Lars
53f2b027cc
Some checks failed
Deploy Development / deploy (push) Successful in 43s
Test Suite / pytest-backend (push) Failing after 2s
Test Suite / lint-backend (push) Successful in 0s
Test Suite / build-frontend (push) Successful in 13s
Test Suite / k6 /health Baseline (push) Successful in 34s
Test Suite / playwright-tests (push) Successful in 1m20s
- Introduced new catalog context handling in planning prompt functions, allowing for improved integration of planning variables. - Added optional catalog context parameters in various functions to streamline the merging of planning prompt variables. - Updated frontend components to include CatalogPromptSlotsEditor for managing prompt slots across different catalog types. - Enhanced API utilities to support fetching and updating catalog prompt slots, improving backend functionality for catalog management. - Incremented version numbers and updated changelog to reflect the new features and improvements.
300 lines
11 KiB
Python
300 lines
11 KiB
Python
"""
|
|
Shinkan Jinkendo - Main Application Entry Point
|
|
|
|
Trainer- und Vereinsplattform für Kampfsport-Trainingsplanung
|
|
"""
|
|
from pathlib import Path
|
|
from typing import Optional
|
|
|
|
from fastapi import FastAPI, Request
|
|
from fastapi.middleware.cors import CORSMiddleware
|
|
from fastapi.responses import JSONResponse
|
|
from fastapi.staticfiles import StaticFiles
|
|
import os
|
|
import sys
|
|
|
|
from slowapi import _rate_limit_exceeded_handler
|
|
from slowapi.errors import RateLimitExceeded
|
|
|
|
from version import APP_VERSION, BUILD_DATE, DB_SCHEMA_VERSION, MODULE_VERSIONS
|
|
|
|
|
|
def _is_production_environment() -> bool:
|
|
return os.getenv("ENVIRONMENT", "development").strip().lower() in ("production", "prod")
|
|
|
|
|
|
def _public_openapi_enabled() -> bool:
|
|
return os.getenv("PUBLIC_OPENAPI", "").strip().lower() in ("1", "true", "yes")
|
|
|
|
|
|
def _health_ready_public_detail_enabled() -> bool:
|
|
"""In Prod standardmäßig keine Tabellen-/Migrations-Details (Information Disclosure)."""
|
|
return os.getenv("HEALTH_READY_PUBLIC_DETAIL", "").strip().lower() in ("1", "true", "yes")
|
|
|
|
|
|
# Run database migrations before API start — halbes Schema ist schlimmer als kein Start
|
|
# (run_migrations: pending *.sql in einer Transaktion pro Datei, Buchführung schema_migrations)
|
|
# Lokal ohne DB / nur Tests: SKIP_DB_MIGRATE=1
|
|
if os.getenv("SKIP_DB_MIGRATE", "").strip().lower() in ("1", "true", "yes"):
|
|
print("[SKIP_DB_MIGRATE] Migrationen uebersprungen (nur fuer Entwicklung ohne DB)")
|
|
else:
|
|
try:
|
|
import run_migrations
|
|
|
|
rc = run_migrations.main()
|
|
if rc != 0:
|
|
print(f"[FAIL] Datenbank-Migration fehlgeschlagen (Exit-Code {rc}). Start abgebrochen.")
|
|
sys.exit(1)
|
|
print("[OK] Database migrations completed")
|
|
except SystemExit:
|
|
raise
|
|
except Exception as e:
|
|
print(f"[FAIL] Migration-Laufzeitfehler: {e}")
|
|
sys.exit(1)
|
|
|
|
# Registry-first: Module → DB (nur registrierte Rechte/Kontingente in Admin-Matrix)
|
|
if os.getenv("SKIP_DB_MIGRATE", "").strip().lower() not in ("1", "true", "yes"):
|
|
try:
|
|
from rights_registry import sync_rights_registry_to_db
|
|
|
|
counts = sync_rights_registry_to_db()
|
|
print(
|
|
f"[OK] Rights registry sync: {counts['capabilities']} capabilities, "
|
|
f"{counts['features']} features"
|
|
)
|
|
except Exception as e:
|
|
print(f"[FAIL] Rights registry sync: {e}")
|
|
sys.exit(1)
|
|
|
|
from club_features import club_feature_enforcement_enabled
|
|
|
