first commit

This commit is contained in:
Justin Visser 2026-03-02 20:09:27 +01:00
commit b47f825d54
83 changed files with 10016 additions and 0 deletions

0
backend/app/__init__.py Normal file
View file

14
backend/app/auth.py Normal file
View file

@ -0,0 +1,14 @@
from fastapi import HTTPException, Request
from app.config import get_settings
def require_admin(request: Request) -> None:
token = request.query_params.get("token")
if token is None:
auth_header = request.headers.get("authorization", "")
if auth_header.startswith("Bearer "):
token = auth_header.removeprefix("Bearer ")
if token is None or token != get_settings().admin_token:
raise HTTPException(status_code=401, detail="Invalid or missing token")

18
backend/app/config.py Normal file
View file

@ -0,0 +1,18 @@
from functools import lru_cache
from pydantic_settings import BaseSettings
class Settings(BaseSettings):
admin_token: str
site_title: str = "Untitled Site"
data_dir: str = "./data"
max_upload_bytes: int = 100_000_000
allowed_upload_types: str = "pdf,png,jpg,jpeg,gif,mp4,webm,mp3,wav,ogg,webp"
model_config = {"env_prefix": "HANDIN_"}
@lru_cache
def get_settings() -> Settings:
return Settings()

41
backend/app/database.py Normal file
View file

@ -0,0 +1,41 @@
import sqlite3
from pathlib import Path
def init_db(db_path: Path) -> None:
db_path.parent.mkdir(parents=True, exist_ok=True)
conn = sqlite3.connect(db_path)
try:
conn.execute("PRAGMA journal_mode=WAL")
conn.execute("PRAGMA busy_timeout=5000")
conn.execute("""
CREATE TABLE IF NOT EXISTS site (
key TEXT PRIMARY KEY,
value TEXT NOT NULL
)
""")
conn.execute("""
CREATE TABLE IF NOT EXISTS segments (
id TEXT PRIMARY KEY,
type TEXT NOT NULL,
sort_order INTEGER NOT NULL,
title TEXT NOT NULL,
content TEXT NOT NULL DEFAULT '',
metadata TEXT NOT NULL DEFAULT '{}',
created_at TEXT NOT NULL,
updated_at TEXT NOT NULL
)
""")
conn.execute(
"CREATE INDEX IF NOT EXISTS idx_segments_order ON segments(sort_order)"
)
conn.commit()
finally:
conn.close()
def get_connection(db_path: Path) -> sqlite3.Connection:
conn = sqlite3.connect(db_path)
conn.row_factory = sqlite3.Row
conn.execute("PRAGMA busy_timeout=5000")
return conn

41
backend/app/main.py Normal file
View file

@ -0,0 +1,41 @@
from collections.abc import AsyncIterator
from contextlib import asynccontextmanager
from pathlib import Path
from fastapi import FastAPI
from fastapi.staticfiles import StaticFiles
from app.config import get_settings
from app.database import init_db
from app.routes.assets import router as assets_router
from app.routes.auth import router as auth_router
from app.routes.segments import router as segments_router
from app.routes.site import router as site_router
@asynccontextmanager
async def lifespan(_app: FastAPI) -> AsyncIterator[None]:
data_dir = Path(get_settings().data_dir)
init_db(data_dir / "handin.db")
assets_path = data_dir / "assets"
assets_path.mkdir(parents=True, exist_ok=True)
yield
app = FastAPI(title="Handin Website", lifespan=lifespan)
app.include_router(auth_router)
app.include_router(segments_router)
app.include_router(site_router)
app.include_router(assets_router)
@app.get("/api/health")
def health_check() -> dict[str, str]:
return {"status": "ok"}
# Serve built frontend SPA (must be registered last — catch-all)
_static_dir = Path(__file__).resolve().parent.parent.parent / "static"
if _static_dir.is_dir():
app.mount("/", StaticFiles(directory=str(_static_dir), html=True), name="static")

62
backend/app/models.py Normal file
View file

@ -0,0 +1,62 @@
from datetime import datetime
from enum import StrEnum
from uuid import UUID
from pydantic import BaseModel, Field
class SegmentType(StrEnum):
MARKDOWN = "markdown"
PDF = "pdf"
VIDEO = "video"
AUDIO = "audio"
IFRAME = "iframe"
GALLERY = "gallery"
LINK = "link"
class Segment(BaseModel):
id: UUID
type: SegmentType
sort_order: int
title: str
content: str = ""
metadata: dict[str, object] = Field(default_factory=dict)
created_at: datetime
updated_at: datetime
class SegmentCreateRequest(BaseModel):
type: SegmentType
title: str
content: str = ""
metadata: dict[str, object] = Field(default_factory=dict)
class SegmentUpdateRequest(BaseModel):
title: str | None = None
content: str | None = None
metadata: dict[str, object] | None = None
class ReorderRequest(BaseModel):
segment_ids: list[UUID]
class SiteUpdateRequest(BaseModel):
title: str
class SegmentResponse(BaseModel):
id: UUID
type: SegmentType
sort_order: int
title: str
content: str
metadata: dict[str, object]
created_at: datetime
updated_at: datetime
class SiteResponse(BaseModel):
title: str

