mitai-jinkendo/backend/routers/caliper.py

"""
Caliper/Skinfold Tracking Endpoints for Mitai Jinkendo

Handles body fat measurements via skinfold caliper (4 methods supported).
"""
import uuid
import logging
from typing import Optional

from fastapi import APIRouter, Header, Depends, HTTPException

from db import get_db, get_cursor, r2d
from auth import require_auth, check_feature_access, increment_feature_usage
from models import CaliperEntry
from routers.profiles import get_pid
from feature_logger import log_feature_usage
from caliper_composition import enrich_caliper_row_for_response, fill_caliper_body_comp, load_weight_rows

router = APIRouter(prefix="/api/caliper", tags=["caliper"])
logger = logging.getLogger(__name__)


@router.get("")
def list_caliper(limit: int=100, x_profile_id: Optional[str]=Header(default=None), session: dict=Depends(require_auth)):
    """Get caliper entries for current profile."""
    pid = get_pid(x_profile_id)
    with get_db() as conn:
        cur = get_cursor(conn)
        cur.execute(
            "SELECT * FROM caliper_log WHERE profile_id=%s ORDER BY date DESC LIMIT %s", (pid,limit))
        rows = [r2d(r) for r in cur.fetchall()]
        weight_rows = load_weight_rows(conn, pid)
        for row in rows:
            enrich_caliper_row_for_response(row, weight_rows)
        return rows


@router.post("")
def upsert_caliper(e: CaliperEntry, x_profile_id: Optional[str]=Header(default=None), session: dict=Depends(require_auth)):
    """Create or update caliper entry (upsert by date)."""
    pid = get_pid(x_profile_id)

    # Phase 4: Check feature access and ENFORCE
    access = check_feature_access(pid, 'caliper_entries')
    log_feature_usage(pid, 'caliper_entries', access, 'create')

    if not access['allowed']:
        logger.warning(
            f"[FEATURE-LIMIT] User {pid} blocked: "
            f"caliper_entries {access['reason']} (used: {access['used']}, limit: {access['limit']})"
        )
        raise HTTPException(
            status_code=403,
            detail=f"Limit erreicht: Du hast das Kontingent für Caliper-Einträge überschritten ({access['used']}/{access['limit']}). "
                   f"Bitte kontaktiere den Admin oder warte bis zum nächsten Reset."
        )

    with get_db() as conn:
        cur = get_cursor(conn)
        cur.execute("SELECT id FROM caliper_log WHERE profile_id=%s AND date=%s", (pid,e.date))
        ex = cur.fetchone()
        d = e.model_dump()
        fill_caliper_body_comp(d, conn, pid)
        is_new_entry = not ex

        if ex:
            # UPDATE existing entry
            eid = ex['id']
            sets = ', '.join(f"{k}=%s" for k in d if k!='date')
            cur.execute(f"UPDATE caliper_log SET {sets} WHERE id=%s",
                         [v for k,v in d.items() if k!='date']+[eid])
        else:
            # INSERT new entry
            eid = str(uuid.uuid4())
            cur.execute("""INSERT INTO caliper_log
                (id,profile_id,date,sf_method,sf_chest,sf_axilla,sf_triceps,sf_subscap,sf_suprailiac,
                 sf_abdomen,sf_thigh,sf_calf_med,sf_lowerback,sf_biceps,body_fat_pct,lean_mass,fat_mass,notes,created)
                VALUES (%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,CURRENT_TIMESTAMP)""",
                (eid,pid,d['date'],d['sf_method'],d['sf_chest'],d['sf_axilla'],d['sf_triceps'],
                 d['sf_subscap'],d['sf_suprailiac'],d['sf_abdomen'],d['sf_thigh'],d['sf_calf_med'],
                 d['sf_lowerback'],d['sf_biceps'],d['body_fat_pct'],d['lean_mass'],d['fat_mass'],d['notes']))

            # Phase 2: Increment usage counter (only for new entries)
            increment_feature_usage(pid, 'caliper_entries')

    return {"id":eid,"date":e.date}


@router.put("/{eid}")
def update_caliper(eid: str, e: CaliperEntry, x_profile_id: Optional[str]=Header(default=None), session: dict=Depends(require_auth)):
    """Update existing caliper entry."""
    pid = get_pid(x_profile_id)
    with get_db() as conn:
        d = e.model_dump()
        fill_caliper_body_comp(d, conn, pid)
        cur = get_cursor(conn)
        cur.execute(f"UPDATE caliper_log SET {', '.join(f'{k}=%s' for k in d)} WHERE id=%s AND profile_id=%s",
                     list(d.values())+[eid,pid])
    return {"id":eid}


@router.delete("/{eid}")
def delete_caliper(eid: str, x_profile_id: Optional[str]=Header(default=None), session: dict=Depends(require_auth)):
    """Delete caliper entry."""
    pid = get_pid(x_profile_id)
    with get_db() as conn:
        cur = get_cursor(conn)
        cur.execute("DELETE FROM caliper_log WHERE id=%s AND profile_id=%s", (eid,pid))
    return {"ok":True}