Base login now requests only openid/email/profile (non-sensitive), so a new user gets a clean Google consent with no "unverified app" warning and no 7-day refresh token expiry. YouTube read (youtube.readonly) and write (youtube) are granted later by the onboarding wizard via a parameterized /auth/upgrade?access=read|write. Security fixes folded in from the baseline audit: - config: refuse to boot in production (https OAUTH_REDIRECT_URL) with the placeholder/short SECRET_KEY or a missing TOKEN_ENCRYPTION_KEY, closing a session-forgery / admin-impersonation hole. - main: mark the session cookie Secure when served over HTTPS. - me: expose can_read; sync/subscriptions returns a friendly 403 (not a 500) until YouTube read access is granted.
51 lines
1.4 KiB
Python
51 lines
1.4 KiB
Python
from fastapi import APIRouter, Depends
|
|
from sqlalchemy import func, select
|
|
from sqlalchemy.orm import Session
|
|
|
|
from app.auth import current_user, has_read_scope, has_write_scope
|
|
from app.db import get_db
|
|
from app.models import Invite, User
|
|
|
|
router = APIRouter(prefix="/api/me", tags=["me"])
|
|
|
|
|
|
@router.get("")
|
|
def get_me(
|
|
user: User = Depends(current_user), db: Session = Depends(get_db)
|
|
) -> dict:
|
|
pending_invites = 0
|
|
if user.role == "admin":
|
|
pending_invites = (
|
|
db.scalar(
|
|
select(func.count())
|
|
.select_from(Invite)
|
|
.where(Invite.status == "pending")
|
|
)
|
|
or 0
|
|
)
|
|
return {
|
|
"id": user.id,
|
|
"email": user.email,
|
|
"display_name": user.display_name,
|
|
"avatar_url": user.avatar_url,
|
|
"role": user.role,
|
|
"can_read": has_read_scope(user),
|
|
"can_write": has_write_scope(user),
|
|
"pending_invites": pending_invites,
|
|
"preferences": user.preferences or {},
|
|
}
|
|
|
|
|
|
@router.put("/preferences")
|
|
def update_preferences(
|
|
preferences: dict,
|
|
user: User = Depends(current_user),
|
|
db: Session = Depends(get_db),
|
|
) -> dict:
|
|
# Merge so partial updates don't wipe other keys.
|
|
merged = dict(user.preferences or {})
|
|
merged.update(preferences)
|
|
user.preferences = merged
|
|
db.add(user)
|
|
db.commit()
|
|
return {"preferences": merged}
|