View file

View file

@ -0,0 +1,69 @@
from pathlib import Path
from typing import Annotated
from fastapi import APIRouter, Depends, HTTPException, Response, UploadFile
from fastapi.responses import FileResponse
from app.auth import require_admin
from app.config import Settings, get_settings
from app.services import asset_service
router = APIRouter(prefix="/api/assets", tags=["assets"])
def get_assets_dir() -> Path:
return Path(get_settings().data_dir) / "assets"
AssetsDir = Annotated[Path, Depends(get_assets_dir)]
Admin = Annotated[None, Depends(require_admin)]
AppSettings = Annotated[Settings, Depends(get_settings)]
@router.post("/", status_code=201)
async def upload_asset(
file: UploadFile,
_admin: Admin,
assets_dir: AssetsDir,
settings: AppSettings,
) -> dict[str, str]:
content = await file.read()
try:
saved = asset_service.save_asset(
assets_dir,
file.filename or "upload",
content,
settings.allowed_upload_types,
settings.max_upload_bytes,
)
except ValueError as exc:
msg = str(exc)
if "File too large" in msg:
raise HTTPException(status_code=413, detail=msg) from None
raise HTTPException(status_code=415, detail=msg) from None
return {"filename": saved}
@router.get("/{filename}")
def serve_asset(
filename: str,
assets_dir: AssetsDir,
) -> FileResponse:
file_path = (assets_dir / filename).resolve()
if not str(file_path).startswith(str(assets_dir.resolve())):
raise HTTPException(status_code=404, detail="Asset not found")
if not file_path.exists():
raise HTTPException(status_code=404, detail="Asset not found")
return FileResponse(file_path)
@router.delete("/{filename}")
def delete_asset(
filename: str,
_admin: Admin,
assets_dir: AssetsDir,
) -> Response:
deleted = asset_service.delete_asset(assets_dir, filename)
if not deleted:
raise HTTPException(status_code=404, detail="Asset not found")
return Response(status_code=204)

View file

@ -0,0 +1,14 @@
from typing import Annotated
from fastapi import APIRouter, Depends
from app.auth import require_admin
router = APIRouter(prefix="/api/auth", tags=["auth"])
Admin = Annotated[None, Depends(require_admin)]
@router.get("/verify")
def verify_token(_: Admin) -> dict[str, bool]:
return {"valid": True}

View file

@ -0,0 +1,93 @@
import threading
from pathlib import Path
from typing import Annotated
from uuid import UUID
from fastapi import APIRouter, Depends, HTTPException, Response
from app.auth import require_admin
from app.config import get_settings
from app.database import init_db
from app.models import (
ReorderRequest,
SegmentCreateRequest,
SegmentResponse,
SegmentUpdateRequest,
)
from app.services import segment_service
router = APIRouter(prefix="/api/segments", tags=["segments"])
# Serialize writes to prevent sort_order race conditions in SQLite
_write_lock = threading.Lock()
def get_db_path() -> Path:
data_dir = get_settings().data_dir
db_path = Path(data_dir) / "handin.db"
init_db(db_path)
return db_path
DbPath = Annotated[Path, Depends(get_db_path)]
Admin = Annotated[None, Depends(require_admin)]
@router.get("/")
def list_segments(db_path: DbPath) -> list[SegmentResponse]:
segments = segment_service.list_segments(db_path)
return [SegmentResponse.model_validate(s.model_dump()) for s in segments]
@router.post("/", status_code=201)
def create_segment(
request: SegmentCreateRequest,
_: Admin,
db_path: DbPath,
) -> SegmentResponse:
with _write_lock:
segment = segment_service.create_segment(db_path, request)
return SegmentResponse.model_validate(segment.model_dump())
@router.put("/reorder")
def reorder_segments(
request: ReorderRequest,
_: Admin,
db_path: DbPath,
) -> list[SegmentResponse]:
with _write_lock:
try:
segments = segment_service.reorder_segments(db_path, request.segment_ids)
except ValueError as e:
raise HTTPException(status_code=400, detail=str(e)) from e
return [SegmentResponse.model_validate(s.model_dump()) for s in segments]
@router.get("/{segment_id}")
def get_segment(segment_id: UUID, db_path: DbPath) -> SegmentResponse:
segment = segment_service.get_segment(db_path, segment_id)
if segment is None:
raise HTTPException(status_code=404, detail="Segment not found")
return SegmentResponse.model_validate(segment.model_dump())
@router.patch("/{segment_id}")
def update_segment(
segment_id: UUID,
request: SegmentUpdateRequest,
_: Admin,
db_path: DbPath,
) -> SegmentResponse:
segment = segment_service.update_segment(db_path, segment_id, request)
if segment is None:
raise HTTPException(status_code=404, detail="Segment not found")
return SegmentResponse.model_validate(segment.model_dump())
@router.delete("/{segment_id}", status_code=204)
def delete_segment(segment_id: UUID, _: Admin, db_path: DbPath) -> Response:
deleted = segment_service.delete_segment(db_path, segment_id)
if not deleted:
raise HTTPException(status_code=404, detail="Segment not found")
return Response(status_code=204)