|
_cfe = os.getenv("CLUB_FEATURE_ENFORCE", "0")
|
|
print(
|
|
f"[OK] CLUB_FEATURE_ENFORCE raw={_cfe!r} "
|
|
f"active={club_feature_enforcement_enabled()}"
|
|
)
|
|
|
|
from routers.auth import limiter as auth_rate_limiter
|
|
|
|
# OpenAPI: in Produktion standardmäßig aus (Schema nicht öffentlich). Notfall: PUBLIC_OPENAPI=1
|
|
_expose_docs = (not _is_production_environment()) or _public_openapi_enabled()
|
|
_openapi_url = "/openapi.json" if _expose_docs else None
|
|
_docs_url = "/docs" if _expose_docs else None
|
|
_redoc_url = "/redoc" if _expose_docs else None
|
|
|
|
# Initialize FastAPI app
|
|
app = FastAPI(
|
|
title="Shinkan Jinkendo API",
|
|
description="Trainer- und Vereinsplattform für Kampfsport-Trainingsplanung",
|
|
version=APP_VERSION,
|
|
openapi_url=_openapi_url,
|
|
docs_url=_docs_url,
|
|
redoc_url=_redoc_url,
|
|
)
|
|
|
|
# SlowAPI: Rate Limits auf /api/auth/* (Decorator in routers/auth.py)
|
|
app.state.limiter = auth_rate_limiter
|
|
app.add_exception_handler(RateLimitExceeded, _rate_limit_exceeded_handler)
|
|
|
|
# CORS — kommaseparierte Liste (z. B. https://dev.shinkan… und http://192.168.x.x:3098)
|
|
_cors_raw = os.getenv("ALLOWED_ORIGINS", "http://localhost:3098")
|
|
ALLOWED_ORIGINS = [o.strip() for o in _cors_raw.split(",") if o.strip()]
|
|
|
|
app.add_middleware(
|
|
CORSMiddleware,
|
|
allow_origins=ALLOWED_ORIGINS,
|
|
allow_credentials=True,
|
|
allow_methods=["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"],
|
|
allow_headers=["Content-Type", "X-Auth-Token", "X-Active-Club-Id"],
|
|
)
|
|
|
|
|
|
@app.middleware("http")
|
|
async def account_onboarding_api_gate(request: Request, call_next):
|
|
"""
|
|
Phase A: Domänen-APIs für unverified / verified_pending_club sperren.
|
|
Siehe account_onboarding_gate.py und MEMBERSHIP_RBAC_DECISIONS_2026-06.md §1.1
|
|
"""
|
|
from account_onboarding_gate import evaluate_request_gate
|
|
|
|
token = request.headers.get("x-auth-token") or request.headers.get("X-Auth-Token")
|
|
allowed, reason, _state = evaluate_request_gate(
|
|
token,
|
|
request.url.path,
|
|
request.method,
|
|
)
|
|
if not allowed:
|
|
return JSONResponse(
|
|
status_code=403,
|
|
content={
|
|
"detail": (
|
|
"Zugriff erst nach E-Mail-Bestätigung und Vereinsmitgliedschaft möglich. "
|
|
"Du kannst einen Beitrittsantrag stellen oder dein Konto in den Einstellungen verwalten."
|
|
),
|
|
"reason": reason,
|
|
},
|
|
)
|
|
return await call_next(request)
|
|
|
|
|
|
@app.middleware("http")
|
|
async def add_api_security_headers(request: Request, call_next):
|
|
"""Konsistente Basis-Header auch für rein JSON-Responses (MIME-Sniffing)."""
|
|
response = await call_next(request)
|
|
response.headers.setdefault("X-Content-Type-Options", "nosniff")
|
|
return response
|
|
|
|
# Version Endpoint (public, no auth)
|
|
@app.get("/api/version")
|
|
def get_version():
|
|
"""Get application version and build info"""
|
|
return {
|
|
"app_version": APP_VERSION,
|
|
"build_date": BUILD_DATE,
|
|
"backend_version": APP_VERSION,
|
|
"modules": MODULE_VERSIONS,
|
|
"db_schema_version": DB_SCHEMA_VERSION,
|
|
"environment": os.getenv("ENVIRONMENT", "development")
|
|
}
|
|
|
|
# Health Check
|
|
@app.get("/health")
|
|
def health_check():
|
|
"""Health check endpoint"""
|
|
return {"status": "healthy", "version": APP_VERSION}
|
|
|
|
|
|
@app.get("/api/health/ready")
|
|
def health_ready():
|
|
"""
|
|
Verbindung + Kern-Tabellen prüfen (ohne Login).
|
|
Nutzen bei Prod-Debugging: wenn schema_complete=false, Migrationen nicht vollständig.
