Partial refactor

Author: chriscarrollsmith

.gitignore

@@ -11,3 +11,4 @@ package-lock.json
 package.json
 .specstory
 .cursorrules
+.cursor

.python-version

@@ -0,0 +1 @@
+3.13

pyproject.toml

@@ -7,7 +7,7 @@ package-mode = false
 authors = [
     {name = "Christopher Carroll Smith", email = "[email protected]"},
 ]
-requires-python = "<4.0,>=3.12"
+requires-python = "<4.0,>=3.13"
 dependencies = [
     "sqlmodel<1.0.0,>=0.0.22",
     "pyjwt<3.0.0,>=2.10.1",
@@ -32,4 +32,8 @@ dev = [
     "notebook<8.0.0,>=7.2.2",
     "pytest<9.0.0,>=8.3.3",
     "sqlalchemy-schemadisplay<3.0,>=2.0",
+    "perplexity-cli",
 ]
+
+[tool.uv.sources]
+perplexity-cli = { git = "https://github.com/chriscarrollsmith/perplexity-cli.git" }

routers/account.py

@@ -0,0 +1,47 @@
+from fastapi import APIRouter, Depends, Form
+from fastapi.responses import RedirectResponse
+from sqlmodel import Session
+from utils.models import User, AccountBase, DataIntegrityError
+from utils.auth import get_session, get_authenticated_user, verify_password, PasswordValidationError, get_password_hash
+
+router = APIRouter(prefix="/account", tags=["account"])
+
+class DeleteAccount(AccountBase):
+    @classmethod
+    async def as_form(
+        cls,
+        email: str = Form(...),
+        password: str = Form(...),
+    ):
+        hashed_password = get_password_hash(password)
+
+        return cls(email=email, hashed_password=hashed_password)
+
+
+@router.post("/delete", response_class=RedirectResponse)
+async def delete_account(
+    user_delete_account: DeleteAccount = Depends(
+        DeleteAccount.as_form),
+    user: User = Depends(get_authenticated_user),
+    session: Session = Depends(get_session)
+):
+    if not user.password:
+        raise DataIntegrityError(
+            resource="User password"
+        )
+
+    if not verify_password(
+        user_delete_account.confirm_delete_password,
+        user.password.hashed_password
+    ):
+        raise PasswordValidationError(
+            field="confirm_delete_password",
+            message="Password is incorrect"
+        )
+
+    # Delete the user
+    session.delete(user)
+    session.commit()
+
+    # Log out the user
+    return RedirectResponse(url="/auth/logout", status_code=303)

routers/user.py

@@ -1,10 +1,9 @@
 from fastapi import APIRouter, Depends, Form, UploadFile, File
 from fastapi.responses import RedirectResponse, Response
-from pydantic import BaseModel, EmailStr
 from sqlmodel import Session
 from typing import Optional
-from utils.models import User, DataIntegrityError
-from utils.auth import get_session, get_authenticated_user, verify_password, PasswordValidationError
+from utils.models import User, UserBase, DataIntegrityError
+from utils.auth import get_session, get_authenticated_user
 from utils.images import validate_and_process_image
 
 router = APIRouter(prefix="/user", tags=["user"])
@@ -13,16 +12,12 @@
 # --- Server Request and Response Models ---
 
 
-class UpdateProfile(BaseModel):
+class UpdateUser(UserBase):
     """Request model for updating user profile information"""
-    name: str
-    avatar_file: Optional[bytes] = None
-    avatar_content_type: Optional[str] = None
-
     @classmethod
     async def as_form(
         cls,
-        name: str = Form(...),
+        name: Optional[str] = Form(None),
         avatar_file: Optional[UploadFile] = File(None),
     ):
         avatar_data = None
@@ -34,81 +29,41 @@ async def as_form(
 
         return cls(
             name=name,
-            avatar_file=avatar_data,
+            avatar_data=avatar_data,
             avatar_content_type=avatar_content_type
         )
 
 
-class UserDeleteAccount(BaseModel):
-    confirm_delete_password: str
-
-    @classmethod
-    async def as_form(
-        cls,
-        confirm_delete_password: str = Form(...),
-    ):
-        return cls(confirm_delete_password=confirm_delete_password)
-
-
 # --- Routes ---
 
