feat(auth): track game stats for authenticated users + routing fixes

Stats tracking:
- Add auth_user_id to Player model for linking game players to auth users
- Pass auth_user_id from frontend when joining game via WebSocket
- Record game results (score, wins, guesses) when game ends
- Wire auth service into game WebSocket handler via plugin

Routing improvements:
- Root / now redirects to /canvas-clash/ instead of /ui/
- Add /profile shortcut that redirects to /auth/profile
- Update navbar to use /profile link

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <[email protected]>

Author: JacobCoffee

src/scribbl_py/app.py

@@ -207,16 +207,22 @@ def create_app(
     # Root redirect handler
     @get("/", include_in_schema=False)
     async def root_redirect() -> Redirect:
-        """Redirect root to UI dashboard."""
-        return Redirect(path="/ui/")
+        """Redirect root to Canvas Clash game."""
+        return Redirect(path="/canvas-clash/")
 
     # Favicon redirect
     @get("/favicon.ico", include_in_schema=False)
     async def favicon_redirect() -> Redirect:
         """Redirect favicon.ico to SVG favicon."""
         return Redirect(path="/static/favicon.svg")
 
-    route_handlers = [root_redirect, favicon_redirect, HealthController] if enable_ui else [HealthController]
+    # Profile shortcut (redirects to /auth/profile)
+    @get("/profile", include_in_schema=False)
+    async def profile_redirect() -> Redirect:
+        """Redirect /profile to auth profile page."""
+        return Redirect(path="/auth/profile")
+
+    route_handlers = [root_redirect, favicon_redirect, profile_redirect, HealthController] if enable_ui else [HealthController]
 
     # Configure templates if UI is enabled (must be before Litestar init for VitePlugin)
     template_config = None

src/scribbl_py/game/models.py

@@ -107,6 +107,7 @@ class Player:
     user_id: str = ""
     user_name: str = "Anonymous"
     avatar_url: str | None = None
+    auth_user_id: UUID | None = None  # Linked auth user for stats tracking
     score: int = 0
     is_host: bool = False
     is_spectator: bool = False

src/scribbl_py/plugin.py

@@ -345,9 +345,13 @@ def provide_auth_service(request: Any) -> DatabaseAuthService:
                 path=f"{self._config.ws_path}/canvas-clash",
                 game_service=self._game_service,
                 connection_manager=self._connection_manager,
+                auth_service=self._auth_service,  # Will be set lazily
             )
             app_config.route_handlers.append(game_ws_router)
 
+            # Store reference to plugin on handler for lazy auth service access
+            self._game_ws_handler._plugin = self
+
             # Register game WebSocket handler as a dependency
             def provide_game_ws_handler() -> Any:
                 """Dependency provider for GameWebSocketHandler."""

src/scribbl_py/realtime/game_handler.py

@@ -26,6 +26,7 @@
 if TYPE_CHECKING:
     from litestar import Router, WebSocket
 
+    from scribbl_py.auth.db_service import DatabaseAuthService
     from scribbl_py.game.models import GameRoom
     from scribbl_py.services.game import GameService
 
@@ -41,6 +42,7 @@ class GameConnection:
     player_id: UUID
     user_id: str
     user_name: str
+    auth_user_id: UUID | None = None  # Linked auth user for stats
     connected_at: datetime = field(default_factory=lambda: datetime.now(UTC))
 
 
@@ -100,20 +102,32 @@ def __init__(
         self,
         game_service: GameService,
         connection_manager: ConnectionManager | None = None,
+        auth_service: DatabaseAuthService | None = None,
     ) -> None:
         """Initialize the game WebSocket handler.
 
         Args:
             game_service: The game service instance.
             connection_manager: Optional connection manager for advanced tracking.
+            auth_service: Optional auth service for user stats tracking.
         """
         self._service = game_service
         self._manager = connection_manager or ConnectionManager()
+        self._auth_service = auth_service
+        self._plugin: Any = None  # Set by plugin for lazy auth service access
         self._connections: dict[int, GameConnection] = {}  # socket_id -> connection
         self._room_sockets: dict[UUID, set[int]] = {}  # room_id -> socket_ids
         self._timer_tasks: dict[UUID, asyncio.Task] = {}  # room_id -> timer task
         self._lobby_browsers: dict[int, WebSocket] = {}  # socket_id -> socket for lobby browsers
 
+    def _get_auth_service(self) -> DatabaseAuthService | None:
+        """Get auth service, trying plugin reference if direct reference is None."""
+        if self._auth_service is not None:
+            return self._auth_service
+        if self._plugin is not None and hasattr(self._plugin, "_auth_service"):
+            return self._plugin._auth_service
+        return None
+
     async def handle_lobby_connection(self, socket: WebSocket, room_id: UUID) -> None:
         """Handle WebSocket connection to game lobby.
 