|
|
"""
|
|
from db import get_db, get_cursor
|
|
|
|
REQUIRED = (
|
|
"schema_migrations",
|
|
"skills",
|
|
"skill_main_categories",
|
|
"skill_categories",
|
|
"maturity_models",
|
|
"sessions",
|
|
"club_members",
|
|
"club_member_roles",
|
|
)
|
|
tables: dict = {}
|
|
err: Optional[str] = None
|
|
try:
|
|
with get_db() as conn:
|
|
cur = get_cursor(conn)
|
|
cur.execute("SELECT 1")
|
|
for tbl in REQUIRED:
|
|
cur.execute(
|
|
"""
|
|
SELECT EXISTS (
|
|
SELECT 1 FROM information_schema.tables
|
|
WHERE table_schema = 'public' AND table_name = %s
|
|
)
|
|
""",
|
|
(tbl,),
|
|
)
|
|
row = cur.fetchone()
|
|
tables[tbl] = bool(next(iter(row.values()))) if row else False
|
|
migration_count = 0
|
|
if tables.get("schema_migrations"):
|
|
cur.execute("SELECT COUNT(*)::int FROM schema_migrations")
|
|
mig_row = cur.fetchone()
|
|
migration_count = (
|
|
int(list(mig_row.values())[0]) if mig_row is not None else 0
|
|
)
|
|
except Exception as e:
|
|
err = str(e)
|
|
migration_count = 0
|
|
|
|
complete = bool(err is None and all(tables.get(t) for t in REQUIRED))
|
|
body = {
|
|
"status": "ready" if complete else "degraded",
|
|
"database": err is None,
|
|
"detail": err,
|
|
"schema_complete": complete,
|
|
"tables": tables,
|
|
"schema_migrations_count": migration_count,
|
|
}
|
|
if _is_production_environment() and not _health_ready_public_detail_enabled():
|
|
return {
|
|
"status": body["status"],
|
|
"database": body["database"],
|
|
"schema_complete": body["schema_complete"],
|
|
}
|
|
return body
|
|
|
|
|
|
# Root Endpoint
|
|
@app.get("/")
|
|
def read_root():
|
|
"""Root endpoint - API info"""
|
|
out = {
|
|
"app": "Shinkan Jinkendo API",
|
|
"version": APP_VERSION,
|
|
"health": "/health",
|
|
}
|
|
if _expose_docs:
|
|
out["docs"] = "/docs"
|
|
return out
|
|
|
|
# Register routers
|
|
from routers import auth, profiles, exercises, exercise_progression_graphs, clubs, club_memberships, club_join_requests, club_creation_requests, admin_users, admin_user_content, admin_rights, me_entitlements, platform_media_storage, media_assets, skills, skill_profiles, training_planning, planning_exercise_suggest, dashboard, training_modules, training_framework_programs, catalogs, catalog_prompt_slots, maturity_models, matrix_stack_bundle, matrix_editor, import_wiki, import_wiki_admin, legal_documents, content_reports, ai_prompts_admin, ai_skill_retrieval_admin, exercise_enrichment_admin
|
|
|
|
app.include_router(auth.router)
|
|
app.include_router(profiles.router)
|
|
app.include_router(exercises.router)
|
|
app.include_router(exercise_progression_graphs.router)
|
|
app.include_router(clubs.router)
|
|
app.include_router(club_memberships.router)
|
|
app.include_router(club_join_requests.router)
|
|
app.include_router(club_creation_requests.router)
|
|
app.include_router(admin_users.router)
|
|
app.include_router(admin_user_content.router)
|
|
app.include_router(admin_rights.router)
|
|
app.include_router(me_entitlements.router)
|
|
app.include_router(platform_media_storage.router)
|
|
app.include_router(media_assets.router)
|
|
app.include_router(media_assets.admin_rights_router)
|
|
app.include_router(media_assets.admin_legal_hold_router)
|
|
app.include_router(skills.router)
|
|
app.include_router(skill_profiles.router)
|
|
app.include_router(training_planning.router)
|
|
app.include_router(planning_exercise_suggest.router)
|
|
app.include_router(dashboard.router)
|
|
app.include_router(training_modules.router)
|
|
app.include_router(training_framework_programs.router)
|
|
app.include_router(catalogs.router)
|
|
app.include_router(catalog_prompt_slots.router)
|
|
app.include_router(maturity_models.router)
|
|
app.include_router(matrix_stack_bundle.router)
|
|
app.include_router(matrix_editor.router)
|
|
app.include_router(import_wiki.router)
|
|
app.include_router(import_wiki_admin.router)
|
|
app.include_router(legal_documents.router)
|
|
app.include_router(content_reports.router)
|
|
app.include_router(ai_prompts_admin.router)
|
|
app.include_router(ai_skill_retrieval_admin.router)
|
|
app.include_router(exercise_enrichment_admin.router)
|
|
|
|
# Lokale Übungs-Medien: standardmäßig nur über geschützten API-Pfad
|
|
# GET /api/exercises/{id}/media/{mid}/file (?ssetoken für <img>/<video>).
|
|
# Notfall/Legacy: ALLOW_PUBLIC_MEDIA_STATIC=1 → wieder öffentlich unter /media/
|
|
_media_dir = os.getenv("MEDIA_ROOT", str(Path(__file__).resolve().parent / "media"))
|
|
Path(_media_dir).mkdir(parents=True, exist_ok=True)
|
|
if os.getenv("ALLOW_PUBLIC_MEDIA_STATIC", "").strip().lower() in ("1", "true", "yes"):
|
|
app.mount("/media", StaticFiles(directory=_media_dir), name="media")
|
|
|
|
if __name__ == "__main__":
|
|
import uvicorn
|
|
uvicorn.run(
|
|
"main:app",
|
|
host="0.0.0.0",
|
|
port=8000,
|
|
reload=True
|
|
)
|