Add multi-user authentication with JWT

- Users table with email/bcrypt-hashed password; register and login via /auth/ endpoints - JWT tokens (30-day expiry) stored in localStorage; all API routes require Bearer auth - All data (varieties, batches, settings, notification logs) scoped to the authenticated user - Login/register screen overlays the app; sidebar shows user email and logout button - Scheduler sends daily ntfy summaries for every configured user - DB schema rewritten for multi-user; SECRET_KEY added to env Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-09 00:08:28 -07:00
parent 1bed02ebb5
commit 4db9988406
17 changed files with 470 additions and 115 deletions
--- a/backend/routers/settings.py
+++ b/backend/routers/settings.py
@@ -1,29 +1,32 @@
 from fastapi import APIRouter, Depends
 from sqlalchemy.orm import Session
+
+from auth import get_current_user
 from database import get_db
-from models import Settings
-from schemas import SettingsUpdate, SettingsOut
+from models import Settings, User
+from schemas import SettingsOut, SettingsUpdate

 router = APIRouter(prefix="/settings", tags=["settings"])


-@router.get("/", response_model=SettingsOut)
-def get_settings(db: Session = Depends(get_db)):
-    s = db.query(Settings).filter(Settings.id == 1).first()
+def _get_or_create(db: Session, user_id: int) -> Settings:
+    s = db.query(Settings).filter(Settings.user_id == user_id).first()
    if not s:
-        s = Settings(id=1)
+        s = Settings(user_id=user_id)
        db.add(s)
        db.commit()
        db.refresh(s)
    return s


+@router.get("/", response_model=SettingsOut)
+def get_settings(db: Session = Depends(get_db), current_user: User = Depends(get_current_user)):
+    return _get_or_create(db, current_user.id)
+
+
@router.put("/", response_model=SettingsOut)
-def update_settings(data: SettingsUpdate, db: Session = Depends(get_db)):
-    s = db.query(Settings).filter(Settings.id == 1).first()
-    if not s:
-        s = Settings(id=1)
-        db.add(s)
+def update_settings(data: SettingsUpdate, db: Session = Depends(get_db), current_user: User = Depends(get_current_user)):
+    s = _get_or_create(db, current_user.id)
    for field, value in data.model_dump(exclude_unset=True).items():
        setattr(s, field, value)
    db.commit()