Session 2026-04-20: Medien-Konvertierung, Umami Analytics, Username/Privacy

- HEIC→JPEG, MOV/AVI→MP4 Konvertierung bei allen Upload-Endpoints (media_utils.py) - ffmpeg im Docker-Image, Video-Thumbnails (extract_video_thumb, poster-Attribut) - Google Analytics entfernt, Umami self-hosted eingebunden (index.html, datenschutz.js) - Admin-Panel Analytics-Tab: Stat-Cards, Sparkline 7 Tage, Top-Seiten (Umami-API-Proxy) - Admin-Panel Tab-Icons korrigiert (aus vorhandenem Phosphor-Sprite) - users.real_name Spalte: Username öffentlich, echter Name privat und optional - Registrierung: Label "Benutzername", Leerzeichen verboten, Profanity-Blockliste - Datenschutzerklärung: GA-Abschnitt durch Umami-Text ersetzt
2026-04-20 18:36:58 +02:00 · 2026-04-20 18:36:58 +02:00 · 5141ba9969
commit 5141ba9969
parent 9a78121a3e
20 changed files with 524 additions and 143 deletions
--- a/backend/routes/admin.py
+++ b/backend/routes/admin.py
@ -17,6 +17,26 @@ router = APIRouter()
 _TZ         = ZoneInfo("Europe/Berlin")
 _start_time = time.time()

+# Umami token cache
+_umami_token: dict = {"token": None, "expires": 0.0}
+
+
+async def _umami_auth() -> str:
+    global _umami_token
+    if _umami_token["token"] and time.time() < _umami_token["expires"]:
+        return _umami_token["token"]
+    import httpx
+    url  = os.getenv("UMAMI_URL", "").rstrip("/")
+    resp = await httpx.AsyncClient().post(
+        f"{url}/api/auth/login",
+        json={"username": os.getenv("UMAMI_USERNAME"), "password": os.getenv("UMAMI_PASSWORD")},
+        timeout=10,
+    )
+    resp.raise_for_status()
+    tok = resp.json()["token"]
+    _umami_token = {"token": tok, "expires": time.time() + 23 * 3600}
+    return tok
+
 # Audit-Tabelle anlegen (einmalig beim Import)
 with db() as _conn:
    _conn.executescript("""
@ -481,3 +501,52 @@ async def audit_log(limit: int = 50, user=Depends(require_admin)):
            (min(limit, 200),),
        ).fetchall()
    return [dict(r) for r in rows]
+
+
+# ------------------------------------------------------------------
+# GET /api/admin/analytics — Umami-Proxy
+# ------------------------------------------------------------------
+@router.get("/analytics")
+async def get_analytics(user=Depends(require_mod)):
+    import httpx
+    from datetime import timedelta
+    url     = os.getenv("UMAMI_URL", "").rstrip("/")
+    site_id = os.getenv("UMAMI_SITE_ID", "")
+    if not url or not site_id:
+        raise HTTPException(503, "Umami nicht konfiguriert.")
+    token   = await _umami_auth()
+    headers = {"Authorization": f"Bearer {token}"}
+
+    now         = datetime.now(_TZ)
+    today_start = now.replace(hour=0, minute=0, second=0, microsecond=0)
+    week_start  = today_start - timedelta(days=6)
+    now_ms      = int(now.timestamp() * 1000)
+    today_ms    = int(today_start.timestamp() * 1000)
+    week_ms     = int(week_start.timestamp() * 1000)
+
+    async with httpx.AsyncClient(timeout=10) as c:
+        r_today = await c.get(f"{url}/api/websites/{site_id}/stats",
+                              params={"startAt": today_ms, "endAt": now_ms}, headers=headers)
+        r_week  = await c.get(f"{url}/api/websites/{site_id}/stats",
+                              params={"startAt": week_ms,  "endAt": now_ms}, headers=headers)
+        r_pv    = await c.get(f"{url}/api/websites/{site_id}/pageviews",
+                              params={"startAt": week_ms, "endAt": now_ms,
+                                      "unit": "day", "timezone": "Europe/Berlin"}, headers=headers)
+        r_pages = await c.get(f"{url}/api/websites/{site_id}/metrics",
+                              params={"startAt": week_ms, "endAt": now_ms,
+                                      "type": "url", "limit": 8}, headers=headers)
+
+    def _to_list(r):
+        j = r.json()
+        if isinstance(j, list):
+            return j
+        if isinstance(j, dict):
+            return j.get("data", j.get("metrics", []))
+        return []
+
+    return {
+        "today":     r_today.json(),
+        "week":      r_week.json(),
+        "pageviews": r_pv.json(),
+        "top_pages": _to_list(r_pages),
+    }
--- a/backend/routes/auth.py
+++ b/backend/routes/auth.py
@ -12,6 +12,7 @@ from auth import (
    hash_password, verify_password, create_token,
    get_current_user
 )
+from username_blocklist import is_username_blocked

