architect

Author: martialziye

backend/app/api/routes/items.py

@@ -1,46 +1,33 @@
 import uuid
-from typing import Any
+from typing import Any, NoReturn
 
 from fastapi import APIRouter, HTTPException
-from sqlmodel import col, func, select
 
 from app.api.deps import CurrentUser, SessionDep
-from app.models import Item, ItemCreate, ItemPublic, ItemsPublic, ItemUpdate, Message
+from app.models import ItemCreate, ItemPublic, ItemsPublic, ItemUpdate, Message
+from app.services import item_service
+from app.services.exceptions import ServiceError
 
 router = APIRouter(prefix="/items", tags=["items"])
 
 
+def _raise_http_from_service_error(exc: ServiceError) -> NoReturn:
+    raise HTTPException(status_code=exc.status_code, detail=exc.detail)
+
+
 @router.get("/", response_model=ItemsPublic)
 def read_items(
     session: SessionDep, current_user: CurrentUser, skip: int = 0, limit: int = 100
 ) -> Any:
     """
     Retrieve items.
     """
-
-    if current_user.is_superuser:
-        count_statement = select(func.count()).select_from(Item)
-        count = session.exec(count_statement).one()
-        statement = (
-            select(Item).order_by(col(Item.created_at).desc()).offset(skip).limit(limit)
-        )
-        items = session.exec(statement).all()
-    else:
-        count_statement = (
-            select(func.count())
-            .select_from(Item)
-            .where(Item.owner_id == current_user.id)
-        )
-        count = session.exec(count_statement).one()
-        statement = (
-            select(Item)
-            .where(Item.owner_id == current_user.id)
-            .order_by(col(Item.created_at).desc())
-            .offset(skip)
-            .limit(limit)
-        )
-        items = session.exec(statement).all()
-
+    items, count = item_service.list_items_for_user(
+        session=session,
+        current_user=current_user,
+        skip=skip,
+        limit=limit,
+    )
     return ItemsPublic(data=items, count=count)
 
 
@@ -49,12 +36,12 @@ def read_item(session: SessionDep, current_user: CurrentUser, id: uuid.UUID) ->
     """
     Get item by ID.
     """
-    item = session.get(Item, id)
-    if not item:
-        raise HTTPException(status_code=404, detail="Item not found")
-    if not current_user.is_superuser and (item.owner_id != current_user.id):
-        raise HTTPException(status_code=403, detail="Not enough permissions")
-    return item
+    try:
+        return item_service.get_item_for_user(
+            session=session, current_user=current_user, item_id=id
+        )
+    except ServiceError as exc:
+        _raise_http_from_service_error(exc)
 
 
 @router.post("/", response_model=ItemPublic)
@@ -64,11 +51,9 @@ def create_item(
     """
     Create new item.
     """
-    item = Item.model_validate(item_in, update={"owner_id": current_user.id})
-    session.add(item)
-    session.commit()
-    session.refresh(item)
-    return item
+    return item_service.create_item_for_user(
+        session=session, current_user=current_user, item_in=item_in
+    )
 
 
 @router.put("/{id}", response_model=ItemPublic)
@@ -82,17 +67,12 @@ def update_item(
     """
     Update an item.
     """
-    item = session.get(Item, id)
-    if not item:
-        raise HTTPException(status_code=404, detail="Item not found")
-    if not current_user.is_superuser and (item.owner_id != current_user.id):
-        raise HTTPException(status_code=403, detail="Not enough permissions")
-    update_dict = item_in.model_dump(exclude_unset=True)
-    item.sqlmodel_update(update_dict)
-    session.add(item)
-    session.commit()
-    session.refresh(item)
-    return item
+    try:
+        return item_service.update_item_for_user(
+            session=session, current_user=current_user, item_id=id, item_in=item_in
+        )
+    except ServiceError as exc:
+        _raise_http_from_service_error(exc)
 
 
 @router.delete("/{id}")
@@ -102,11 +82,11 @@ def delete_item(
     """
     Delete an item.
     """
-    item = session.get(Item, id)
-    if not item:
-        raise HTTPException(status_code=404, detail="Item not found")
-    if not current_user.is_superuser and (item.owner_id != current_user.id):
-        raise HTTPException(status_code=403, detail="Not enough permissions")
-    session.delete(item)
-    session.commit()
+    try:
+        item_service.delete_item_for_user(
+            session=session, current_user=current_user, item_id=id
+        )
+    except ServiceError as exc:
+        _raise_http_from_service_error(exc)
+
     return Message(message="Item deleted successfully")

backend/app/api/routes/login.py

@@ -5,11 +5,11 @@
 from fastapi.responses import HTMLResponse
 from fastapi.security import OAuth2PasswordRequestForm
 
-from app import crud
 from app.api.deps import CurrentUser, SessionDep, get_current_active_superuser
 from app.core import security
 from app.core.config import settings
 from app.models import Message, NewPassword, Token, UserPublic, UserUpdate
+from app.services import auth_service, user_service
 from app.utils import (
     generate_password_reset_token,
     generate_reset_password_email,
@@ -27,7 +27,7 @@ def login_access_token(
     """
     OAuth2 compatible token login, get an access token for future requests
     """
-    user = crud.authenticate(
+    user = auth_service.authenticate(
         session=session, email=form_data.username, password=form_data.password
     )
     if not user:
@@ -55,7 +55,7 @@ def recover_password(email: str, session: SessionDep) -> Message:
     """
     Password Recovery
     """
-    user = crud.get_user_by_email(session=session, email=email)
+    user = user_service.get_user_by_email(session=session, email=email)
 
     # Always return the same response to prevent email enumeration attacks
     # Only send email if user actually exists
@@ -82,14 +82,14 @@ def reset_password(session: SessionDep, body: NewPassword) -> Message:
     email = verify_password_reset_token(token=body.token)
     if not email:
         raise HTTPException(status_code=400, detail="Invalid token")
-    user = crud.get_user_by_email(session=session, email=email)
+    user = user_service.get_user_by_email(session=session, email=email)
     if not user:
         # Don't reveal that the user doesn't exist - use same error as invalid token
         raise HTTPException(status_code=400, detail="Invalid token")
     elif not user.is_active:
         raise HTTPException(status_code=400, detail="Inactive user")
     user_in_update = UserUpdate(password=body.new_password)
-    crud.update_user(
+    user_service.update_user(
         session=session,
         db_user=user,
         user_in=user_in_update,
@@ -106,7 +106,7 @@ def recover_password_html_content(email: str, session: SessionDep) -> Any:
     """
     HTML Content for Password Recovery
     """
-    user = crud.get_user_by_email(session=session, email=email)
+    user = user_service.get_user_by_email(session=session, email=email)
 
     if not user:
         raise HTTPException(

backend/app/api/routes/private.py

@@ -4,11 +4,8 @@
 from pydantic import BaseModel
 
 from app.api.deps import SessionDep
-from app.core.security import get_password_hash
-from app.models import (
-    User,
-    UserPublic,
-)
+from app.models import UserPublic
+from app.services import user_service
 
 router = APIRouter(tags=["private"], prefix="/private")
 
@@ -25,14 +22,9 @@ def create_user(user_in: PrivateUserCreate, session: SessionDep) -> Any:
     """
     Create a new user.
     """
-
-    user = User(
+    return user_service.create_private_user(
+        session=session,
         email=user_in.email,
+        password=user_in.password,
         full_name=user_in.full_name,
-        hashed_password=get_password_hash(user_in.password),
     )
-
-    session.add(user)
-    session.commit()
-
-    return user