
@cases_blueprint.route('/cases/<int:case_id>', methods=['GET'])
def get_case(case_id):
@token_required
def get_case(current_user_id, case_id):
conn = get_db_connection()
cur = conn.cursor()
cur.execute("SELECT id, platform, violator_url, violator_article, my_article, comment, status, created_at, updated_at FROM cases WHERE id = %s", (case_id,))
cur.execute("SELECT id, platform, violator_url, violator_article, my_article, comment, status, created_at, updated_at FROM cases WHERE id = %s AND user_id = %s", (case_id, current_user_id))
row = cur.fetchone()
release_db_connection(conn)
if not row:
@@ -89,7 +94,8 @@ def get_case(case_id):
return jsonify(serialize_case(row))
@cases_blueprint.route('/cases/<int:case_id>', methods=['PUT'])
def update_case(case_id):
@token_required
def update_case(current_user_id, case_id):
data = request.json
fields = []
params = []
@@ -100,27 +106,29 @@ def update_case(case_id):
params.append(data[f])
if not fields:
return jsonify({"error": "No updatable fields provided"}), 400
params.append(case_id)
params.extend([case_id, current_user_id])
conn = get_db_connection()
cur = conn.cursor()
cur.execute(f"UPDATE cases SET {', '.join(fields)}, updated_at = %s WHERE id = %s",
(*params[:-1], datetime.utcnow(), case_id))
cur.execute(f"UPDATE cases SET {', '.join(fields)}, updated_at = %s WHERE id = %s AND user_id = %s",
(*params[:-2], datetime.utcnow(), case_id, current_user_id))
conn.commit()
release_db_connection(conn)
return jsonify({"message": "Case updated"})
@cases_blueprint.route('/cases/<int:case_id>', methods=['DELETE'])
def delete_case(case_id):
@token_required
def delete_case(current_user_id, case_id):
conn = get_db_connection()
cur = conn.cursor()
cur.execute("DELETE FROM cases WHERE id = %s", (case_id,))
cur.execute("DELETE FROM cases WHERE id = %s AND user_id = %s", (case_id, current_user_id))
conn.commit()
release_db_connection(conn)
return jsonify({"message": "Case deleted"})
# ---------- FILE UPLOAD ----------
@cases_blueprint.route('/cases/<int:case_id>/files', methods=['POST'])
def upload_files(case_id):
@token_required
def upload_files(current_user_id, case_id):
if 'files' not in request.files:
return jsonify({"error": "No files part in request"}), 400
files = request.files.getlist('files')
@@ -128,6 +136,13 @@ def upload_files(case_id):
upload_folder = current_app.config['UPLOAD_FOLDER']
conn = get_db_connection()
cur = conn.cursor()
# Check ownership
cur.execute("SELECT id FROM cases WHERE id = %s AND user_id = %s", (case_id, current_user_id))
if not cur.fetchone():
release_db_connection(conn)
return jsonify({"error": "Case not found"}), 404
for f in files:
if f.filename == '':
continue
@@ -149,10 +164,11 @@ def upload_files(case_id):
# Get files for a case
@cases_blueprint.route('/cases/<int:case_id>/files', methods=['GET'])
def list_files(case_id):
@token_required
def list_files(current_user_id, case_id):
conn = get_db_connection()
cur = conn.cursor()
cur.execute("SELECT id, file_path, uploaded_at FROM files WHERE case_id = %s", (case_id,))
cur.execute("SELECT f.id, f.file_path, f.uploaded_at FROM files f JOIN cases c ON f.case_id = c.id WHERE f.case_id = %s AND c.user_id = %s", (case_id, current_user_id))
rows = cur.fetchall()
release_db_connection(conn)
files = [{"id": r[0], "path": r[1], "uploaded_at": r[2].isoformat()} for r in rows]

