rene/banyaro
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
banyaro/backend/routes/knigge.py
rene 1ff66a7083 Sicherheit + Tests + A11y, SW by-v1118 
PYDANTIC max_length (38 Routen, ~400 Field-Constraints):
Schützt vor DoS durch Riesen-Payloads (10MB Thread-Titel etc.).
Pragmatische Limits:
- Titel/Name: 200 · Beschreibung/Body: 10000 · Notiz: 5000
- Email: 254 (RFC 5321) · URL: 500 · Slug/Kategorie: 100
- Hund-Name/Rasse: 80 · Hund-Bio: 2000

Top-betroffen: forum.py, diary.py, health.py, dogs.py, expenses.py,
notes.py, auth.py, profile.py. Manuelle len()-Checks in profile,
chat, ki entfernt (jetzt durch Field abgedeckt).

PYTEST COVERAGE (+19 Tests, 37 grün + 1 xfail):
- test_security.py: require_owner (Places GET/PATCH/DELETE mit
  Fremduser → 403), JWT-Blacklist (Logout invalidiert Token),
  Login-Lockout (5 Fehlversuche → 429 + Retry-After Header)
- test_race.py: Invoice-Counter (20 parallele Threads, alle unique),
  Founder-Number (atomare Vergabe, voll bei 100)
- test_validation.py: Forum-Titel 30k Zeichen → 422, Diary-Text
  50k → 422 (verifiziert Pydantic max_length-Sweep)

A11Y (Tap-Targets ≥44×44 + Dark-Mode-Kontrast):
- #header-user-btn 36→44px, .header-back 40→44, .header-menu-btn 40→44
- dog-profile Wrapped-Slider Prev/Next 40→44
- forum-Lightbox Close 40→44
- --c-text-muted Light: #B0A090 (2.37:1 FAIL) → #7F6B58 (4.74:1 PASS)
- --c-text-muted Dark:  #806A58 (3.58:1 FAIL) → #A08878 (5.46:1 PASS)
- Branding-Farben unangetastet
2026-05-27 13:40:30 +02:00

114 lines
4 KiB
Python
Raw Permalink Blame History

"""BAN YARO — Hunde-Knigge Routes"""
from fastapi import APIRouter, Depends, HTTPException, Query
from pydantic import BaseModel, Field
from typing import Optional
from database import db
from auth import get_current_user, get_current_user_optional
router = APIRouter()
# ------------------------------------------------------------------
# Schemas
# ------------------------------------------------------------------
class VoteRequest(BaseModel):
szenario_id: str = Field(..., max_length=100)
answer: str = Field(..., max_length=100)
class KiRatRequest(BaseModel):
situation: str = Field(..., min_length=3, max_length=2000)
# ------------------------------------------------------------------
# POST /api/knigge/vote — Stimme abgeben oder ändern (Auth required)
# ------------------------------------------------------------------
@router.post("/vote")
async def vote(data: VoteRequest, user=Depends(get_current_user)):
if not data.szenario_id or not data.answer:
raise HTTPException(400, "szenario_id und answer sind erforderlich.")
with db() as conn:
# Upsert: vorhandene Stimme ersetzen oder neu anlegen
conn.execute(
"""INSERT INTO knigge_votes (szenario_id, user_id, answer)
VALUES (?, ?, ?)
ON CONFLICT(szenario_id, user_id) DO UPDATE SET answer=excluded.answer""",
(data.szenario_id, user["id"], data.answer),
)
rows = conn.execute(
"""SELECT answer, COUNT(*) as cnt
FROM knigge_votes
WHERE szenario_id=?
GROUP BY answer""",
(data.szenario_id,),
).fetchall()
counts = {r["answer"]: r["cnt"] for r in rows}
return {"counts": counts, "user_answer": data.answer}
# ------------------------------------------------------------------
# GET /api/knigge/votes?szenario_id= — Stimmen abrufen (kein Auth nötig)
# ------------------------------------------------------------------
@router.get("/votes")
async def get_votes(
szenario_id: str = Query(...),
user=Depends(get_current_user_optional),
):
with db() as conn:
rows = conn.execute(
"""SELECT answer, COUNT(*) as cnt
FROM knigge_votes
WHERE szenario_id=?
GROUP BY answer""",
(szenario_id,),
).fetchall()
user_answer = None
if user:
row = conn.execute(
"SELECT answer FROM knigge_votes WHERE szenario_id=? AND user_id=?",
(szenario_id, user["id"]),
).fetchone()
if row:
user_answer = row["answer"]
counts = {r["answer"]: r["cnt"] for r in rows}
return {"counts": counts, "user_answer": user_answer}
# ------------------------------------------------------------------
# POST /api/knigge/ki-rat — KI-Situationsberater (Auth required)
# ------------------------------------------------------------------
@router.post("/ki-rat")
async def ki_rat(data: KiRatRequest, user=Depends(get_current_user)):
from ki import complete, KIUnavailableError, KIPremiumRequired
if not data.situation or not data.situation.strip():
raise HTTPException(400, "Situation darf nicht leer sein.")
system = (
"Du bist ein erfahrener Hundeexperte und Hundetrainer. "
"Deine Aufgabe ist es, Hundebesitzern kurze, praktische Ratschläge zu geben. "
"Antworte immer auf Deutsch, freundlich und verständlich."
)
prompt = (
f"Situation: {data.situation.strip()}\n\n"
"Gib einen kurzen, praktischen Rat (maximal 3 Sätze) was der Hundebesitzer tun sollte."
)
try:
rat = await complete(
prompt,
system=system,
max_tokens=300,
requires_premium=False,
user_is_premium=bool(user.get("is_premium")),
user_id=user["id"],
)
return {"rat": rat}
except KIPremiumRequired as e:
raise HTTPException(402, str(e))
except KIUnavailableError as e:
raise HTTPException(503, str(e))
Reference in a new issue View git blame Copy permalink