derekc
3022bc328b
- TV tokens upgraded from 4 to 6 digits; Regen Token button in Admin - Nginx rate limiting on TV dashboard and WebSocket endpoints - Login lockout after 5 failed attempts (15 min); clears on admin password reset - HSTS header added; CSP unsafe-inline removed from script-src; CORS restricted to explicit methods/headers - Dependency CVE fixes: PyJWT 2.12.0, aiomysql 0.3.0, cryptography 46.0.5, python-multipart 0.0.22 - datetime.utcnow() replaced with datetime.now(timezone.utc) throughout - SQL identifier whitelist for startup migration queries - README updated: security notes section, lockout docs, token regen, NPM proxy guidance Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
82 lines
2.8 KiB
Python
82 lines
2.8 KiB
Python
"""Shared timer-elapsed computation used by sessions and dashboard routers."""
|
|
from datetime import datetime, timezone
|
|
|
|
from sqlalchemy.ext.asyncio import AsyncSession
|
|
from sqlalchemy import select
|
|
|
|
from app.models.session import TimerEvent
|
|
|
|
|
|
async def compute_block_elapsed(
|
|
db: AsyncSession, session_id: int, block_id: int
|
|
) -> tuple[int, bool]:
|
|
"""Return (elapsed_seconds, is_paused) for a block.
|
|
|
|
'reset' events are treated as zero-elapsed restart markers: any elapsed
|
|
time accumulated before a reset is discarded.
|
|
"""
|
|
tick_result = await db.execute(
|
|
select(TimerEvent)
|
|
.where(
|
|
TimerEvent.session_id == session_id,
|
|
TimerEvent.block_id == block_id,
|
|
TimerEvent.event_type.in_(["start", "resume", "pause", "reset"]),
|
|
)
|
|
.order_by(TimerEvent.occurred_at)
|
|
)
|
|
tick_events = tick_result.scalars().all()
|
|
|
|
elapsed = 0.0
|
|
last_start = None
|
|
for e in tick_events:
|
|
if e.event_type == "reset":
|
|
elapsed = 0.0
|
|
last_start = None
|
|
elif e.event_type in ("start", "resume"):
|
|
last_start = e.occurred_at
|
|
elif e.event_type == "pause" and last_start:
|
|
elapsed += (e.occurred_at - last_start).total_seconds()
|
|
last_start = None
|
|
running = last_start is not None
|
|
if running:
|
|
elapsed += (datetime.now(timezone.utc) - last_start).total_seconds()
|
|
|
|
# is_paused is True whenever the timer is not actively running —
|
|
# covers: explicitly paused, never started, or only selected.
|
|
is_paused = not running
|
|
return int(elapsed), is_paused
|
|
|
|
|
|
async def compute_break_elapsed(
|
|
db: AsyncSession, session_id: int, block_id: int
|
|
) -> tuple[int, bool]:
|
|
"""Return (break_elapsed_seconds, is_break_paused) for a block's break timer."""
|
|
tick_result = await db.execute(
|
|
select(TimerEvent)
|
|
.where(
|
|
TimerEvent.session_id == session_id,
|
|
TimerEvent.block_id == block_id,
|
|
TimerEvent.event_type.in_(["break_start", "break_resume", "break_pause", "break_reset"]),
|
|
)
|
|
.order_by(TimerEvent.occurred_at)
|
|
)
|
|
tick_events = tick_result.scalars().all()
|
|
|
|
elapsed = 0.0
|
|
last_start = None
|
|
for e in tick_events:
|
|
if e.event_type == "break_reset":
|
|
elapsed = 0.0
|
|
last_start = e.occurred_at
|
|
elif e.event_type in ("break_start", "break_resume"):
|
|
last_start = e.occurred_at
|
|
elif e.event_type == "break_pause" and last_start:
|
|
elapsed += (e.occurred_at - last_start).total_seconds()
|
|
last_start = None
|
|
running = last_start is not None
|
|
if running:
|
|
elapsed += (datetime.now(timezone.utc) - last_start).total_seconds()
|
|
|
|
is_paused = not running
|
|
return int(elapsed), is_paused
|