feat: add option to login using email/password (#60)

Author: TimilsinaBimal

app/api/endpoints/catalogs.py

@@ -19,6 +19,29 @@
 router = APIRouter()
 
 
+def _clean_meta(meta: dict) -> dict:
+    """Return a sanitized Stremio meta object without internal fields.
+
+    Keeps only public keys and drops internal scoring/IDs/keywords/cast, etc.
+    """
+    allowed = {
+        "id",
+        "type",
+        "name",
+        "poster",
+        "background",
+        "description",
+        "releaseInfo",
+        "imdbRating",
+        "genres",
+        "runtime",
+    }
+    cleaned = {k: v for k, v in meta.items() if k in allowed}
+    # Drop empty values
+    cleaned = {k: v for k, v in cleaned.items() if v not in (None, "", [], {}, ())}
+    return cleaned
+
+
 @router.get("/{token}/catalog/{type}/{id}.json")
 async def get_catalog(type: str, id: str, response: Response, token: str):
     if not token:
@@ -62,8 +85,17 @@ async def get_catalog(type: str, id: str, response: Response, token: str):
         user_settings = UserSettings(**settings_dict) if settings_dict else get_default_settings()
         language = user_settings.language if user_settings else "en-US"
 
-        # Create services with credentials
-        stremio_service = StremioService(auth_key=credentials.get("authKey"))
+        # Create services with credentials (prefer fresh login with email/password)
+        if credentials.get("password") and credentials.get("email"):
+            stremio_service = StremioService(
+                username=credentials.get("email", ""), password=credentials.get("password", "")
+            )
+            try:
+                await stremio_service._login_for_auth_key()
+            except Exception:
+                stremio_service = StremioService(auth_key=credentials.get("authKey"))
+        else:
+            stremio_service = StremioService(auth_key=credentials.get("authKey"))
         # Fetch library once per request and reuse across recommendation paths
         library_items = await stremio_service.get_library_items()
         recommendation_service = RecommendationService(
@@ -95,7 +127,8 @@ def _get_limits() -> tuple[int, int]:
             max_items = max(min_items, min(DEFAULT_MAX_ITEMS, int(max_items)))
         except (ValueError, TypeError):
             logger.warning(
-                f"Invalid min/max items values. Falling back to defaults. min_items={min_items}, max_items={max_items}"
+                "Invalid min/max items values. Falling back to defaults. "
+                f"min_items={min_items}, max_items={max_items}"
             )
             min_items, max_items = DEFAULT_MIN_ITEMS, DEFAULT_MAX_ITEMS
 
@@ -148,7 +181,8 @@ def _get_limits() -> tuple[int, int]:
         logger.info(f"Returning {len(recommendations)} items for {type}")
         # Avoid serving stale results; revalidate on each request
         response.headers["Cache-Control"] = "no-cache"
-        return {"metas": recommendations}
+        cleaned = [_clean_meta(m) for m in recommendations]
+        return {"metas": cleaned}
 
     except HTTPException:
         raise

app/api/endpoints/manifest.py

@@ -1,5 +1,6 @@
 from fastapi import HTTPException, Response
 from fastapi.routing import APIRouter
+from loguru import logger
 
 from app.core.config import settings
 from app.core.settings import UserSettings, get_default_settings
@@ -96,8 +97,24 @@ async def _manifest_handler(response: Response, token: str):
     base_manifest = get_base_manifest(user_settings)
 
     # Build dynamic catalogs using the already-fetched credentials
-    stremio_service = StremioService(auth_key=creds.get("authKey"))
-    fetched_catalogs = await build_dynamic_catalogs(stremio_service, user_settings or get_default_settings())
+    # Build Stremio service with fresh auth when possible
+    if creds.get("password") and creds.get("email"):
+        stremio_service = StremioService(username=creds.get("email", ""), password=creds.get("password", ""))
+        try:
+            await stremio_service._login_for_auth_key()
+        except Exception:
+            # fallback to stored authKey if login fails
+            stremio_service = StremioService(auth_key=creds.get("authKey"))
+    else:
+        stremio_service = StremioService(auth_key=creds.get("authKey"))
+    try:
+        fetched_catalogs = await build_dynamic_catalogs(
+            stremio_service,
+            user_settings or get_default_settings(),
+        )
+    except Exception as e:
+        logger.warning(f"Dynamic catalog build failed: {e}")
+        fetched_catalogs = []
 
     all_catalogs = [c.copy() for c in base_manifest["catalogs"]] + [c.copy() for c in fetched_catalogs]
 