View file

@ -0,0 +1,33 @@
from pathlib import Path
from typing import Annotated
from fastapi import APIRouter, Depends
from app.auth import require_admin
from app.config import get_settings
from app.models import SiteResponse, SiteUpdateRequest
from app.routes.segments import get_db_path
from app.services import site_service
router = APIRouter(prefix="/api/site", tags=["site"])
Admin = Annotated[None, Depends(require_admin)]
DbPath = Annotated[Path, Depends(get_db_path)]
@router.get("/")
def get_site(db_path: DbPath) -> SiteResponse:
title = site_service.get_site_title(
db_path, default=get_settings().site_title
)
return SiteResponse(title=title)
@router.put("/")
def update_site(
request: SiteUpdateRequest,
_: Admin,
db_path: DbPath,
) -> SiteResponse:
title = site_service.update_site_title(db_path, request.title)
return SiteResponse(title=title)

View file

View file

@ -0,0 +1,35 @@
from pathlib import Path
from uuid import uuid4
def save_asset(
assets_dir: Path,
filename: str,
content: bytes,
allowed_types: str,
max_bytes: int,
) -> str:
ext = filename.rsplit(".", maxsplit=1)[-1].lower() if "." in filename else ""
allowed = {t.strip() for t in allowed_types.split(",")}
if ext not in allowed:
raise ValueError("Unsupported file type")
if len(content) > max_bytes:
raise ValueError("File too large")
new_filename = f"{uuid4()}.{ext}"
assets_dir.mkdir(parents=True, exist_ok=True)
(assets_dir / new_filename).write_bytes(content)
return new_filename
def delete_asset(assets_dir: Path, filename: str) -> bool:
file_path = (assets_dir / filename).resolve()
if not str(file_path).startswith(str(assets_dir.resolve())):
return False
if not file_path.exists():
return False
file_path.unlink()
return True