 router = APIRouter()
 COOKIE_NAME = "by_token"
@ -45,9 +46,13 @@ def _set_cookie(response: Response, token: str):
 async def register(data: RegisterRequest, response: Response):
    name = data.name.strip()
    if len(name) < 2:
-        raise HTTPException(400, "Name muss mindestens 2 Zeichen lang sein.")
+        raise HTTPException(400, "Benutzername muss mindestens 2 Zeichen lang sein.")
    if len(name) > 40:
-        raise HTTPException(400, "Name darf maximal 40 Zeichen lang sein.")
+        raise HTTPException(400, "Benutzername darf maximal 40 Zeichen lang sein.")
+    if ' ' in name:
+        raise HTTPException(400, "Benutzername darf keine Leerzeichen enthalten.")
+    if is_username_blocked(name):
+        raise HTTPException(400, "Dieser Benutzername ist nicht erlaubt.")

    with db() as conn:
        if conn.execute("SELECT 1 FROM users WHERE email=?", (data.email,)).fetchone():
@ -137,7 +142,7 @@ async def get_referral_info(user=Depends(get_current_user)):
 async def me(user=Depends(get_current_user)):
    with db() as conn:
        row = conn.execute(
-            """SELECT id, name, email, rolle, is_premium, email_verified,
+            """SELECT id, name, real_name, email, rolle, is_premium, email_verified,
                      bio, wohnort, erfahrung, social_link,
                      profil_sichtbarkeit, avatar_url, created_at
               FROM users WHERE id=?""",
--- a/backend/routes/diary.py
+++ b/backend/routes/diary.py
@ -8,6 +8,7 @@ from database import db
 from auth import get_current_user
 import ki as KI
 import httpx
+from media_utils import convert_media, extract_video_thumb

 router    = APIRouter()
 MEDIA_DIR = os.getenv("MEDIA_DIR", "/data/media")
@ -486,14 +487,20 @@ async def upload_media(dog_id: int, entry_id: int,
                           ".mp4",".mov",".webm",".m4v",".pdf"}:
            raise HTTPException(415, "Nur Bilder, Videos und PDFs erlaubt.")

-    ext        = os.path.splitext(file.filename or "")[1] or ".jpg"
+    raw_data   = await file.read()
+    raw_data, ext = convert_media(raw_data, file.filename or "")
+    if not ext:
+        ext = ".jpg"
    filename   = f"diary_{entry_id}_{uuid.uuid4().hex[:8]}{ext}"
    path       = os.path.join(MEDIA_DIR, "diary", filename)
    media_type = _guess_media_type(ct, file.filename or "")
    os.makedirs(os.path.dirname(path), exist_ok=True)

    with open(path, "wb") as f:
-        f.write(await file.read())
+        f.write(raw_data)
+
+    if media_type == "video":
+        extract_video_thumb(path)

    media_url = f"/media/diary/{filename}"

--- a/backend/routes/forum.py
+++ b/backend/routes/forum.py
@ -7,6 +7,7 @@ from typing import Optional
 from database import db
 from auth import get_current_user, get_current_user_optional
 from routes.push import send_push_to_user
+from media_utils import convert_media, extract_video_thumb

 logger = logging.getLogger(__name__)