@@ -107,7 +124,11 @@ async def _manifest_handler(response: Response, token: str):
     if user_settings and user_settings.language:
         for cat in all_catalogs:
             if cat.get("name"):
-                cat["name"] = await translation_service.translate(cat["name"], user_settings.language)
+                try:
+                    cat["name"] = await translation_service.translate(cat["name"], user_settings.language)
+                except Exception as e:
+                    # On translation failure, keep original name and log the error
+                    logger.warning(f"Failed to translate catalog name '{cat.get('name')}': {e}")
                 translated_catalogs.append(cat)
     else:
         translated_catalogs = all_catalogs
@@ -116,7 +137,27 @@ async def _manifest_handler(response: Response, token: str):
         order_map = {c.id: i for i, c in enumerate(user_settings.catalogs)}
         translated_catalogs.sort(key=lambda x: order_map.get(get_config_id(x), 999))
 
-    base_manifest["catalogs"] = translated_catalogs
+    # Safety fallback respecting user settings:
+    # - If the final list is empty AND user's base config allows 'watchly.rec',
+    #   expose the base recommendation rows (so users don't see an empty addon).
+    # - If the user explicitly disabled 'watchly.rec' (or disabled all rows),
+    #   DO NOT add fallback rows; keep it empty to honor their choice.
+    if not translated_catalogs:
+        fallback_base = get_base_manifest(user_settings)
+        if fallback_base.get("catalogs"):
+            base_manifest["catalogs"] = fallback_base["catalogs"]
+        else:
+            base_manifest["catalogs"] = []
+    else:
+        base_manifest["catalogs"] = translated_catalogs
+
+    # Debug headers (counts) to help diagnose empty-manifest issues in production
+    try:
+        response.headers["X-Base-Catalogs"] = str(len(get_base_manifest(user_settings)["catalogs"]))
+        response.headers["X-Dynamic-Catalogs"] = str(len(fetched_catalogs))
+        response.headers["X-Final-Catalogs"] = str(len(base_manifest.get("catalogs", [])))
+    except Exception as e:
+        logger.warning(f"Failed to set debug headers: {e}")
 
     return base_manifest
 

app/api/endpoints/stats.py

@@ -0,0 +1,20 @@
+from fastapi import APIRouter
+from loguru import logger
+
+from app.services.token_store import token_store
+
+router = APIRouter()
+
+
+@router.get("/stats")
+async def get_stats() -> dict:
+    """Return lightweight public stats for the homepage.
+
+    Total users is cached for 12 hours inside TokenStore to avoid heavy scans.
+    """
+    try:
+        total = await token_store.count_users()
+    except Exception as exc:
+        logger.warning(f"Failed to get total users: {exc}")
+        total = 0
+    return {"total_users": total}

app/api/endpoints/tokens.py

@@ -15,6 +15,8 @@
 
 class TokenRequest(BaseModel):
     authKey: str | None = Field(default=None, description="Stremio auth key")
+    email: str | None = Field(default=None, description="Stremio account email")
+    password: str | None = Field(default=None, description="Stremio account password (stored securely)")
     catalogs: list[CatalogConfig] | None = Field(default=None, description="Optional catalog configuration")
     language: str = Field(default="en-US", description="Language for TMDB API")
     rpdb_key: str | None = Field(default=None, description="Optional RPDB API Key")
@@ -69,27 +71,44 @@ async def _verify_credentials_or_raise(payload: dict) -> str:
 
 @router.post("/", response_model=TokenResponse)
 async def create_token(payload: TokenRequest, request: Request) -> TokenResponse:
-    stremio_auth_key = payload.authKey.strip() if payload.authKey else None
+    # Prefer email+password if provided; else require authKey
+    email = (payload.email or "").strip() or None
+    password = (payload.password or "").strip() or None
+    stremio_auth_key = (payload.authKey or "").strip() or None
 
-    if not stremio_auth_key:
-        raise HTTPException(status_code=400, detail="Stremio auth key is required.")
+    if not (email and password) and not stremio_auth_key:
+        raise HTTPException(status_code=400, detail="Provide email+password or a valid Stremio auth key.")
 