View File

@@ -4,15 +4,17 @@ from datetime import datetime
import json
from ..db import get_db_connection, release_db_connection
from ..middleware import token_required
credentials_blueprint = Blueprint('credentials', __name__)
@credentials_blueprint.route('/credentials', methods=['GET'])
def list_credentials():
@token_required
def list_credentials(current_user_id):
"""Return configured platforms (without exposing secrets)."""
conn = get_db_connection()
cur = conn.cursor()
cur.execute("SELECT platform FROM credentials")
cur.execute("SELECT platform FROM credentials WHERE user_id = %s", (current_user_id,))
rows = cur.fetchall()
release_db_connection(conn)
@@ -20,7 +22,8 @@ def list_credentials():
return jsonify({"configured_platforms": platforms})
@credentials_blueprint.route('/credentials/<string:platform>', methods=['POST'])
def save_credentials(platform):
@token_required
def save_credentials(current_user_id, platform):
"""Save or update credentials for a specific platform."""
data = request.json
api_key = data.get('api_key')
@@ -31,16 +34,29 @@ def save_credentials(platform):
conn = get_db_connection()
cur = conn.cursor()
# --- PLAN LIMIT CHECK ---
cur.execute("SELECT plan FROM users WHERE id = %s", (current_user_id,))
user_plan = cur.fetchone()[0]
if user_plan == 'free':
# Count existing configured platforms for this user
cur.execute("SELECT COUNT(*) FROM credentials WHERE user_id = %s AND platform != %s", (current_user_id, platform))
count = cur.fetchone()[0]
if count >= 1:
release_db_connection(conn)
return jsonify({"error": "Лимит бесплатного тарифа исчерпан (максимум 1 интеграция). Перейдите на PRO."}), 403
# ------------------------
cur.execute(
"""INSERT INTO credentials (platform, api_key, client_id, client_secret, other_data, updated_at)
VALUES (%s, %s, %s, %s, %s, %s)
ON CONFLICT (platform) DO UPDATE SET
"""INSERT INTO credentials (user_id, platform, api_key, client_id, client_secret, other_data, updated_at)
VALUES (%s, %s, %s, %s, %s, %s, %s)
ON CONFLICT (user_id, platform) DO UPDATE SET
api_key = EXCLUDED.api_key,
client_id = EXCLUDED.client_id,
client_secret = EXCLUDED.client_secret,
other_data = EXCLUDED.other_data,
updated_at = EXCLUDED.updated_at""",
(platform, api_key, client_id, client_secret, json.dumps(other_data), datetime.utcnow())
(current_user_id, platform, api_key, client_id, client_secret, json.dumps(other_data), datetime.utcnow())
)
conn.commit()
release_db_connection(conn)
@@ -48,11 +64,12 @@ def save_credentials(platform):
return jsonify({"message": f"Credentials for {platform} saved successfully."}), 200
@credentials_blueprint.route('/credentials/<string:platform>', methods=['DELETE'])
def delete_credentials(platform):
@token_required
def delete_credentials(current_user_id, platform):
"""Delete credentials for a specific platform."""
conn = get_db_connection()
cur = conn.cursor()
cur.execute("DELETE FROM credentials WHERE platform = %s", (platform,))
cur.execute("DELETE FROM credentials WHERE user_id = %s AND platform = %s", (current_user_id, platform))
conn.commit()
release_db_connection(conn)

View File

@@ -0,0 +1,51 @@
from flask import Blueprint, jsonify
from ..db import get_db_connection, release_db_connection
from ..middleware import token_required
dashboard_blueprint = Blueprint('dashboard', __name__)
@dashboard_blueprint.route('/dashboard/stats', methods=['GET'])
@token_required
def get_stats(current_user_id):
conn = get_db_connection()
cur = conn.cursor()
# 1. Total cases
cur.execute("SELECT COUNT(*) FROM cases WHERE user_id = %s", (current_user_id,))
total_cases = cur.fetchone()[0]
# 2. Cases by status
cur.execute("SELECT status, COUNT(*) FROM cases WHERE user_id = %s GROUP BY status", (current_user_id,))
status_rows = cur.fetchall()
cases_by_status = {row[0]: row[1] for row in status_rows}
# 3. Total active integrations
cur.execute("SELECT COUNT(*) FROM credentials WHERE user_id = %s", (current_user_id,))
total_integrations = cur.fetchone()[0]
# 4. List of connected platforms
cur.execute("SELECT platform FROM credentials WHERE user_id = %s", (current_user_id,))
platforms = [row[0] for row in cur.fetchall()]
# 5. Recent activity (last 5 cases)
cur.execute("SELECT id, platform, violator_article, status, created_at FROM cases WHERE user_id = %s ORDER BY created_at DESC LIMIT 5", (current_user_id,))
recent_rows = cur.fetchall()
recent_activity = [
{
"id": r[0],
"platform": r[1],
"article": r[2],
"status": r[3],
"date": r[4].isoformat() if r[4] else None
} for r in recent_rows
]
release_db_connection(conn)
return jsonify({
"total_cases": total_cases,
"cases_by_status": cases_by_status,
"total_integrations": total_integrations,
"platforms": platforms,
"recent_activity": recent_activity
})

