refactor(backend): ♻️ organize and tag user routes by path

mealie/routes/users/__init__.py

@@ -1,14 +1,23 @@
 from fastapi import APIRouter
 
-from . import api_tokens, auth, crud, sign_up
+from . import api_tokens, crud, favorites, images, passwords, sign_up
 
-user_router = APIRouter()
+# Must be used because of the way FastAPI works with nested routes
+user_prefix = "/users"
 
-user_router.include_router(auth.public_router)
-user_router.include_router(auth.user_router)
-user_router.include_router(sign_up.public_router)
-user_router.include_router(sign_up.admin_router)
-user_router.include_router(crud.public_router)
-user_router.include_router(crud.user_router)
-user_router.include_router(crud.admin_router)
-user_router.include_router(api_tokens.router)
+router = APIRouter()
+
+router.include_router(sign_up.admin_router, prefix=user_prefix, tags=["Users: Sign-Up"])
+router.include_router(sign_up.public_router, prefix=user_prefix, tags=["Users: Sign-Up"])
+
+router.include_router(crud.user_router, prefix=user_prefix, tags=["Users: CRUD"])
+router.include_router(crud.admin_router, prefix=user_prefix, tags=["Users: CRUD"])
+
+router.include_router(passwords.user_router, prefix=user_prefix, tags=["Users: Passwords"])
+
+router.include_router(images.public_router, prefix=user_prefix, tags=["Users: Images"])
+router.include_router(images.user_router, prefix=user_prefix, tags=["Users: Images"])
+
+router.include_router(api_tokens.router, prefix=user_prefix, tags=["Users: Tokens"])
+
+router.include_router(favorites.user_router, prefix=user_prefix, tags=["Users: Favorites"])

mealie/routes/users/_helpers.py

@@ -0,0 +1,8 @@
+from fastapi import HTTPException, status
+from mealie.schema.user.user import UserInDB
+
+
+def assert_user_change_allowed(id: int, current_user: UserInDB):
+    if current_user.id != id and not current_user.admin:
+        # only admins can edit other users
+        raise HTTPException(status.HTTP_403_FORBIDDEN, detail="NOT_AN_ADMIN")

mealie/routes/users/api_tokens.py

@@ -10,7 +10,7 @@ from mealie.routes.routers import UserAPIRouter
 from mealie.schema.user import CreateToken, LoingLiveTokenIn, LongLiveTokenInDB, UserInDB
 from sqlalchemy.orm.session import Session
 
-router = UserAPIRouter(prefix="/api/users", tags=["User API Tokens"])
+router = UserAPIRouter()
 
 
 @router.post("/api-tokens", status_code=status.HTTP_201_CREATED)

mealie/routes/users/auth.py

@@ -1,47 +0,0 @@
-from fastapi import APIRouter, BackgroundTasks, Depends, Request, status
-from fastapi.exceptions import HTTPException
-from fastapi.security import OAuth2PasswordRequestForm
-from mealie.core import security
-from mealie.core.security import authenticate_user
-from mealie.db.db_setup import generate_session
-from mealie.routes.deps import get_current_user
-from mealie.routes.routers import UserAPIRouter
-from mealie.schema.user import UserInDB
-from mealie.services.events import create_user_event
-from sqlalchemy.orm.session import Session
-
-public_router = APIRouter(prefix="/api/auth", tags=["Authentication"])
-user_router = UserAPIRouter(prefix="/api/auth", tags=["Authentication"])
-
-
-@public_router.post("/token/long")
-@public_router.post("/token")
-def get_token(
-    background_tasks: BackgroundTasks,
-    request: Request,
-    data: OAuth2PasswordRequestForm = Depends(),
-    session: Session = Depends(generate_session),
-):
-    email = data.username
-    password = data.password
-
-    user: UserInDB = authenticate_user(session, email, password)
-
-    if not user:
-        background_tasks.add_task(
-            create_user_event, "Failed Login", f"Username: {email}, Source IP: '{request.client.host}'"
-        )
-        raise HTTPException(
-            status_code=status.HTTP_401_UNAUTHORIZED,
-            headers={"WWW-Authenticate": "Bearer"},
-        )
-
-    access_token = security.create_access_token(dict(sub=user.email))
-    return {"access_token": access_token, "token_type": "bearer"}
-
-
-@user_router.get("/refresh")
-async def refresh_token(current_user: UserInDB = Depends(get_current_user)):
-    """ Use a valid token to get another token"""
-    access_token = security.create_access_token(data=dict(sub=current_user.email))
-    return {"access_token": access_token, "token_type": "bearer"}