-    # Remove quotes if present
-    if stremio_auth_key.startswith('"') and stremio_auth_key.endswith('"'):
+    # Remove quotes if present for authKey
+    if stremio_auth_key and stremio_auth_key.startswith('"') and stremio_auth_key.endswith('"'):
         stremio_auth_key = stremio_auth_key[1:-1].strip()
 
     rpdb_key = payload.rpdb_key.strip() if payload.rpdb_key else None
 
-    # 1. Fetch user info from Stremio (user_id and email)
-    stremio_service = StremioService(auth_key=stremio_auth_key)
-    try:
-        user_info = await stremio_service.get_user_info()
-        user_id = user_info["user_id"]
-        email = user_info.get("email", "")
-    except Exception as e:
-        raise HTTPException(status_code=400, detail=f"Failed to verify Stremio identity: {e}")
-    finally:
-        await stremio_service.close()
+    # 1. Establish a valid auth key and fetch user info
+    if email and password:
+        stremio_service = StremioService(username=email, password=password)
+        try:
+            # Always get a fresh key
+            fresh_key = await stremio_service._login_for_auth_key()
+            stremio_auth_key = fresh_key
+            user_info = await stremio_service.get_user_info()
+            user_id = user_info["user_id"]
+            resolved_email = user_info.get("email", email)
+        except Exception as e:
+            raise HTTPException(status_code=400, detail=f"Failed to verify Stremio identity: {e}")
+        finally:
+            await stremio_service.close()
+    else:
+        stremio_service = StremioService(auth_key=stremio_auth_key)
+        try:
+            user_info = await stremio_service.get_user_info()
+            user_id = user_info["user_id"]
+            resolved_email = user_info.get("email", "")
+        except Exception as e:
+            raise HTTPException(status_code=400, detail=f"Failed to verify Stremio identity: {e}")
+        finally:
+            await stremio_service.close()
 
     # 2. Check if user already exists
     token = token_store.get_token_from_user_id(user_id)
@@ -109,20 +128,30 @@ async def create_token(payload: TokenRequest, request: Request) -> TokenResponse
     is_new_account = not existing_data
 
     # 4. Verify Stremio connection
-    verified_auth_key = await _verify_credentials_or_raise({"authKey": stremio_auth_key})
+    # Already verified above. For authKey path, still validate to catch expired keys
+    if not (email and password):
+        verified_auth_key = await _verify_credentials_or_raise({"authKey": stremio_auth_key})
+    else:
+        verified_auth_key = stremio_auth_key
 
     # 5. Prepare payload to store
     payload_to_store = {
         "authKey": verified_auth_key,
-        "email": email,
+        "email": resolved_email or email or "",
         "settings": user_settings.model_dump(),
     }
+    # Store password if provided so we can refresh authKey later without user action
+    if email and password:
+        payload_to_store["password"] = password
 
     # 6. Store user data
     try:
         token = await token_store.store_user_data(user_id, payload_to_store)
         logger.info(f"[{redact_token(token)}] Account {'created' if is_new_account else 'updated'} for user {user_id}")
     except RuntimeError as exc:
+        # Surface a clear message when secure storage fails
+        if "PASSWORD_ENCRYPT_FAILED" in str(exc):
+            raise HTTPException(status_code=500, detail="Secure storage failed. Please log in again.") from exc
         raise HTTPException(status_code=500, detail="Server configuration error.") from exc
     except (redis_exceptions.RedisError, OSError) as exc:
         raise HTTPException(status_code=503, detail="Storage temporarily unavailable.") from exc
@@ -139,27 +168,38 @@ async def create_token(payload: TokenRequest, request: Request) -> TokenResponse
 