@@ -336,13 +350,18 @@ async def _handle_join(
             socket: The WebSocket connection.
             socket_id: Socket identifier.
             room_id: The room ID.
-            data: Message data with user_id and user_name.
+            data: Message data with user_id, user_name, and optional auth_user_id.
         """
         user_id = data.get("user_id", "")
         user_name = data.get("user_name", "Anonymous")
+        auth_user_id_str = data.get("auth_user_id")
+        auth_user_id = UUID(auth_user_id_str) if auth_user_id_str else None
 
         try:
             player = self._service.join_room(room_id, user_id, user_name)
+            # Store auth user ID on player for stats tracking
+            if auth_user_id:
+                player.auth_user_id = auth_user_id
         except (GameNotFoundError, GameStateError) as e:
             await self._send_error(socket, "join_failed", str(e))
             return
@@ -354,6 +373,7 @@ async def _handle_join(
             player_id=player.id,
             user_id=user_id,
             user_name=user_name,
+            auth_user_id=auth_user_id,
         )
         self._connections[socket_id] = connection
 
@@ -1513,6 +1533,11 @@ async def _end_round(self, room_id: UUID) -> None:
                     ],
                 },
             )
+
+            # Record game stats for authenticated players
+            auth_svc = self._get_auth_service()
+            if auth_svc:
+                await self._record_game_stats(room, results, auth_svc)
         else:
             # Start next round after delay
             await asyncio.sleep(5)
@@ -1523,6 +1548,59 @@ async def _end_round(self, room_id: UUID) -> None:
             except Exception:
                 pass
 
+    async def _record_game_stats(
+        self,
+        room: GameRoom,
+        results: dict[str, Any],
+        auth_service: DatabaseAuthService,
+    ) -> None:
+        """Record game stats for authenticated players.
+
+        Args:
+            room: The game room.
+            results: Game results from end_round.
+            auth_service: Auth service for recording stats.
+        """
+
+        leaderboard = results.get("leaderboard", [])
+        if not leaderboard:
+            return
+
+        # Winner is first in leaderboard
+        winner_player = leaderboard[0][0] if leaderboard else None
+
+        for player, score in leaderboard:
+            # Skip players without auth user ID
+            if not player.auth_user_id:
+                continue
+
+            won = player.id == winner_player.id if winner_player else False
+
+            try:
+                await auth_service.record_game_result(
+                    user_id=player.auth_user_id,
+                    score=score,
+                    won=won,
+                    correct_guesses=1 if player.has_guessed else 0,  # Simplified
+                    total_guesses=1,  # Simplified
+                    total_guess_time_ms=int((player.guess_time or 0) * 1000),
+                    fastest_guess_ms=int((player.guess_time or 0) * 1000) if player.guess_time else None,
+                    drawings_completed=1,  # Simplified - each player drew once per round
+                    drawings_guessed=1 if player.has_guessed else 0,
+                )
+                logger.info(
+                    "Recorded game stats",
+                    user_id=str(player.auth_user_id),
+                    score=score,
+                    won=won,
+                )
+            except Exception as e:
+                logger.error(
+                    "Failed to record game stats",
+                    user_id=str(player.auth_user_id),
+                    error=str(e),
+                )
+
     async def _broadcast_round_started(
         self,
         room_id: UUID,
@@ -1684,20 +1762,22 @@ def create_game_websocket_handler(
     path: str,
     game_service: GameService,
     connection_manager: ConnectionManager | None = None,
+    auth_service: DatabaseAuthService | None = None,
 ) -> tuple[Router, GameWebSocketHandler]:
     """Create a WebSocket router for game real-time communication.
 
     Args:
         path: Base path for WebSocket routes.
         game_service: The game service instance.
         connection_manager: Optional connection manager.
+        auth_service: Optional auth service for stats tracking.
 
     Returns:
         A tuple of (Litestar Router, GameWebSocketHandler instance).
     """
     from litestar import Router, websocket
 
-    handler = GameWebSocketHandler(game_service, connection_manager)
+    handler = GameWebSocketHandler(game_service, connection_manager, auth_service)
 