mealie/routes/users/crud.py

@@ -1,28 +1,22 @@
-import shutil
-
-from fastapi import BackgroundTasks, Depends, File, HTTPException, UploadFile, status
-from fastapi.responses import FileResponse
-from fastapi.routing import APIRouter
+from fastapi import BackgroundTasks, Depends, HTTPException, status
 from mealie.core import security
-from mealie.core.config import app_dirs, settings
-from mealie.core.security import get_password_hash, verify_password
+from mealie.core.security import get_password_hash
 from mealie.db.database import db
 from mealie.db.db_setup import generate_session
 from mealie.routes.deps import get_current_user
 from mealie.routes.routers import AdminAPIRouter, UserAPIRouter
-from mealie.schema.user import ChangePassword, UserBase, UserFavorites, UserIn, UserInDB, UserOut
+from mealie.routes.users._helpers import assert_user_change_allowed
+from mealie.schema.user import UserBase, UserIn, UserInDB, UserOut
 from mealie.services.events import create_user_event
 from sqlalchemy.orm.session import Session
 
-public_router = APIRouter(prefix="/api/users", tags=["Users"])
-user_router = UserAPIRouter(prefix="/api/users", tags=["Users"])
-admin_router = AdminAPIRouter(prefix="/api/users", tags=["Users"])
+user_router = UserAPIRouter(prefix="")
+admin_router = AdminAPIRouter(prefix="")
 
 
-def assert_user_change_allowed(id: int, current_user: UserInDB):
-    if current_user.id != id and not current_user.admin:
-        # only admins can edit other users
-        raise HTTPException(status.HTTP_403_FORBIDDEN, detail="NOT_AN_ADMIN")
+@admin_router.get("", response_model=list[UserOut])
+async def get_all_users(session: Session = Depends(generate_session)):
+    return db.users.get_all(session)
 
 
 @admin_router.post("", response_model=UserOut, status_code=201)
@@ -40,9 +34,33 @@ async def create_user(
     return db.users.create(session, new_user.dict())
 
 
-@admin_router.get("", response_model=list[UserOut])
-async def get_all_users(session: Session = Depends(generate_session)):
-    return db.users.get_all(session)
+@admin_router.get("/{id}", response_model=UserOut)
+async def get_user(
+    id: int,
+    session: Session = Depends(generate_session),
+):
+    return db.users.get(session, id)
+
+
+@admin_router.delete("/{id}")
+def delete_user(
+    background_tasks: BackgroundTasks,
+    id: int,
+    session: Session = Depends(generate_session),
+    current_user: UserInDB = Depends(get_current_user),
+):
+    """ Removes a user from the database. Must be the current user or a super user"""
+
+    assert_user_change_allowed(id, current_user)
+
+    if id == 1:
+        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="SUPER_USER")
+
+    try:
+        db.users.delete(session, id)
+        background_tasks.add_task(create_user_event, "User Deleted", f"User ID: {id}", session=session)
+    except Exception:
+        raise HTTPException(status.HTTP_400_BAD_REQUEST)
 
 
 @user_router.get("/self", response_model=UserOut)
@@ -52,24 +70,6 @@ async def get_logged_in_user(
     return current_user.dict()
 
