Swagger UI config issue solved + refactoring the report feature ressources

MonsefRH · MonsefRH · commit 5c21b0b28fe0 · 2025-10-12T11:06:16.000+01:00
diff --git a/backend/app.py b/backend/app.py
@@ -20,7 +20,7 @@
 from routes.report_routes import report_bp
 
 from flasgger import Swagger
-from utils.api_spec import swagger_template, swagger_config
+from utils.api_spec import swagger_template
 
 # Load environment variables
 load_dotenv()
@@ -30,7 +30,7 @@
 bcrypt = Bcrypt(app)
 
 # Initialize Swagger
-swagger = Swagger(app, template=swagger_template,config=swagger_config)
+swagger = Swagger(app, template=swagger_template)
 
 # JWT configuration
 app.config["JWT_SECRET_KEY"] = os.getenv("JWT_SECRET_KEY")
diff --git a/backend/models/user_preference.py b/backend/models/user_preference.py
diff --git a/backend/routes/notifications.py b/backend/routes/notifications.py
diff --git a/backend/routes/report_routes.py b/backend/routes/report_routes.py
@@ -5,10 +5,13 @@
 from models.user import User
 from services.report_service import generate_csv_for_scan, send_csv_report_email
 
+from flasgger import swag_from
+
 report_bp = Blueprint("reports", __name__)
 
 @report_bp.route("/reports/<int:scan_id>/csv", methods=["GET"])
 @jwt_required()
+@swag_from("../specs/reports_specs.yml")
 def download_report_csv(scan_id: int):
     user_id = int(get_jwt_identity())
     scan: ScanHistory = db.session.get(ScanHistory, scan_id)
@@ -30,4 +33,4 @@ def download_report_csv(scan_id: int):
 
         return send_file(csv_path, mimetype="text/csv", as_attachment=True, download_name=csv_filename)
     except Exception as e:
-        return jsonify({"error": str(e)}), 500
+        return jsonify({"error": str(e)}), 500
diff --git a/backend/schemas/risks_dto.py b/backend/schemas/risks_dto.py
@@ -1,17 +1,24 @@
-from pydantic import BaseModel
+from pydantic import BaseModel, validator, field_validator
 from typing import Optional, List
 
 class RiskSummary(BaseModel):
     name: str
     level: int
 
+    @field_validator('level')
+    @classmethod
+    def validate_level(cls, v: int):
+        if v < 0:
+            raise ValueError("Risk summary level must be struct greater than zero.")
+        return v
+
 class RiskDetail(BaseModel):
     severity: str
-    check_id: Optional[str]
-    file_path: Optional[str]
-    message: Optional[str]
-    suggestion: Optional[str]
-    scan_type: Optional[str]
+    check_id: Optional[str] = None
+    file_path: Optional[str] = None
+    message: Optional[str] = None
+    suggestion: Optional[str] = None
+    scan_type: Optional[str] = None
 
 class RisksResponse(BaseModel):
     risks: List[RiskSummary]
diff --git a/backend/services/notification_service.py b/backend/services/notification_service.py
@@ -112,8 +112,7 @@ def _mark_failed(n: Notification, error_text: str):
     db.session.commit()
 
 def _email_allowed(user_id: int) -> bool:
-    pref = db.session.query(UserPreference).filter_by(user_id=user_id).first()
-    # Par défaut: autorisé
+    pref = db.session.query(User).filter_by(id=user_id).first()
     return True if pref is None else bool(pref.email_notifications_enabled)
 
 # ----------------------------
diff --git a/backend/specs/reports_specs.yml b/backend/specs/reports_specs.yml
@@ -0,0 +1,50 @@
+tags:
+  - Reports
+summary: Download CSV report for a scan
+description: Generates and downloads a CSV report for the specified scan ID. Optional email delivery. Requires JWT.
+produces:
+  - text/csv
+parameters:
+  - name: scan_id
+    in: path
+    type: integer
+    required: true
+    description: ID of the scan to report
+  - name: email
+    in: query
+    type: boolean
+    required: false
+    description: "If true, emails the CSV to user (default: false)"
+security:
+  - Bearer: []
+responses:
+  200:
+    description: CSV report downloaded successfully
+    headers:
+      Content-Disposition:
+        type: string
+        description: Attachment filename (e.g., report_scan_{scan_id}.csv)
+    schema:
+      type: string
+      format: binary
+  403:
+    description: Forbidden (not owner or admin)
+    schema:
+      type: object
+      properties:
+        error:
+          type: string
+  404:
+    description: Scan not found
+    schema:
+      type: object
+      properties:
+        error:
+          type: string
+  500:
+    description: Server error
+    schema:
+      type: object
+      properties:
+        error:
+          type: string
diff --git a/backend/utils/api_spec.py b/backend/utils/api_spec.py
@@ -152,5 +152,9 @@
     {
         "name": "Checkov Scan",
         "description": "IaC scans with Checkov (file, repo, content)."
+    },
+    {
+        "name": "Reports",
+        "description": "CSV report downloads and email delivery for scans."
     }
 ]
diff --git a/backend/utils/db.py b/backend/utils/db.py
@@ -45,7 +45,8 @@ def create_default_admin():
             name=admin_name,
             email=admin_email,
             password=hashed_password,
-            role="admin"
+            role="admin",
+            verified=False,
         )
         db.session.add(admin_user)
         db.session.commit()

Original file line number	Diff line number	Diff line change
`@@ -152,5 +152,9 @@`
`152`	`152`	`{`
`153`	`153`	`"name": "Checkov Scan",`
`154`	`154`	`"description": "IaC scans with Checkov (file, repo, content)."`
	`155`	`+ },`
	`156`	`+ {`
	`157`	`+ "name": "Reports",`
	`158`	`+ "description": "CSV report downloads and email delivery for scans."`
`155`	`159`	`}`
`156`	`160`	`]`