3bdc6ff1c9
## Security Enhancements (P0) - Add input validation with max_length and numeric range constraints - Implement WebSocket token authentication via first message - Add path traversal prevention in file storage service ## Permission Enhancements (P0) - Add project member management for cross-department access - Implement is_department_manager flag for workload visibility ## Cycle Detection (P0) - Add DFS-based cycle detection for task dependencies - Add formula field circular reference detection - Display user-friendly cycle path visualization ## Concurrency & Reliability (P1) - Implement optimistic locking with version field (409 Conflict on mismatch) - Add trigger retry mechanism with exponential backoff (1s, 2s, 4s) - Implement cascade restore for soft-deleted tasks ## Rate Limiting (P1) - Add tiered rate limits: standard (60/min), sensitive (20/min), heavy (5/min) - Apply rate limits to tasks, reports, attachments, and comments ## Frontend Improvements (P1) - Add responsive sidebar with hamburger menu for mobile - Improve touch-friendly UI with proper tap target sizes - Complete i18n translations for all components ## Backend Reliability (P2) - Configure database connection pool (size=10, overflow=20) - Add Redis fallback mechanism with message queue - Add blocker check before task deletion ## API Enhancements (P3) - Add standardized response wrapper utility - Add /health/ready and /health/live endpoints - Implement project templates with status/field copying ## Tests Added - test_input_validation.py - Schema and path traversal tests - test_concurrency_reliability.py - Optimistic locking and retry tests - test_backend_reliability.py - Connection pool and Redis tests - test_api_enhancements.py - Health check and template tests Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
157 lines
5.0 KiB
Python
157 lines
5.0 KiB
Python
from fastapi import APIRouter, Depends, HTTPException, status, Query, Request
|
|
from sqlalchemy.orm import Session
|
|
from typing import Optional
|
|
|
|
from app.core.database import get_db
|
|
from app.core.rate_limiter import limiter
|
|
from app.core.config import settings
|
|
from app.models import User, ReportHistory, ScheduledReport
|
|
from app.schemas.report import (
|
|
WeeklyReportContent, ReportHistoryListResponse, ReportHistoryItem,
|
|
GenerateReportResponse, ReportSummary
|
|
)
|
|
from app.middleware.auth import get_current_user
|
|
from app.services.report_service import ReportService
|
|
|
|
router = APIRouter(tags=["reports"])
|
|
|
|
|
|
@router.get("/api/reports/weekly/preview", response_model=WeeklyReportContent)
|
|
async def preview_weekly_report(
|
|
db: Session = Depends(get_db),
|
|
current_user: User = Depends(get_current_user),
|
|
):
|
|
"""
|
|
Preview the weekly report for the current user.
|
|
Shows what would be included in the next weekly report.
|
|
"""
|
|
content = ReportService.get_weekly_stats(db, current_user.id)
|
|
|
|
return WeeklyReportContent(
|
|
week_start=content["week_start"],
|
|
week_end=content["week_end"],
|
|
generated_at=content["generated_at"],
|
|
projects=content["projects"],
|
|
summary=ReportSummary(**content["summary"]),
|
|
)
|
|
|
|
|
|
@router.post("/api/reports/weekly/generate", response_model=GenerateReportResponse)
|
|
@limiter.limit(settings.RATE_LIMIT_HEAVY)
|
|
async def generate_weekly_report(
|
|
request: Request,
|
|
db: Session = Depends(get_db),
|
|
current_user: User = Depends(get_current_user),
|
|
):
|
|
"""
|
|
Manually trigger weekly report generation for the current user.
|
|
|
|
Rate limited: 5 requests per minute (heavy tier).
|
|
"""
|
|
# Generate report
|
|
report_history = ReportService.generate_weekly_report(db, current_user.id)
|
|
|
|
if not report_history:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
|
|
detail="Failed to generate report",
|
|
)
|
|
|
|
# Send notification
|
|
ReportService.send_report_notification(db, current_user.id, report_history.content)
|
|
db.commit()
|
|
|
|
summary = report_history.content.get("summary", {})
|
|
|
|
return GenerateReportResponse(
|
|
message="Weekly report generated successfully",
|
|
report_id=report_history.id,
|
|
summary=ReportSummary(
|
|
completed_count=summary.get("completed_count", 0),
|
|
in_progress_count=summary.get("in_progress_count", 0),
|
|
overdue_count=summary.get("overdue_count", 0),
|
|
total_tasks=summary.get("total_tasks", 0),
|
|
),
|
|
)
|
|
|
|
|
|
@router.get("/api/reports/history", response_model=ReportHistoryListResponse)
|
|
async def list_report_history(
|
|
limit: int = Query(10, ge=1, le=100, description="Number of reports to return"),
|
|
offset: int = Query(0, ge=0, description="Number of reports to skip"),
|
|
db: Session = Depends(get_db),
|
|
current_user: User = Depends(get_current_user),
|
|
):
|
|
"""
|
|
List report history for the current user.
|
|
"""
|
|
# Get scheduled report for this user
|
|
scheduled_report = db.query(ScheduledReport).filter(
|
|
ScheduledReport.recipient_id == current_user.id,
|
|
).first()
|
|
|
|
if not scheduled_report:
|
|
return ReportHistoryListResponse(reports=[], total=0)
|
|
|
|
# Get history
|
|
total = db.query(ReportHistory).filter(
|
|
ReportHistory.report_id == scheduled_report.id,
|
|
).count()
|
|
|
|
history = db.query(ReportHistory).filter(
|
|
ReportHistory.report_id == scheduled_report.id,
|
|
).order_by(ReportHistory.generated_at.desc()).offset(offset).limit(limit).all()
|
|
|
|
return ReportHistoryListResponse(
|
|
reports=[
|
|
ReportHistoryItem(
|
|
id=h.id,
|
|
report_id=h.report_id,
|
|
generated_at=h.generated_at,
|
|
content=h.content,
|
|
status=h.status,
|
|
error_message=h.error_message,
|
|
) for h in history
|
|
],
|
|
total=total,
|
|
)
|
|
|
|
|
|
@router.get("/api/reports/history/{report_id}")
|
|
@limiter.limit(settings.RATE_LIMIT_SENSITIVE)
|
|
async def get_report_detail(
|
|
request: Request,
|
|
report_id: str,
|
|
db: Session = Depends(get_db),
|
|
current_user: User = Depends(get_current_user),
|
|
):
|
|
"""
|
|
Get detailed content of a specific report.
|
|
|
|
Rate limited: 20 requests per minute (sensitive tier).
|
|
"""
|
|
report = db.query(ReportHistory).filter(ReportHistory.id == report_id).first()
|
|
|
|
if not report:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_404_NOT_FOUND,
|
|
detail="Report not found",
|
|
)
|
|
|
|
# Check ownership
|
|
scheduled_report = report.report
|
|
if scheduled_report.recipient_id != current_user.id and not current_user.is_system_admin:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_403_FORBIDDEN,
|
|
detail="Access denied",
|
|
)
|
|
|
|
return ReportHistoryItem(
|
|
id=report.id,
|
|
report_id=report.report_id,
|
|
generated_at=report.generated_at,
|
|
content=report.content,
|
|
status=report.status,
|
|
error_message=report.error_message,
|
|
)
|