View file

@ -0,0 +1,147 @@
import json
import sqlite3
from datetime import UTC, datetime
from pathlib import Path
from uuid import UUID, uuid4
from app.database import get_connection
from app.models import Segment, SegmentCreateRequest, SegmentType, SegmentUpdateRequest
def _row_to_segment(row: sqlite3.Row) -> Segment:
return Segment(
id=UUID(row["id"]),
type=SegmentType(row["type"]),
sort_order=row["sort_order"],
title=row["title"],
content=row["content"],
metadata=json.loads(row["metadata"]),
created_at=datetime.fromisoformat(row["created_at"]),
updated_at=datetime.fromisoformat(row["updated_at"]),
)
def create_segment(db_path: Path, request: SegmentCreateRequest) -> Segment:
conn = get_connection(db_path)
try:
row = conn.execute(
"SELECT COALESCE(MAX(sort_order) + 1, 0) AS next_order FROM segments"
).fetchone()
sort_order: int = row["next_order"] if row else 0
segment_id = uuid4()
now = datetime.now(UTC).isoformat()
metadata_json = json.dumps(request.metadata)
cols = "id, type, sort_order, title, content, metadata, created_at, updated_at"
conn.execute(
f"INSERT INTO segments ({cols}) VALUES (?, ?, ?, ?, ?, ?, ?, ?)",
(str(segment_id), request.type.value, sort_order, request.title,
request.content, metadata_json, now, now),
)
conn.commit()
return Segment(
id=segment_id,
type=request.type,
sort_order=sort_order,
title=request.title,
content=request.content,
metadata=request.metadata,
created_at=datetime.fromisoformat(now),
updated_at=datetime.fromisoformat(now),
)
finally:
conn.close()
def list_segments(db_path: Path) -> list[Segment]:
conn = get_connection(db_path)
try:
rows = conn.execute(
"SELECT * FROM segments ORDER BY sort_order ASC"
).fetchall()
return [_row_to_segment(row) for row in rows]
finally:
conn.close()
def get_segment(db_path: Path, segment_id: UUID) -> Segment | None:
conn = get_connection(db_path)
try:
row = conn.execute(
"SELECT * FROM segments WHERE id = ?", (str(segment_id),)
).fetchone()
if row is None:
return None
return _row_to_segment(row)
finally:
conn.close()
def update_segment(
db_path: Path, segment_id: UUID, request: SegmentUpdateRequest
) -> Segment | None:
conn = get_connection(db_path)
try:
existing = conn.execute(
"SELECT * FROM segments WHERE id = ?", (str(segment_id),)
).fetchone()
if existing is None:
return None
now = datetime.now(UTC).isoformat()
title = request.title if request.title is not None else existing["title"]
content = request.content if request.content is not None else existing["content"]
metadata_json = (
json.dumps(request.metadata) if request.metadata is not None
else existing["metadata"]
)
conn.execute(
"""UPDATE segments SET title = ?, content = ?, metadata = ?, updated_at = ?
WHERE id = ?""",
(title, content, metadata_json, now, str(segment_id)),
)
conn.commit()
return get_segment(db_path, segment_id)
finally:
conn.close()
def delete_segment(db_path: Path, segment_id: UUID) -> bool:
conn = get_connection(db_path)
try:
cursor = conn.execute(
"DELETE FROM segments WHERE id = ?", (str(segment_id),)
)
conn.commit()
return cursor.rowcount > 0
finally:
conn.close()
def reorder_segments(db_path: Path, segment_ids: list[UUID]) -> list[Segment]:
conn = get_connection(db_path)
try:
existing_ids = {
row["id"]
for row in conn.execute("SELECT id FROM segments").fetchall()
}
requested_ids = {str(sid) for sid in segment_ids}
missing = requested_ids - existing_ids
if missing:
raise ValueError(f"Segment IDs not found: {missing}")
now = datetime.now(UTC).isoformat()
for index, sid in enumerate(segment_ids):
conn.execute(
"UPDATE segments SET sort_order = ?, updated_at = ? WHERE id = ?",
(index, now, str(sid)),
)
conn.commit()
return list_segments(db_path)
finally:
conn.close()

View file

@ -0,0 +1,31 @@
from pathlib import Path
from app.database import get_connection
DEFAULT_SITE_TITLE = "Untitled Site"
def get_site_title(db_path: Path, *, default: str = DEFAULT_SITE_TITLE) -> str:
conn = get_connection(db_path)
try:
row = conn.execute(
"SELECT value FROM site WHERE key = ?", ("title",)
).fetchone()
if row is None:
return default
return str(row["value"])
finally:
conn.close()
def update_site_title(db_path: Path, title: str) -> str:
conn = get_connection(db_path)
try:
conn.execute(
"INSERT OR REPLACE INTO site (key, value) VALUES (?, ?)",
("title", title),
)
conn.commit()
return title
finally:
conn.close()

View file

60
backend/tests/conftest.py Normal file
View file

@ -0,0 +1,60 @@
import os
import tempfile
from collections.abc import Generator
from pathlib import Path
import pytest
from fastapi.testclient import TestClient
from app.config import Settings
TEST_ADMIN_TOKEN = "test-secret-token"
@pytest.fixture
def tmp_data_dir() -> Generator[Path, None, None]:
with tempfile.TemporaryDirectory() as tmpdir:
data_dir = Path(tmpdir)
(data_dir / "assets").mkdir()
yield data_dir
@pytest.fixture
def _env_settings(tmp_data_dir: Path) -> Generator[None, None, None]:
original_env = os.environ.copy()
os.environ["HANDIN_ADMIN_TOKEN"] = TEST_ADMIN_TOKEN
os.environ["HANDIN_DATA_DIR"] = str(tmp_data_dir)
from app.config import get_settings
get_settings.cache_clear()
yield
os.environ.clear()
os.environ.update(original_env)
get_settings.cache_clear()
@pytest.fixture
def settings(_env_settings: None) -> Settings:
from app.config import get_settings
s = get_settings()
assert isinstance(s, Settings)
return s
@pytest.fixture
def db(tmp_data_dir: Path) -> Path:
"""Return path to an initialized SQLite database in the temp dir."""
from app.database import init_db
db_path = tmp_data_dir / "handin.db"
init_db(db_path)
return db_path
@pytest.fixture
def client(_env_settings: None) -> TestClient:
from app.main import app
return TestClient(app)