 
 async def get_stremio_user_data(payload: TokenRequest) -> tuple[str, str]:
-    auth_key = payload.authKey.strip() if payload.authKey else None
-
-    if not auth_key:
-        raise HTTPException(status_code=400, detail="Auth Key required.")
-
-    if auth_key.startswith('"') and auth_key.endswith('"'):
-        auth_key = auth_key[1:-1].strip()
-
-    stremio_service = StremioService(auth_key=auth_key)
-    try:
-        user_info = await stremio_service.get_user_info()
-        user_id = user_info["user_id"]
-        email = user_info.get("email", "")
-        return user_id, email
-    except Exception as e:
-        logger.error(f"Stremio identity check failed: {e}")
-        raise HTTPException(
-            status_code=400, detail="Failed to verify Stremio identity. Your auth key might be invalid or expired."
-        )
-    finally:
-        await stremio_service.close()
+    email = (payload.email or "").strip() or None
+    password = (payload.password or "").strip() or None
+    auth_key = (payload.authKey or "").strip() or None
+
+    if email and password:
+        svc = StremioService(username=email, password=password)
+        try:
+            await svc._login_for_auth_key()
+            user_info = await svc.get_user_info()
+            return user_info["user_id"], user_info.get("email", email)
+        except Exception as e:
+            logger.error(f"Stremio identity check failed (email/password): {e}")
+            raise HTTPException(status_code=400, detail="Failed to verify Stremio identity with email/password.")
+        finally:
+            await svc.close()
+    elif auth_key:
+        if auth_key.startswith('"') and auth_key.endswith('"'):
+            auth_key = auth_key[1:-1].strip()
+        svc = StremioService(auth_key=auth_key)
+        try:
+            user_info = await svc.get_user_info()
+            return user_info["user_id"], user_info.get("email", "")
+        except Exception as e:
+            logger.error(f"Stremio identity check failed: {e}")
+            raise HTTPException(
+                status_code=400,
+                detail="Failed to verify Stremio identity. Your auth key might be invalid or expired.",
+            )
+        finally:
+            await svc.close()
+    else:
+        raise HTTPException(status_code=400, detail="Provide email+password or auth key.")
 
 
 @router.post("/stremio-identity", status_code=200)
@@ -183,7 +223,7 @@ async def check_stremio_identity(payload: TokenRequest):
 
 
 @router.delete("/", status_code=200)
-async def delete_token(payload: TokenRequest):
+async def delete_redis_token(payload: TokenRequest):
     """Delete a token based on Stremio auth key."""
     try:
         user_id, _ = await get_stremio_user_data(payload)

app/api/main.py

@@ -5,6 +5,7 @@
 from .endpoints.health import router as health_router
 from .endpoints.manifest import router as manifest_router
 from .endpoints.meta import router as meta_router
+from .endpoints.stats import router as stats_router
 from .endpoints.tokens import router as tokens_router
 
 api_router = APIRouter()
@@ -21,3 +22,4 @@ async def root():
 api_router.include_router(health_router)
 api_router.include_router(meta_router)
 api_router.include_router(announcement_router)
+api_router.include_router(stats_router)

app/core/app.py

@@ -1,4 +1,3 @@
-import asyncio
 import os
 from contextlib import asynccontextmanager
 from pathlib import Path
@@ -13,23 +12,10 @@
 from app.api.main import api_router
 from app.services.catalog_updater import BackgroundCatalogUpdater
 from app.services.token_store import token_store
-from app.startup.migration import migrate_tokens
 
 from .config import settings
 from .version import __version__
 
-# class InterceptHandler(logging.Handler):
-#     def emit(self, record):
-#         try:
-#             level = logger.level(record.levelname).name
-#         except Exception:
-#             level = record.levelno
-
-#         logger.opt(depth=6, exception=record.exc_info).log(level, record.getMessage())
-
-
-# logging.basicConfig(handlers=[InterceptHandler()], level=logging.INFO, force=True)
-
 # Global catalog updater instance
 catalog_updater: BackgroundCatalogUpdater | None = None
 
@@ -40,19 +26,6 @@ async def lifespan(app: FastAPI):
     Manage application lifespan events (startup/shutdown).
     """
     global catalog_updater
-
-    if settings.HOST_NAME.lower() != "https://1ccea4301587-watchly.baby-beamup.club":
-        task = asyncio.create_task(migrate_tokens())
-
-        # Ensure background exceptions are surfaced in logs
-        def _on_done(t: asyncio.Task):
-            try:
-                t.result()
-            except Exception as exc:
-                logger.error(f"migrate_tokens background task failed: {exc}")
-
-        task.add_done_callback(_on_done)
-
     # Startup
     if settings.AUTO_UPDATE_CATALOGS:
         catalog_updater = BackgroundCatalogUpdater()