 
-@router.post("/update_profile", response_class=RedirectResponse)
+@router.post("/update", response_class=RedirectResponse)
 async def update_profile(
-    user_profile: UpdateProfile = Depends(UpdateProfile.as_form),
+    user_profile: UpdateUser = Depends(UpdateUser.as_form),
     user: User = Depends(get_authenticated_user),
     session: Session = Depends(get_session)
 ):
     # Handle avatar update
-    if user_profile.avatar_file:
+    if user_profile.avatar_data:
         processed_image, content_type = validate_and_process_image(
-            user_profile.avatar_file,
+            user_profile.avatar_data,
             user_profile.avatar_content_type
         )
-        user_profile.avatar_file = processed_image
+        user_profile.avatar_data = processed_image
         user_profile.avatar_content_type = content_type
 
     # Update user details
     user.name = user_profile.name
 
-    if user_profile.avatar_file:
-        user.avatar_data = user_profile.avatar_file
+    if user_profile.avatar_data:
+        user.avatar_data = user_profile.avatar_data
         user.avatar_content_type = user_profile.avatar_content_type
 
     session.commit()
     session.refresh(user)
     return RedirectResponse(url="/profile", status_code=303)
 
 
-@router.post("/delete_account", response_class=RedirectResponse)
-async def delete_account(
-    user_delete_account: UserDeleteAccount = Depends(
-        UserDeleteAccount.as_form),
-    user: User = Depends(get_authenticated_user),
-    session: Session = Depends(get_session)
-):
-    if not user.password:
-        raise DataIntegrityError(
-            resource="User password"
-        )
-
-    if not verify_password(
-        user_delete_account.confirm_delete_password,
-        user.password.hashed_password
-    ):
-        raise PasswordValidationError(
-            field="confirm_delete_password",
-            message="Password is incorrect"
-        )
-
-    # Delete the user
-    session.delete(user)
-    session.commit()
-
-    # Log out the user
-    return RedirectResponse(url="/auth/logout", status_code=303)
-
-
 @router.get("/avatar")
 async def get_avatar(
     user: User = Depends(get_authenticated_user),

utils/models.py

@@ -4,6 +4,7 @@
 from datetime import datetime, UTC, timedelta
 from typing import Optional, List, Union
 from fastapi import HTTPException
+from pydantic import EmailStr
 from sqlmodel import SQLModel, Field, Relationship
 from sqlalchemy import Column, Enum as SQLAlchemyEnum, LargeBinary
 from sqlalchemy.orm import Mapped
@@ -35,6 +36,23 @@ def __init__(
         )
 
 
+# ---- Base Models ----
+
+class AccountBase(SQLModel):
+    email: EmailStr = Field(index=True, unique=True)
+    hashed_password: str
+
+
+class UserBase(SQLModel):
+    name: Optional[str] = None
+    avatar_data: Optional[bytes] = Field(
+        default=None, sa_column=Column(LargeBinary)
+    )
+    avatar_content_type: Optional[str] = Field(
+        default=None
+    )
+
+
 # --- Database models ---
 
 
@@ -180,13 +198,15 @@ def is_expired(self) -> bool:
         return datetime.now(UTC) > self.expires_at.replace(tzinfo=UTC)
 
 
-class UserPassword(SQLModel, table=True):
+class Account(AccountBase, table=True):
     id: Optional[int] = Field(default=None, primary_key=True)
+    created_at: datetime = Field(default_factory=utc_time)
+    updated_at: datetime = Field(default_factory=utc_time)
+
     user_id: Optional[int] = Field(foreign_key="user.id", unique=True)
-    hashed_password: str
 
     user: Mapped[Optional["User"]] = Relationship(
-        back_populates="password",
+        back_populates="account",
         sa_relationship_kwargs={
             "cascade": "all, delete-orphan",
             "single_parent": True
@@ -195,13 +215,9 @@ class UserPassword(SQLModel, table=True):
 
 
 # TODO: Prevent deleting a user who is sole owner of an organization
-class User(SQLModel, table=True):
+# TODO: Automate change of updated_at when user is updated
+class User(UserBase, table=True):
     id: Optional[int] = Field(default=None, primary_key=True)
-    name: str
-    email: str = Field(index=True, unique=True)
-    avatar_data: Optional[bytes] = Field(
-        default=None, sa_column=Column(LargeBinary))
-    avatar_content_type: Optional[str] = None
     created_at: datetime = Field(default_factory=utc_time)
     updated_at: datetime = Field(default_factory=utc_time)
 
@@ -221,7 +237,7 @@ class User(SQLModel, table=True):
             "cascade": "all, delete-orphan"
         }
     )
-    password: Mapped[Optional[UserPassword]] = Relationship(
+    account: Mapped[Optional[Account]] = Relationship(
         back_populates="user"
     )