View file

@ -0,0 +1,119 @@
import os
from pathlib import Path
from fastapi.testclient import TestClient
from tests.conftest import TEST_ADMIN_TOKEN
BEARER_HEADERS = {"Authorization": f"Bearer {TEST_ADMIN_TOKEN}"}
def test_upload_asset(client: TestClient) -> None:
resp = client.post(
"/api/assets",
headers=BEARER_HEADERS,
files={"file": ("test.pdf", b"fake pdf content", "application/pdf")},
)
assert resp.status_code == 201
data = resp.json()
assert "filename" in data
assert data["filename"] != "test.pdf"
assert data["filename"].endswith(".pdf")
def test_upload_asset_file_exists_on_disk(client: TestClient) -> None:
resp = client.post(
"/api/assets",
headers=BEARER_HEADERS,
files={"file": ("test.pdf", b"fake pdf content", "application/pdf")},
)
assert resp.status_code == 201
filename = resp.json()["filename"]
from app.config import get_settings
assets_dir = Path(get_settings().data_dir) / "assets"
file_path = assets_dir / filename
assert file_path.exists()
assert file_path.read_bytes() == b"fake pdf content"
def test_upload_asset_disallowed_type(client: TestClient) -> None:
resp = client.post(
"/api/assets",
headers=BEARER_HEADERS,
files={"file": ("malware.exe", b"evil bytes", "application/octet-stream")},
)
assert resp.status_code == 415
def test_upload_asset_too_large(client: TestClient) -> None:
from app.config import get_settings
original = os.environ.get("HANDIN_MAX_UPLOAD_BYTES")
os.environ["HANDIN_MAX_UPLOAD_BYTES"] = "100"
get_settings.cache_clear()
try:
resp = client.post(
"/api/assets",
headers=BEARER_HEADERS,
files={"file": ("big.pdf", b"x" * 200, "application/pdf")},
)
assert resp.status_code == 413
finally:
if original is None:
os.environ.pop("HANDIN_MAX_UPLOAD_BYTES", None)
else:
os.environ["HANDIN_MAX_UPLOAD_BYTES"] = original
get_settings.cache_clear()
def test_upload_asset_unauthorized(client: TestClient) -> None:
resp = client.post(
"/api/assets",
files={"file": ("test.pdf", b"fake pdf content", "application/pdf")},
)
assert resp.status_code == 401
def test_delete_asset(client: TestClient) -> None:
resp = client.post(
"/api/assets",
headers=BEARER_HEADERS,
files={"file": ("test.pdf", b"fake pdf content", "application/pdf")},
)
assert resp.status_code == 201
filename = resp.json()["filename"]
from app.config import get_settings
assets_dir = Path(get_settings().data_dir) / "assets"
del_resp = client.delete(f"/api/assets/{filename}", headers=BEARER_HEADERS)
assert del_resp.status_code == 204
assert not (assets_dir / filename).exists()
def test_delete_asset_not_found(client: TestClient) -> None:
resp = client.delete("/api/assets/nonexistent.pdf", headers=BEARER_HEADERS)
assert resp.status_code == 404
def test_delete_asset_unauthorized(client: TestClient) -> None:
resp = client.delete("/api/assets/somefile.pdf")
assert resp.status_code == 401
def test_serve_asset(client: TestClient) -> None:
content = b"fake pdf content for serving"
resp = client.post(
"/api/assets",
headers=BEARER_HEADERS,
files={"file": ("test.pdf", content, "application/pdf")},
)
assert resp.status_code == 201
filename = resp.json()["filename"]
get_resp = client.get(f"/api/assets/{filename}")
assert get_resp.status_code == 200
assert get_resp.content == content