 
-@admin_router.get("/{id}", response_model=UserOut)
-async def get_user_by_id(
-    id: int,
-    session: Session = Depends(generate_session),
-):
-    return db.users.get(session, id)
-
-
-@user_router.put("/{id}/reset-password")
-async def reset_user_password(
-    id: int,
-    session: Session = Depends(generate_session),
-):
-
-    new_password = get_password_hash(settings.DEFAULT_PASSWORD)
-    db.users.update_password(session, id, new_password)
-
-
 @user_router.put("/{id}")
 async def update_user(
     id: int,
@@ -91,117 +91,4 @@ async def update_user(
     db.users.update(session, id, new_data.dict())
     if current_user.id == id:
         access_token = security.create_access_token(data=dict(sub=new_data.email))
-        token = {"access_token": access_token, "token_type": "bearer"}
-        return token
-
-
-@public_router.get("/{id}/image")
-async def get_user_image(id: str):
-    """ Returns a users profile picture """
-    user_dir = app_dirs.USER_DIR.joinpath(id)
-    for recipe_image in user_dir.glob("profile_image.*"):
-        return FileResponse(recipe_image)
-    else:
-        raise HTTPException(status.HTTP_404_NOT_FOUND)
-
-
-@user_router.post("/{id}/image")
-def update_user_image(
-    id: str,
-    profile_image: UploadFile = File(...),
-    current_user: UserInDB = Depends(get_current_user),
-):
-    """ Updates a User Image """
-
-    assert_user_change_allowed(id, current_user)
-
-    extension = profile_image.filename.split(".")[-1]
-
-    app_dirs.USER_DIR.joinpath(id).mkdir(parents=True, exist_ok=True)
-
-    [x.unlink() for x in app_dirs.USER_DIR.joinpath(id).glob("profile_image.*")]
-
-    dest = app_dirs.USER_DIR.joinpath(id, f"profile_image.{extension}")
-
-    with dest.open("wb") as buffer:
-        shutil.copyfileobj(profile_image.file, buffer)
-
-    if not dest.is_file:
-        raise HTTPException(status.HTTP_500_INTERNAL_SERVER_ERROR)
-
-
-@user_router.put("/{id}/password")
-def update_password(
-    id: int,
-    password_change: ChangePassword,
-    current_user: UserInDB = Depends(get_current_user),
-    session: Session = Depends(generate_session),
-):
-    """ Resets the User Password"""
-
-    assert_user_change_allowed(id, current_user)
-    match_passwords = verify_password(password_change.current_password, current_user.password)
-
-    if not (match_passwords):
-        raise HTTPException(status.HTTP_400_BAD_REQUEST)
-
-    new_password = get_password_hash(password_change.new_password)
-    db.users.update_password(session, id, new_password)
-
-
-@user_router.get("/{id}/favorites", response_model=UserFavorites)
-async def get_favorites(id: str, session: Session = Depends(generate_session)):
-    """ Get user's favorite recipes """
-
-    return db.users.get(session, id, override_schema=UserFavorites)
-
-
-@user_router.post("/{id}/favorites/{slug}")
-def add_favorite(
-    slug: str,
-    current_user: UserInDB = Depends(get_current_user),
-    session: Session = Depends(generate_session),
-):
-    """ Adds a Recipe to the users favorites """
-
-    assert_user_change_allowed(id, current_user)
-    current_user.favorite_recipes.append(slug)
-
-    db.users.update(session, current_user.id, current_user)
-
-
-@user_router.delete("/{id}/favorites/{slug}")
-def remove_favorite(
-    slug: str,
-    current_user: UserInDB = Depends(get_current_user),
-    session: Session = Depends(generate_session),
-):
-    """ Adds a Recipe to the users favorites """
-
-    assert_user_change_allowed(id, current_user)
-    current_user.favorite_recipes = [x for x in current_user.favorite_recipes if x != slug]
-
-    db.users.update(session, current_user.id, current_user)
-
-    return
-
-
-@admin_router.delete("/{id}")
-def delete_user(
-    background_tasks: BackgroundTasks,
-    id: int,
-    session: Session = Depends(generate_session),
-    current_user: UserInDB = Depends(get_current_user),
-):
-    """ Removes a user from the database. Must be the current user or a super user"""
-
-    assert_user_change_allowed(id, current_user)
-
-    if id == 1:
-        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="SUPER_USER")
-
-    try:
-        db.users.delete(session, id)
-        background_tasks.add_task(create_user_event, "User Deleted", f"User ID: {id}", session=session)
-    except Exception:
-        raise HTTPException(status.HTTP_400_BAD_REQUEST)
+        return {"access_token": access_token, "token_type": "bearer"}

mealie/routes/users/favorites.py

@@ -0,0 +1,47 @@
+from fastapi import Depends
+from mealie.db.database import db
+from mealie.db.db_setup import generate_session
+from mealie.routes.deps import get_current_user
+from mealie.routes.routers import UserAPIRouter
+from mealie.routes.users._helpers import assert_user_change_allowed
+from mealie.schema.user import UserFavorites, UserInDB
+from sqlalchemy.orm.session import Session
+
+user_router = UserAPIRouter()
+
+
+@user_router.get("/{id}/favorites", response_model=UserFavorites)
+async def get_favorites(id: str, session: Session = Depends(generate_session)):
+    """ Get user's favorite recipes """
+
+    return db.users.get(session, id, override_schema=UserFavorites)
+
+
+@user_router.post("/{id}/favorites/{slug}")
+def add_favorite(
+    slug: str,
+    current_user: UserInDB = Depends(get_current_user),
+    session: Session = Depends(generate_session),
+):
+    """ Adds a Recipe to the users favorites """
+
+    assert_user_change_allowed(id, current_user)
+    current_user.favorite_recipes.append(slug)
+
+    db.users.update(session, current_user.id, current_user)
+
+
+@user_router.delete("/{id}/favorites/{slug}")
+def remove_favorite(
+    slug: str,
+    current_user: UserInDB = Depends(get_current_user),
+    session: Session = Depends(generate_session),
+):
+    """ Adds a Recipe to the users favorites """
+
+    assert_user_change_allowed(id, current_user)
+    current_user.favorite_recipes = [x for x in current_user.favorite_recipes if x != slug]
+
+    db.users.update(session, current_user.id, current_user)
+
+    return

