feat: implement core backend API structure and frontend service layer for case management and authentication

This commit is contained in:
2026-05-12 15:41:57 +03:00
parent ee39a3d83b
commit bd73f18d5c
13 changed files with 718 additions and 63 deletions

View File

@@ -5,6 +5,7 @@ from werkzeug.utils import secure_filename
from datetime import datetime
from ..db import get_db_connection, release_db_connection
from ..middleware import token_required
cases_blueprint = Blueprint('cases', __name__)
@@ -24,7 +25,8 @@ def serialize_case(row):
# ---------- CASE CRUD ----------
@cases_blueprint.route('/cases', methods=['GET'])
def list_cases():
@token_required
def list_cases(current_user_id):
# optional filters: ?article=...&status=...&platform=...
article = request.args.get('article')
status = request.args.get('status')
@@ -32,8 +34,8 @@ def list_cases():
conn = get_db_connection()
cur = conn.cursor()
query = "SELECT id, platform, violator_url, violator_article, my_article, comment, status, created_at, updated_at FROM cases"
params = []
conditions = []
params = [current_user_id]
conditions = ["user_id = %s"]
if article:
conditions.append("violator_article = %s")
params.append(article)
@@ -52,7 +54,8 @@ def list_cases():
return jsonify([serialize_case(r) for r in rows])
@cases_blueprint.route('/cases', methods=['POST'])
def create_case():
@token_required
def create_case(current_user_id):
data = request.json
required = ["platform", "violator_url", "violator_article"]
for f in required:
@@ -61,9 +64,10 @@ def create_case():
conn = get_db_connection()
cur = conn.cursor()
cur.execute(
"""INSERT INTO cases (platform, violator_url, violator_article, my_article, comment, status)
VALUES (%s, %s, %s, %s, %s, %s) RETURNING id""",
"""INSERT INTO cases (user_id, platform, violator_url, violator_article, my_article, comment, status)
VALUES (%s, %s, %s, %s, %s, %s, %s) RETURNING id""",
(
current_user_id,
data.get('platform'),
data.get('violator_url'),
data.get('violator_article'),
@@ -78,10 +82,11 @@ def create_case():
return jsonify({"id": case_id}), 201
@cases_blueprint.route('/cases/<int:case_id>', methods=['GET'])
def get_case(case_id):
@token_required
def get_case(current_user_id, case_id):
conn = get_db_connection()
cur = conn.cursor()
cur.execute("SELECT id, platform, violator_url, violator_article, my_article, comment, status, created_at, updated_at FROM cases WHERE id = %s", (case_id,))
cur.execute("SELECT id, platform, violator_url, violator_article, my_article, comment, status, created_at, updated_at FROM cases WHERE id = %s AND user_id = %s", (case_id, current_user_id))
row = cur.fetchone()
release_db_connection(conn)
if not row:
@@ -89,7 +94,8 @@ def get_case(case_id):
return jsonify(serialize_case(row))
@cases_blueprint.route('/cases/<int:case_id>', methods=['PUT'])
def update_case(case_id):
@token_required
def update_case(current_user_id, case_id):
data = request.json
fields = []
params = []
@@ -100,27 +106,29 @@ def update_case(case_id):
params.append(data[f])
if not fields:
return jsonify({"error": "No updatable fields provided"}), 400
params.append(case_id)
params.extend([case_id, current_user_id])
conn = get_db_connection()
cur = conn.cursor()
cur.execute(f"UPDATE cases SET {', '.join(fields)}, updated_at = %s WHERE id = %s",
(*params[:-1], datetime.utcnow(), case_id))
cur.execute(f"UPDATE cases SET {', '.join(fields)}, updated_at = %s WHERE id = %s AND user_id = %s",
(*params[:-2], datetime.utcnow(), case_id, current_user_id))
conn.commit()
release_db_connection(conn)
return jsonify({"message": "Case updated"})
@cases_blueprint.route('/cases/<int:case_id>', methods=['DELETE'])
def delete_case(case_id):
@token_required
def delete_case(current_user_id, case_id):
conn = get_db_connection()
cur = conn.cursor()
cur.execute("DELETE FROM cases WHERE id = %s", (case_id,))
cur.execute("DELETE FROM cases WHERE id = %s AND user_id = %s", (case_id, current_user_id))
conn.commit()
release_db_connection(conn)
return jsonify({"message": "Case deleted"})
# ---------- FILE UPLOAD ----------
@cases_blueprint.route('/cases/<int:case_id>/files', methods=['POST'])
def upload_files(case_id):
@token_required
def upload_files(current_user_id, case_id):
if 'files' not in request.files:
return jsonify({"error": "No files part in request"}), 400
files = request.files.getlist('files')
@@ -128,6 +136,13 @@ def upload_files(case_id):
upload_folder = current_app.config['UPLOAD_FOLDER']
conn = get_db_connection()
cur = conn.cursor()
# Check ownership
cur.execute("SELECT id FROM cases WHERE id = %s AND user_id = %s", (case_id, current_user_id))
if not cur.fetchone():
release_db_connection(conn)
return jsonify({"error": "Case not found"}), 404
for f in files:
if f.filename == '':
continue
@@ -149,10 +164,11 @@ def upload_files(case_id):
# Get files for a case
@cases_blueprint.route('/cases/<int:case_id>/files', methods=['GET'])
def list_files(case_id):
@token_required
def list_files(current_user_id, case_id):
conn = get_db_connection()
cur = conn.cursor()
cur.execute("SELECT id, file_path, uploaded_at FROM files WHERE case_id = %s", (case_id,))
cur.execute("SELECT f.id, f.file_path, f.uploaded_at FROM files f JOIN cases c ON f.case_id = c.id WHERE f.case_id = %s AND c.user_id = %s", (case_id, current_user_id))
rows = cur.fetchall()
release_db_connection(conn)
files = [{"id": r[0], "path": r[1], "uploaded_at": r[2].isoformat()} for r in rows]