View file

@ -0,0 +1,81 @@
from concurrent.futures import ThreadPoolExecutor
from fastapi.testclient import TestClient
from tests.conftest import TEST_ADMIN_TOKEN
BEARER_HEADERS = {"Authorization": f"Bearer {TEST_ADMIN_TOKEN}"}
def test_concurrent_creates(client: TestClient) -> None:
def create_segment(i: int) -> dict[str, object]:
resp = client.post(
"/api/segments",
json={"type": "markdown", "title": f"Seg {i}"},
headers=BEARER_HEADERS,
)
assert resp.status_code == 201
data: dict[str, object] = resp.json()
return data
with ThreadPoolExecutor(max_workers=10) as pool:
results = list(pool.map(create_segment, range(10)))
assert len(results) == 10
ids = {r["id"] for r in results}
assert len(ids) == 10
listing = client.get("/api/segments").json()
assert len(listing) == 10
sort_orders = sorted(s["sort_order"] for s in listing)
assert sort_orders == list(range(10))
def test_concurrent_create_and_reorder(client: TestClient) -> None:
segments = []
for i in range(3):
resp = client.post(
"/api/segments",
json={"type": "markdown", "title": f"Init {i}"},
headers=BEARER_HEADERS,
)
assert resp.status_code == 201
segments.append(resp.json())
seg_ids = [s["id"] for s in segments]
def create_extra(i: int) -> dict[str, object]:
resp = client.post(
"/api/segments",
json={"type": "markdown", "title": f"Extra {i}"},
headers=BEARER_HEADERS,
)
assert resp.status_code == 201
data: dict[str, object] = resp.json()
return data
def reorder() -> int:
resp = client.put(
"/api/segments/reorder",
json={"segment_ids": list(reversed(seg_ids))},
headers=BEARER_HEADERS,
)
return resp.status_code
with ThreadPoolExecutor(max_workers=10) as pool:
create_futures = [pool.submit(create_extra, i) for i in range(2)]
reorder_future = pool.submit(reorder)
for f in create_futures:
f.result()
reorder_status = reorder_future.result()
assert 200 <= reorder_status < 300
listing = client.get("/api/segments").json()
assert len(listing) == 5
sort_orders = [s["sort_order"] for s in listing]
assert len(set(sort_orders)) == 5

View file

@ -0,0 +1,78 @@
import sqlite3
from pathlib import Path
from app.database import get_connection, init_db
def test_init_db_creates_tables(tmp_data_dir: Path) -> None:
db_path = tmp_data_dir / "handin.db"
init_db(db_path)
conn = sqlite3.connect(db_path)
cursor = conn.execute(
"SELECT name FROM sqlite_master WHERE type='table' ORDER BY name"
)
tables = {row[0] for row in cursor.fetchall()}
conn.close()
assert "site" in tables
assert "segments" in tables
def test_init_db_idempotent(tmp_data_dir: Path) -> None:
db_path = tmp_data_dir / "handin.db"
init_db(db_path)
init_db(db_path)
conn = sqlite3.connect(db_path)
cursor = conn.execute(
"SELECT name FROM sqlite_master WHERE type='table' ORDER BY name"
)
tables = {row[0] for row in cursor.fetchall()}
conn.close()
assert "site" in tables
assert "segments" in tables
def test_wal_mode_enabled(tmp_data_dir: Path) -> None:
db_path = tmp_data_dir / "handin.db"
init_db(db_path)
conn = sqlite3.connect(db_path)
cursor = conn.execute("PRAGMA journal_mode")
mode = cursor.fetchone()[0]
conn.close()
assert mode == "wal"
def test_get_connection_busy_timeout(db: Path) -> None:
conn = get_connection(db)
cursor = conn.execute("PRAGMA busy_timeout")
timeout = cursor.fetchone()[0]
conn.close()
assert timeout == 5000
def test_segments_table_schema(db: Path) -> None:
conn = sqlite3.connect(db)
cursor = conn.execute("PRAGMA table_info(segments)")
columns = {row[1] for row in cursor.fetchall()}
conn.close()
expected = {
"id", "type", "sort_order", "title",
"content", "metadata", "created_at", "updated_at",
}
assert columns == expected
def test_site_table_schema(db: Path) -> None:
conn = sqlite3.connect(db)
cursor = conn.execute("PRAGMA table_info(site)")
columns = {row[1] for row in cursor.fetchall()}
conn.close()
assert columns == {"key", "value"}