     @websocket(path="/lobby/{room_id:uuid}")
     async def lobby_websocket(socket: WebSocket, room_id: UUID) -> None:

src/scribbl_py/templates/auth/navbar.html

@@ -18,7 +18,7 @@
         <li class="menu-title">
             <span>{{ user.username }}</span>
         </li>
-        <li><a href="/auth/profile" hx-boost="false">
+        <li><a href="/profile" hx-boost="false">
             <svg xmlns="http://www.w3.org/2000/svg" class="h-4 w-4" fill="none" viewBox="0 0 24 24" stroke="currentColor">
                 <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M16 7a4 4 0 11-8 0 4 4 0 018 0zM12 14a7 7 0 00-7 7h14a7 7 0 00-7-7z" />
             </svg>

src/scribbl_py/templates/canvas_clash_game.html

@@ -504,6 +504,7 @@ <h3 class="font-bold flex items-center gap-2">
 document.addEventListener('DOMContentLoaded', function() {
     const roomId = gameRoomId;
     const userId = '{{ user_id }}';
+    const authUserId = {{ auth_user_id | tojson | safe if auth_user_id else 'null' }};
     const isDrawing = {{ is_drawing|lower }};
     const canvas = document.getElementById('game-canvas');
     const ctx = canvas ? canvas.getContext('2d') : null;
@@ -532,7 +533,8 @@ <h3 class="font-bold flex items-center gap-2">
             hideCanvasLoading();
             ws.send(JSON.stringify({
                 type: 'join',
-                user_id: userId
+                user_id: userId,
+                auth_user_id: authUserId
             }));
         };
 

src/scribbl_py/templates/canvas_clash_lobby.html

@@ -368,6 +368,8 @@ <h2 class="card-title text-xl mb-4">
     // Get user_id from localStorage (set on home page) or fall back to cookie
     const userId = localStorage.getItem('canvas_clash_user_id') || '{{ user_id }}';
     const userName = localStorage.getItem('canvas_clash_user_name') || 'Anonymous';
+    // Auth user ID for stats tracking (null if not logged in)
+    const authUserId = {{ auth_user_id | tojson | safe if auth_user_id else 'null' }};
     const wsUrl = `${window.location.protocol === 'https:' ? 'wss:' : 'ws:'}//${window.location.host}/ws/canvas-clash/lobby/${roomId}`;
 
     // Ensure cookie is set for server-side access
@@ -384,11 +386,12 @@ <h2 class="card-title text-xl mb-4">
             reconnectAttempts = 0;
             updateConnectionStatus('connected');
 
-            // Send join message with user_name
+            // Send join message with user_name and auth_user_id
             lobbyWs.send(JSON.stringify({
                 type: 'join',
                 user_id: userId,
-                user_name: userName
+                user_name: userName,
+                auth_user_id: authUserId
             }));
         };
 

src/scribbl_py/web/game_controllers.py

@@ -597,13 +597,15 @@ async def game_lobby(
         self,
         room_id: UUID,
         game_service: GameService,
+        auth_service: DatabaseAuthService,
         request: Request,
     ) -> Template:
         """Render the game lobby page.
 
         Args:
             room_id: The room UUID.
             game_service: Game service instance.
+            auth_service: Auth service instance.
             request: The request object.
 
         Returns:
@@ -612,6 +614,14 @@ async def game_lobby(
         room = game_service.get_room(room_id)
         user_id = request.cookies.get("user_id", "")
 
+        # Get auth user ID if logged in
+        auth_user_id = None
+        session_id = request.cookies.get(auth_service._config.session_cookie_name)
+        if session_id:
+            session = await auth_service.get_session(session_id)
+            if session and session.user_id:
+                auth_user_id = str(session.user_id)
+
         # Find current player
         current_player = next((p for p in room.players if p.user_id == user_id), None)
         is_host = current_player.is_host if current_player else False
@@ -653,6 +663,7 @@ async def game_lobby(
                     for p in spectators
                 ],
                 "user_id": user_id,
+                "auth_user_id": auth_user_id,
                 "is_host": is_host,
                 "is_spectator": is_spectator,
             },
@@ -663,13 +674,15 @@ async def game_screen(
         self,
         room_id: UUID,
         game_service: GameService,
+        auth_service: DatabaseAuthService,
         request: Request,
     ) -> Template:
         """Render the active game screen.
 
         Args:
             room_id: The room UUID.
             game_service: Game service instance.
+            auth_service: Auth service instance.
             request: The request object.
 
         Returns:
@@ -678,6 +691,14 @@ async def game_screen(
         room = game_service.get_room(room_id)
         user_id = request.cookies.get("user_id", "")
 
+        # Get auth user ID if logged in
+        auth_user_id = None
+        session_id = request.cookies.get(auth_service._config.session_cookie_name)
+        if session_id:
+            session = await auth_service.get_session(session_id)
+            if session and session.user_id:
+                auth_user_id = str(session.user_id)
+
         # Find current player
         current_player = next((p for p in room.players if p.user_id == user_id), None)
 
@@ -731,6 +752,7 @@ async def game_screen(
                     ],
                 },
                 "user_id": user_id,
+                "auth_user_id": auth_user_id,
                 "is_drawing": is_drawing,
                 "is_spectator": is_spectator,
                 "current_word": current_word,