@ -76,10 +77,13 @@ def _save_upload(file: UploadFile, data: bytes) -> str:
    ext = os.path.splitext(file.filename or "")[1].lower() or ".jpg"
    if ext not in _FORUM_ALLOWED_EXT:
        raise HTTPException(415, "Dateityp nicht erlaubt.")
+    data, ext = convert_media(data, file.filename or "")
    filename = f"{uuid.uuid4().hex}{ext}"
    path     = os.path.join(FORUM_DIR, filename)
    with open(path, "wb") as f:
        f.write(data)
+    if ext in {".mp4", ".webm"}:
+        extract_video_thumb(path)
    return f"/media/forum/{filename}"

 def _parse_foto_urls(raw) -> list:
--- a/backend/routes/lost.py
+++ b/backend/routes/lost.py
@ -8,6 +8,7 @@ from typing import Optional
 from database import db
 from auth import get_current_user
 from routes.push import send_push_to_all
+from media_utils import convert_media

 router    = APIRouter()
 MEDIA_DIR = os.getenv("MEDIA_DIR", "/data/media")
@ -115,13 +116,15 @@ async def upload_foto(
    if not entry:
        raise HTTPException(404, "Meldung nicht gefunden oder keine Berechtigung.")

-    ext      = os.path.splitext(file.filename or "")[1] or ".jpg"
+    data, ext = convert_media(await file.read(), file.filename or "")
+    if not ext:
+        ext = ".jpg"
    filename = f"lost_{lost_id}_{uuid.uuid4().hex[:8]}{ext}"
    path     = os.path.join(MEDIA_DIR, "lost", filename)
    os.makedirs(os.path.dirname(path), exist_ok=True)

    with open(path, "wb") as f:
-        f.write(await file.read())
+        f.write(data)

    foto_url = f"/media/lost/{filename}"
    with db() as conn:
--- a/backend/routes/poison.py
+++ b/backend/routes/poison.py
@ -8,6 +8,7 @@ from typing import Optional
 from database import db
 from auth import get_current_user
 from routes.push import send_push_to_all
+from media_utils import convert_media

 router    = APIRouter()
 MEDIA_DIR = os.getenv("MEDIA_DIR", "/data/media")
@ -174,13 +175,15 @@ async def upload_photo(
    if not entry:
        raise HTTPException(404, "Meldung nicht gefunden oder keine Berechtigung.")

-    ext      = os.path.splitext(file.filename or "")[1] or ".jpg"
+    data, ext = convert_media(await file.read(), file.filename or "")
+    if not ext:
+        ext = ".jpg"
    filename = f"poison_{poison_id}_{uuid.uuid4().hex[:8]}{ext}"
    path     = os.path.join(MEDIA_DIR, "poison", filename)
    os.makedirs(os.path.dirname(path), exist_ok=True)

    with open(path, "wb") as f:
-        f.write(await file.read())
+        f.write(data)

    foto_url = f"/media/poison/{filename}"
    with db() as conn:
--- a/backend/routes/profile.py
+++ b/backend/routes/profile.py
@ -19,6 +19,7 @@ VALID_SICHTBARKEIT    = {"public", "friends", "private"}


 class ProfileUpdate(BaseModel):
+    real_name:            Optional[str] = None
    bio:                  Optional[str] = None
    wohnort:              Optional[str] = None
    erfahrung:            Optional[str] = None
@ -29,7 +30,7 @@ class ProfileUpdate(BaseModel):
 def _load_user(user_id: int) -> dict:
    with db() as conn:
        row = conn.execute(
-            """SELECT id, name, email, rolle, is_premium, email_verified,
+            """SELECT id, name, real_name, email, rolle, is_premium, email_verified,
                      bio, wohnort, erfahrung, social_link,
                      profil_sichtbarkeit, avatar_url, created_at
               FROM users WHERE id=?""",
--- a/backend/routes/routen.py
+++ b/backend/routes/routen.py
@ -8,6 +8,7 @@ from typing import Optional, List
 from database import db
 from auth import get_current_user, get_current_user_optional
 from routes.achievements import update_streak, check_and_award
+from media_utils import convert_media
 from routes.push import send_push_to_user

 router = APIRouter()
@ -344,12 +345,14 @@ async def add_route_photo(
    if dict(row)['user_id'] != user['id']:
        raise HTTPException(403, "Nicht berechtigt.")

-    ext      = os.path.splitext(file.filename or "")[1] or ".jpg"
+    data, ext = convert_media(await file.read(), file.filename or "")
+    if not ext:
+        ext = ".jpg"
    filename = f"route_{route_id}_{uuid.uuid4().hex[:8]}{ext}"
    path     = os.path.join(MEDIA_DIR, "routes", filename)
    os.makedirs(os.path.dirname(path), exist_ok=True)
    with open(path, "wb") as f:
-        f.write(await file.read())
+        f.write(data)

    foto_url = f"/media/routes/{filename}"
    with db() as conn: