Commit Graph

74 Commits

Author SHA1 Message Date
Georges-Antoine Assi
ae9b01e38d update rules 2025-10-05 14:42:57 -04:00
Georges-Antoine Assi
f6d7f9d1c1 [ROMM-2509] Validate user email and username 2025-10-05 14:11:34 -04:00
Michael Manganiello
40326112bd misc: Improve API docs for Delete endpoints
Add more detailed descriptions for Delete endpoints.
2025-09-09 11:05:47 -03:00
Michael Manganiello
e4e3928d1b misc: Apply import sorting 2025-09-04 11:17:00 -03:00
Michael Manganiello
9cede7680f feat: Add incremental sync for RetroAchievements progression
This change makes the RetroAchievements progression sync endpoint to
optionally perform an incremental sync (when `incremental` is true),
by only fetching new achievements since the last sync.

This reduces the amount of data fetched and speeds up the sync
process for users who frequently sync their progression. It unblocks the
implementation of automatic periodic syncs in the future.

Frontend behavior:
- When the `Apply` button is clicked in the RetroAchievements settings,
  a full sync is performed (same as before). This is because a change to
  the RA username may have occurred.
- When the `Sync` button is clicked, an incremental sync is performed.
2025-08-27 10:41:51 -03:00
zurdi
7f96a44190 Add validation for empty username/password in registration 2025-08-22 13:35:58 +02:00
Georges-Antoine Assi
a6d078d4f5 changes from code review 2025-08-02 22:28:00 -04:00
Georges-Antoine Assi
8061db40b2 fix tests and cleanup 2025-08-02 17:55:43 -04:00
Georges-Antoine Assi
7fba92588d get rid of delete response 2025-08-02 14:39:33 -04:00
Georges-Antoine Assi
70fe56296b Replace MessageResponse with spcific responses 2025-08-02 13:42:35 -04:00
Georges-Antoine Assi
af27ce15ad fix uploading user profile iamge 2025-07-19 09:53:44 -04:00
Georges-Antoine Assi
51652d5084 make all path stuff async 2025-07-18 10:53:55 -04:00
Georges-Antoine Assi
0d95735351 finish updating endpoints 2025-07-17 14:44:13 -04:00
Michael Manganiello
b1ba322408 fix: Use request body for user creation and update endpoints
Stop using query parameters for user creation and update endpoints in
the API. Instead, use the request body to pass user data.

This change stops leaking sensitive information like passwords in the
URL.

Fixes #2010
2025-06-25 00:44:05 -03:00
zurdi
e12114e9ef fix: update badge path handling and improve user progression refresh logic 2025-06-18 10:25:51 +00:00
Zurdi
d838ada4ef Update backend/endpoints/user.py
Co-authored-by: Georges-Antoine Assi <3247106+gantoine@users.noreply.github.com>
2025-05-14 20:16:55 +02:00
Zurdi
2ad5bbb447 Update backend/endpoints/user.py
Co-authored-by: Georges-Antoine Assi <3247106+gantoine@users.noreply.github.com>
2025-05-14 20:16:40 +02:00
zurdi
d0799409e2 feat: implement user registration with invite link handling and create Register component 2025-05-13 22:58:59 +00:00
zurdi
0d09f510de feat: implement invite link creation with role assignment and user registration 2025-05-13 22:28:46 +00:00
zurdi
500ff5e67f add: endpoint to generate invite link token 2025-05-13 17:40:07 +00:00
zurdi
07fcad6bbe Merge remote-tracking branch 'origin/master' into feature/retroachievements 2025-04-25 20:52:01 +00:00
zurdi
13b7f2006f fix: update user avatar handling to preserve original file extension 2025-04-25 12:07:30 +00:00
zurdi
e17f6b44de feat: Add RetroAchievements integration and user profile syncing
- Implemented RA hash handling in ROM processing.
- Added functionality to refresh RetroAchievements data for users.
- Updated user model to store RA progression data.
- Created a new component for managing RetroAchievements settings in user profiles.
- Enhanced ROM metadata to include merged RA achievements and badge paths.
- Refactored API calls to accommodate new RA features and removed unused API key handling.
- Updated frontend components to reflect changes in RA metadata and user settings.
- Adjusted Docker configuration for database service naming.
2025-04-22 21:08:10 +00:00
zurdi
30a0be2c4c Merge branch 'master' into HEAD 2025-04-10 22:56:55 +00:00
Georges-Antoine Assi
7d54ef877b [HOTFIX] Remove single forward-slash endpoints 2025-02-11 13:48:24 -05:00
Michael Manganiello
70825830c4 misc: Set prefix and tags to API routers
Improve OpenAPI documentation by setting tags to each API router. Also,
set a prefix to each router to group the endpoints by their
functionality.
2025-02-09 11:31:13 -03:00
Georges-Antoine Assi
79575b1b30 Merge branch 'master' into fix/username-case-insensitive 2025-01-30 17:44:06 -05:00
Georges-Antoine Assi
696a1c6122 Merge branch 'master' into rom-hashing-background-task 2025-01-15 21:51:23 -05:00
Michael Manganiello
f0049d79d0 fix: Case-insensitive username and email check
Move case-insensitivity to the database layer, for both `username` and
`email` fields.

Fixes #1486.
2025-01-13 23:21:55 -03:00
Michael Manganiello
6867486419 fix: Set users email to null if empty
When a user does not set an email address, we now set it to `NULL` in
the database. That bypasses the unique constraint on the `email` column,
allowing multiple users to have no email address set.

Fixes #1445.
2025-01-13 22:44:24 -03:00
Michael Manganiello
865370ec13 misc: Move auth constants to separate file
This simplifies avoiding circular imports when trying to use auth
handlers.
2025-01-08 22:16:31 -03:00
Georges-Antoine Assi
3fcce6606c complete updating the endpoints and models 2024-12-20 22:41:56 -05:00
Georges-Antoine Assi
8177a0c8ae merge user and settings endpoints 2024-12-14 22:11:42 -05:00
Georges-Antoine Assi
d0ccd6a0cd Merge branch 'master' into feat/retro_achievements 2024-12-14 21:24:49 -05:00
Georges-Antoine Assi
34d49e6494 changes from self review 2024-12-13 11:33:39 -05:00
Georges-Antoine Assi
1ca4d894dd Merge branch 'master' into openid-connect 2024-12-13 11:24:04 -05:00
Georges-Antoine Assi
fa1eceed7a [HOTFIX] Lower permission on update user endpoint and check perms internally 2024-12-12 10:47:27 -05:00
Georges-Antoine Assi
e953398cab add email to user create 2024-12-12 10:43:45 -05:00
Georges-Antoine Assi
82ac766c9e oidc login using email 2024-12-12 10:08:27 -05:00
Georges-Antoine Assi
bc5c2e45f3 wokring oidc setup with authentik 2024-11-26 23:57:15 -05:00
Michael Manganiello
beeb9f0c31 misc: Create enum for authorization scopes
Instead of using just strings, this change converts the scopes to a
`StrEnum`, to be compatible with places where a string is expected. This
avoids typos when using these scopes, simplifies searching for usages,
and improves type hints.

An extra change was the fix to the Firmware download endpoint, which
wasn't respecting the `DISABLE_DOWNLOAD_ENDPOINT_AUTH` flag.
2024-10-18 23:57:42 -03:00
Michael Manganiello
eba2971ffb fix: Simplify query that validates new username already exists
Instead of fetching all users and checking if the new username is present
in the list, we can directly query the database for the username.
2024-10-14 01:10:31 -03:00
Michael Manganiello
1df27079c4 fix: Avoid query during import time to set add_user endpoint scopes
The `add_user` endpoint was querying the database at import time, to
decide whether to enforce the `users.write` scope or not. This is
problematic because the database might not be ready at import time.

Also, the decided `scopes` was being maintained for the entire
application lifetime, which is not ideal, as users can be created
without having the `users.write` scope, until the application is
restarted.
2024-10-13 22:27:14 -03:00
SaraVieira
9b298d46eb use env & reuse request 2024-09-10 21:00:20 +01:00
SaraVieira
dc3a363bf2 finish endpoint; add final FE 2024-09-04 23:29:15 +01:00
SaraVieira
3070b7e9be use data from db 2024-09-04 18:09:33 +01:00
Michael Manganiello
8abbae4c02 misc: Make backend handle URLs with trailing slash
According to multiple FastAPI discussions [1], FastAPI only includes a
built-in mechanism to redirect requests including a trailing slash, to
its variation without slash, using a `307` status code.

This can be an issue when certain clients do not send the same headers
on the redirected request.

This change adds a custom FastAPI `APIRouter`, that registers both route
path variations (with and without trailing slash), while only marking
the path without slash for being included in the OpenAPI schema.

[1] https://github.com/fastapi/fastapi/discussions/7298
2024-08-07 00:22:21 -03:00
Michael Manganiello
749e4d65c1 misc: Use PYTEST_VERSION variable to detect Pytest runs
Pytest v8.2 introduced the `PYTEST_VERSION` environment variable [1],
that can be used to check if code is running from within a pytest run.

This way, we can avoid checking the loaded `sys` modules.

[1] https://docs.pytest.org/en/stable/changelog.html#id57
2024-07-27 12:03:44 -03:00
Michael Manganiello
d1fda9081f fix: Add missing awaits on read/write for async opened files 2024-07-27 00:38:05 -03:00
Michael Manganiello
c5b150c1eb fix: Enable flake8-async rules in ruff and fix warnings
`ASYNC` rules [1] tries to find issues regarding asynchronous code. This
change enables `ruff` to start reporting these issues, and fixes
existing warnings.

[1] https://docs.astral.sh/ruff/rules/#flake8-async-async
2024-07-26 21:40:46 -03:00