Refactor gateway into modular architecture

Split 1878-line server.py into 15 focused modules: - config.py: all env vars and constants - database.py: schema, init, seed logic - sessions.py: session/token CRUD - proxy.py: proxy_request, SERVICE_MAP, resolve_service - responses.py: ResponseMixin for handler helpers - auth.py: login/logout/register handlers - dashboard.py: dashboard, apps, connections, pinning - command.py: AI command bar - integrations/booklore.py: auth, books, cover, import - integrations/kindle.py: send-to-kindle, file finder - integrations/karakeep.py: save/delete bookmarks - integrations/qbittorrent.py: download status - integrations/image_proxy.py: external image proxy server.py is now thin routing only (~344 lines). All routes, methods, status codes, and responses preserved exactly. Added PYTHONUNBUFFERED=1 to Dockerfile for live logging.
2026-03-29 00:14:46 -05:00
parent d3e250e361
commit 7cd81181ed
16 changed files with 1724 additions and 1609 deletions
--- a/gateway/auth.py
+++ b/gateway/auth.py
@@ -0,0 +1,91 @@
+"""
+Platform Gateway — Auth handlers (login, logout, register).
+"""
+
+import json
+import hashlib
+import sqlite3
+
+from database import get_db
+from sessions import create_session, delete_session
+
+
+def handle_login(handler, body):
+    try:
+        data = json.loads(body)
+    except Exception as e:
+        handler._send_json({"error": "Invalid JSON"}, 400)
+        return
+
+    username = data.get("username", "").strip().lower()
+    password = data.get("password", "")
+
+    if not username or not password:
+        handler._send_json({"error": "Username and password required"}, 400)
+        return
+
+    pw_hash = hashlib.sha256(password.encode()).hexdigest()
+
+    conn = get_db()
+    user = conn.execute("SELECT * FROM users WHERE username = ? AND password_hash = ?",
+                        (username, pw_hash)).fetchone()
+    conn.close()
+
+    if not user:
+        handler._send_json({"error": "Invalid credentials"}, 401)
+        return
+
+    token = create_session(user["id"])
+
+    handler.send_response(200)
+    handler.send_header("Content-Type", "application/json")
+    handler._set_session_cookie(token)
+    resp = json.dumps({
+        "success": True,
+        "user": {"id": user["id"], "username": user["username"], "display_name": user["display_name"]}
+    }).encode()
+    handler.send_header("Content-Length", len(resp))
+    handler.end_headers()
+    handler.wfile.write(resp)
+
+
+def handle_logout(handler):
+    token = handler._get_session_token()
+    delete_session(token)
+    handler.send_response(200)
+    handler.send_header("Content-Type", "application/json")
+    handler.send_header("Set-Cookie", "platform_session=; Path=/; Max-Age=0")
+    resp = b'{"success": true}'
+    handler.send_header("Content-Length", len(resp))
+    handler.end_headers()
+    handler.wfile.write(resp)
+
+
+def handle_register(handler, body):
+    try:
+        data = json.loads(body)
+    except Exception as e:
+        handler._send_json({"error": "Invalid JSON"}, 400)
+        return
+
+    username = data.get("username", "").strip().lower()
+    password = data.get("password", "")
+    display_name = data.get("display_name", username)
+
+    if not username or not password:
+        handler._send_json({"error": "Username and password required"}, 400)
+        return
+
+    pw_hash = hashlib.sha256(password.encode()).hexdigest()
+
+    conn = get_db()
+    try:
+        conn.execute("INSERT INTO users (username, password_hash, display_name) VALUES (?, ?, ?)",
+                     (username, pw_hash, display_name))
+        conn.commit()
+        user_id = conn.execute("SELECT id FROM users WHERE username = ?", (username,)).fetchone()["id"]
+        conn.close()
+        handler._send_json({"success": True, "user_id": user_id})
+    except sqlite3.IntegrityError:
+        conn.close()
+        handler._send_json({"error": "Username already exists"}, 409)