View file

@ -0,0 +1,224 @@
from uuid import uuid4
from fastapi.testclient import TestClient
from tests.conftest import TEST_ADMIN_TOKEN
BEARER_HEADERS = {"Authorization": f"Bearer {TEST_ADMIN_TOKEN}"}
def _create_segment(
client: TestClient,
title: str = "Test",
seg_type: str = "markdown",
) -> dict[str, object]:
resp = client.post(
"/api/segments",
json={"type": seg_type, "title": title},
headers=BEARER_HEADERS,
)
assert resp.status_code == 201
data: dict[str, object] = resp.json()
return data
# --- Segment route tests ---
def test_list_segments_empty(client: TestClient) -> None:
resp = client.get("/api/segments")
assert resp.status_code == 200
assert resp.json() == []
def test_create_segment(client: TestClient) -> None:
data = _create_segment(client, title="Intro")
assert "id" in data
assert data["title"] == "Intro"
assert data["type"] == "markdown"
assert data["sort_order"] == 0
def test_create_segment_unauthorized(client: TestClient) -> None:
resp = client.post("/api/segments", json={"type": "markdown", "title": "X"})
assert resp.status_code == 401
def test_create_segment_wrong_token(client: TestClient) -> None:
resp = client.post(
"/api/segments",
json={"type": "markdown", "title": "X"},
headers={"Authorization": "Bearer wrong-token"},
)
assert resp.status_code == 401
def test_create_segment_via_query_param(client: TestClient) -> None:
resp = client.post(
f"/api/segments?token={TEST_ADMIN_TOKEN}",
json={"type": "markdown", "title": "Query Auth"},
)
assert resp.status_code == 201
def test_get_segment(client: TestClient) -> None:
created = _create_segment(client, title="Fetch Me")
seg_id = created["id"]
resp = client.get(f"/api/segments/{seg_id}")
assert resp.status_code == 200
assert resp.json()["title"] == "Fetch Me"
def test_get_segment_not_found(client: TestClient) -> None:
resp = client.get(f"/api/segments/{uuid4()}")
assert resp.status_code == 404
def test_update_segment(client: TestClient) -> None:
created = _create_segment(client, title="Original")
seg_id = created["id"]
resp = client.patch(
f"/api/segments/{seg_id}",
json={"title": "Updated"},
headers=BEARER_HEADERS,
)
assert resp.status_code == 200
assert resp.json()["title"] == "Updated"
def test_update_segment_not_found(client: TestClient) -> None:
resp = client.patch(
f"/api/segments/{uuid4()}",
json={"title": "Nope"},
headers=BEARER_HEADERS,
)
assert resp.status_code == 404
def test_update_segment_unauthorized(client: TestClient) -> None:
created = _create_segment(client, title="NoAuth")
seg_id = created["id"]
resp = client.patch(
f"/api/segments/{seg_id}",
json={"title": "Hacked"},
)
assert resp.status_code == 401
def test_delete_segment(client: TestClient) -> None:
created = _create_segment(client, title="Delete Me")
seg_id = created["id"]
resp = client.delete(f"/api/segments/{seg_id}", headers=BEARER_HEADERS)
assert resp.status_code == 204
resp2 = client.get(f"/api/segments/{seg_id}")
assert resp2.status_code == 404
def test_delete_segment_not_found(client: TestClient) -> None:
resp = client.delete(f"/api/segments/{uuid4()}", headers=BEARER_HEADERS)
assert resp.status_code == 404
def test_delete_segment_unauthorized(client: TestClient) -> None:
created = _create_segment(client, title="NoAuthDel")
seg_id = created["id"]
resp = client.delete(f"/api/segments/{seg_id}")
assert resp.status_code == 401
def test_reorder_segments(client: TestClient) -> None:
a = _create_segment(client, title="A")
b = _create_segment(client, title="B")
c = _create_segment(client, title="C")
resp = client.put(
"/api/segments/reorder",
json={"segment_ids": [c["id"], a["id"], b["id"]]},
headers=BEARER_HEADERS,
)
assert resp.status_code == 200
listing = client.get("/api/segments").json()
titles = [s["title"] for s in listing]
assert titles == ["C", "A", "B"]
def test_reorder_segments_invalid_ids(client: TestClient) -> None:
resp = client.put(
"/api/segments/reorder",
json={"segment_ids": [str(uuid4())]},
headers=BEARER_HEADERS,
)
assert resp.status_code == 400
def test_reorder_segments_unauthorized(client: TestClient) -> None:
resp = client.put(
"/api/segments/reorder",
json={"segment_ids": []},
)
assert resp.status_code == 401
# --- Site route tests ---
def test_get_site_title_default(client: TestClient) -> None:
resp = client.get("/api/site")
assert resp.status_code == 200
assert resp.json()["title"] == "Untitled Site"
def test_update_site_title(client: TestClient) -> None:
resp = client.put(
"/api/site",
json={"title": "My Course"},
headers=BEARER_HEADERS,
)
assert resp.status_code == 200
assert resp.json()["title"] == "My Course"
resp2 = client.get("/api/site")
assert resp2.json()["title"] == "My Course"
def test_update_site_title_unauthorized(client: TestClient) -> None:
resp = client.put("/api/site", json={"title": "Hacked"})
assert resp.status_code == 401
# --- Auth route tests ---
def test_auth_verify_valid_bearer(client: TestClient) -> None:
resp = client.get("/api/auth/verify", headers=BEARER_HEADERS)
assert resp.status_code == 200
assert resp.json() == {"valid": True}
def test_auth_verify_valid_query_param(client: TestClient) -> None:
resp = client.get(f"/api/auth/verify?token={TEST_ADMIN_TOKEN}")
assert resp.status_code == 200
assert resp.json() == {"valid": True}
def test_auth_verify_invalid(client: TestClient) -> None:
resp = client.get(
"/api/auth/verify",
headers={"Authorization": "Bearer wrong-token"},
)
assert resp.status_code == 401
def test_auth_verify_no_token(client: TestClient) -> None:
resp = client.get("/api/auth/verify")
assert resp.status_code == 401
# --- Health test ---
def test_health(client: TestClient) -> None:
resp = client.get("/api/health")
assert resp.status_code == 200
assert resp.json()["status"] == "ok"