96
backend/routes/reports.py Normal file
View File

@@ -0,0 +1,96 @@
import io
import pandas as pd
from flask import Blueprint, send_file, jsonify, make_response
from reportlab.lib.pagesizes import letter
from reportlab.pdfgen import canvas
from reportlab.lib import colors
from reportlab.lib.styles import getSampleStyleSheet
from reportlab.platypus import SimpleDocTemplate, Paragraph, Spacer, Table, TableStyle
from ..db import get_db_connection, release_db_connection
from ..middleware import token_required
reports_blueprint = Blueprint('reports', __name__)
@reports_blueprint.route('/reports/cases/csv', methods=['GET'])
@token_required
def export_cases_csv(current_user_id):
conn = get_db_connection()
query = """
SELECT id, platform, violator_url, violator_article, my_article, comment, status, created_at
FROM cases
WHERE user_id = %s
"""
df = pd.read_sql(query, conn, params=(current_user_id,))
release_db_connection(conn)
output = io.BytesIO()
df.to_csv(output, index=False, encoding='utf-8-sig')
output.seek(0)
return send_file(
output,
mimetype='text/csv',
as_attachment=True,
download_name=f'cases_export_{current_user_id}.csv'
)
@reports_blueprint.route('/reports/case/<int:case_id>/pdf', methods=['GET'])
@token_required
def export_case_pdf(current_user_id, case_id):
conn = get_db_connection()
cur = conn.cursor()
cur.execute("""
SELECT platform, violator_url, violator_article, my_article, comment, status, created_at
FROM cases
WHERE id = %s AND user_id = %s
""", (case_id, current_user_id))
row = cur.fetchone()
release_db_connection(conn)
if not row:
return jsonify({"error": "Case not found"}), 404
platform, v_url, v_art, my_art, comment, status, created_at = row
buffer = io.BytesIO()
doc = SimpleDocTemplate(buffer, pagesize=letter)
styles = getSampleStyleSheet()
elements = []
# Title
elements.append(Paragraph(f"Официальная претензия #{case_id}", styles['Title']))
elements.append(Spacer(1, 12))
# Info table
data = [
["Маркетплейс", platform.upper()],
["Дата создания", created_at.strftime('%Y-%m-%d %H:%M') if created_at else "-"],
["Артикул нарушителя", v_art],
["Ссылка на товар", Paragraph(v_url, styles['Normal'])],
["Ваш артикул", my_art or "-"],
["Текущий статус", status.upper()]
]
t = Table(data, colWidths=[150, 350])
t.setStyle(TableStyle([
('BACKGROUND', (0, 0), (0, -1), colors.lightgrey),
('GRID', (0, 0), (-1, -1), 1, colors.black),
('PADDING', (0, 0), (-1, -1), 6),
]))
elements.append(t)
elements.append(Spacer(1, 24))
# Description
elements.append(Paragraph("Описание нарушения:", styles['Heading2']))
elements.append(Paragraph(comment or "Комментарий отсутствует", styles['Normal']))
doc.build(elements)
buffer.seek(0)
return send_file(
buffer,
mimetype='application/pdf',
as_attachment=True,
download_name=f'complaint_{case_id}.pdf'
)