mealie/routes/users/images.py

@@ -0,0 +1,48 @@
+import shutil
+
+from fastapi import Depends, File, HTTPException, UploadFile, status
+from fastapi.responses import FileResponse
+from fastapi.routing import APIRouter
+from mealie.core.config import app_dirs
+from mealie.routes.deps import get_current_user
+from mealie.routes.routers import UserAPIRouter
+from mealie.routes.users._helpers import assert_user_change_allowed
+from mealie.schema.user import UserInDB
+
+public_router = APIRouter(prefix="", tags=["Users: Images"])
+user_router = UserAPIRouter(prefix="", tags=["Users: Images"])
+
+
+@public_router.get("/{id}/image")
+async def get_user_image(id: str):
+    """ Returns a users profile picture """
+    user_dir = app_dirs.USER_DIR.joinpath(id)
+    for recipe_image in user_dir.glob("profile_image.*"):
+        return FileResponse(recipe_image)
+    else:
+        raise HTTPException(status.HTTP_404_NOT_FOUND)
+
+
+@user_router.post("/{id}/image")
+def update_user_image(
+    id: str,
+    profile_image: UploadFile = File(...),
+    current_user: UserInDB = Depends(get_current_user),
+):
+    """ Updates a User Image """
+
+    assert_user_change_allowed(id, current_user)
+
+    extension = profile_image.filename.split(".")[-1]
+
+    app_dirs.USER_DIR.joinpath(id).mkdir(parents=True, exist_ok=True)
+
+    [x.unlink() for x in app_dirs.USER_DIR.joinpath(id).glob("profile_image.*")]
+
+    dest = app_dirs.USER_DIR.joinpath(id, f"profile_image.{extension}")
+
+    with dest.open("wb") as buffer:
+        shutil.copyfileobj(profile_image.file, buffer)
+
+    if not dest.is_file:
+        raise HTTPException(status.HTTP_500_INTERNAL_SERVER_ERROR)

mealie/routes/users/passwords.py

@@ -0,0 +1,41 @@
+from fastapi import Depends, HTTPException, status
+from mealie.core.config import settings
+from mealie.core.security import get_password_hash, verify_password
+from mealie.db.database import db
+from mealie.db.db_setup import generate_session
+from mealie.routes.deps import get_current_user
+from mealie.routes.routers import UserAPIRouter
+from mealie.routes.users._helpers import assert_user_change_allowed
+from mealie.schema.user import ChangePassword, UserInDB
+from sqlalchemy.orm.session import Session
+
+user_router = UserAPIRouter(prefix="")
+
+
+@user_router.put("/{id}/reset-password")
+async def reset_user_password(
+    id: int,
+    session: Session = Depends(generate_session),
+):
+
+    new_password = get_password_hash(settings.DEFAULT_PASSWORD)
+    db.users.update_password(session, id, new_password)
+
+
+@user_router.put("/{id}/password")
+def update_password(
+    id: int,
+    password_change: ChangePassword,
+    current_user: UserInDB = Depends(get_current_user),
+    session: Session = Depends(generate_session),
+):
+    """ Resets the User Password"""
+
+    assert_user_change_allowed(id, current_user)
+    match_passwords = verify_password(password_change.current_password, current_user.password)
+
+    if not (match_passwords):
+        raise HTTPException(status.HTTP_400_BAD_REQUEST)
+
+    new_password = get_password_hash(password_change.new_password)
+    db.users.update_password(session, id, new_password)

mealie/routes/users/sign_up.py

@@ -6,12 +6,13 @@ from mealie.db.database import db
 from mealie.db.db_setup import generate_session
 from mealie.routes.deps import get_admin_user
 from mealie.routes.routers import AdminAPIRouter
-from mealie.schema.user import SignUpIn, SignUpOut, SignUpToken, UserIn, UserInDB
+from mealie.schema.user import (SignUpIn, SignUpOut, SignUpToken, UserIn,
+                                UserInDB)
 from mealie.services.events import create_user_event
 from sqlalchemy.orm.session import Session
 
-public_router = APIRouter(prefix="/api/users/sign-ups", tags=["User Signup"])
-admin_router = AdminAPIRouter(prefix="/api/users/sign-ups", tags=["User Signup"])
+public_router = APIRouter(prefix="/sign-ups")
+admin_router = AdminAPIRouter(prefix="/sign-ups")
 
 
 @admin_router.get("", response_model=list[SignUpOut])