View file

@ -0,0 +1,172 @@
import time
from pathlib import Path
from uuid import uuid4
import pytest
from app.models import SegmentCreateRequest, SegmentType, SegmentUpdateRequest
from app.services.segment_service import (
create_segment,
delete_segment,
get_segment,
list_segments,
reorder_segments,
update_segment,
)
from app.services.site_service import get_site_title, update_site_title
# --- Segment Service Tests ---
def test_create_segment(db: Path) -> None:
request = SegmentCreateRequest(
type=SegmentType.MARKDOWN,
title="Intro",
content="Hello world",
)
segment = create_segment(db, request)
assert segment.id is not None
assert segment.sort_order == 0
assert segment.title == "Intro"
assert segment.type == SegmentType.MARKDOWN
assert segment.content == "Hello world"
assert segment.created_at == segment.updated_at
def test_create_segment_auto_increments_sort_order(db: Path) -> None:
for i in range(3):
request = SegmentCreateRequest(
type=SegmentType.MARKDOWN,
title=f"Segment {i}",
)
segment = create_segment(db, request)
assert segment.sort_order == i
def test_list_segments_empty(db: Path) -> None:
segments = list_segments(db)
assert segments == []
def test_list_segments_ordered(db: Path) -> None:
titles = ["First", "Second", "Third"]
for title in titles:
create_segment(
db,
SegmentCreateRequest(type=SegmentType.MARKDOWN, title=title),
)
segments = list_segments(db)
assert [s.title for s in segments] == titles
assert [s.sort_order for s in segments] == [0, 1, 2]
def test_get_segment_found(db: Path) -> None:
created = create_segment(
db,
SegmentCreateRequest(type=SegmentType.PDF, title="Slides"),
)
fetched = get_segment(db, created.id)
assert fetched is not None
assert fetched.id == created.id
assert fetched.title == "Slides"
assert fetched.type == SegmentType.PDF
def test_get_segment_not_found(db: Path) -> None:
result = get_segment(db, uuid4())
assert result is None
def test_update_segment_title(db: Path) -> None:
created = create_segment(
db,
SegmentCreateRequest(
type=SegmentType.MARKDOWN,
title="Old Title",
content="Keep me",
),
)
time.sleep(0.01)
updated = update_segment(
db,
created.id,
SegmentUpdateRequest(title="New Title"),
)
assert updated is not None
assert updated.title == "New Title"
assert updated.content == "Keep me"
assert updated.updated_at > updated.created_at
def test_update_segment_not_found(db: Path) -> None:
result = update_segment(
db,
uuid4(),
SegmentUpdateRequest(title="Nope"),
)
assert result is None
def test_delete_segment(db: Path) -> None:
created = create_segment(
db,
SegmentCreateRequest(type=SegmentType.MARKDOWN, title="Bye"),
)
assert delete_segment(db, created.id) is True
assert get_segment(db, created.id) is None
def test_delete_segment_not_found(db: Path) -> None:
assert delete_segment(db, uuid4()) is False
def test_reorder_segments(db: Path) -> None:
a = create_segment(
db,
SegmentCreateRequest(type=SegmentType.MARKDOWN, title="A"),
)
b = create_segment(
db,
SegmentCreateRequest(type=SegmentType.MARKDOWN, title="B"),
)
c = create_segment(
db,
SegmentCreateRequest(type=SegmentType.MARKDOWN, title="C"),
)
reorder_segments(db, [c.id, a.id, b.id])
segments = list_segments(db)
assert [s.title for s in segments] == ["C", "A", "B"]
assert [s.sort_order for s in segments] == [0, 1, 2]
def test_reorder_segments_invalid_ids(db: Path) -> None:
create_segment(
db,
SegmentCreateRequest(type=SegmentType.MARKDOWN, title="Only"),
)
with pytest.raises(ValueError):
reorder_segments(db, [uuid4()])
# --- Site Service Tests ---
def test_get_site_title_default(db: Path) -> None:
assert get_site_title(db) == "Untitled Site"
def test_update_and_get_site_title(db: Path) -> None:
update_site_title(db, "My Course")
assert get_site_title(db) == "My Course"
def test_update_site_title_overwrites(db: Path) -> None:
update_site_title(db, "First")
update_site_title(db, "Second")
assert get_site_title(db) == "Second"