karaoke-gen 0.101.0__py3-none-any.whl → 0.105.4__py3-none-any.whl

backend/api/routes/users.py

@@ -53,6 +53,10 @@ from backend.services.user_service import get_user_service, UserService, USERS_C
 from backend.services.email_service import get_email_service, EmailService
 from backend.services.stripe_service import get_stripe_service, StripeService, CREDIT_PACKAGES
 from backend.services.theme_service import get_theme_service
+from backend.services.job_defaults_service import (
+    get_effective_distribution_settings,
+    resolve_cdg_txt_defaults,
+)
 from backend.api.dependencies import require_admin
 from backend.api.routes.file_upload import _prepare_theme_for_job
 from backend.services.auth_service import UserType
@@ -475,7 +479,6 @@ async def _handle_made_for_you_order(
         AudioSearchError,
     )
     from backend.services.storage_service import StorageService
-    from backend.config import get_settings
     import asyncio
     import tempfile
     import os
@@ -496,7 +499,6 @@ async def _handle_made_for_you_order(
         job_manager = JobManager()
         worker_service = get_worker_service()
         storage_service = StorageService()
-        settings = get_settings()
 
         # Apply default theme (Nomad) - same as audio_search endpoint
         theme_service = get_theme_service()
@@ -504,13 +506,12 @@ async def _handle_made_for_you_order(
         if effective_theme_id:
             logger.info(f"Applying default theme '{effective_theme_id}' for made-for-you order")
 
-        # Get distribution defaults from settings (same as audio_search endpoint)
-        effective_dropbox_path = settings.default_dropbox_path
-        effective_gdrive_folder_id = settings.default_gdrive_folder_id
-        effective_enable_youtube_upload = settings.default_enable_youtube_upload
-        effective_brand_prefix = settings.default_brand_prefix
-        effective_discord_webhook_url = settings.default_discord_webhook_url
-        effective_youtube_description = settings.default_youtube_description
+        # Get distribution defaults using centralized service
+        dist = get_effective_distribution_settings()
+
+        # Resolve CDG/TXT defaults based on theme (uses centralized service)
+        # This ensures made-for-you jobs get the same CDG/TXT defaults as regular jobs
+        resolved_cdg, resolved_txt = resolve_cdg_txt_defaults(effective_theme_id)
 
         # Create job with admin ownership during processing
         # CRITICAL: made_for_you=True, user_email=ADMIN_EMAIL, customer_email for delivery
@@ -530,15 +531,19 @@ async def _handle_made_for_you_order(
             audio_search_artist=artist if not youtube_url else None,
             audio_search_title=title if not youtube_url else None,
             auto_download=False,  # Pause at audio selection for admin to choose
-            # Distribution settings from server defaults
-            enable_youtube_upload=effective_enable_youtube_upload,
-            dropbox_path=effective_dropbox_path,
-            gdrive_folder_id=effective_gdrive_folder_id,
-            brand_prefix=effective_brand_prefix,
-            discord_webhook_url=effective_discord_webhook_url,
-            youtube_description=effective_youtube_description,
+            # CDG/TXT settings (resolved via centralized service)
+            enable_cdg=resolved_cdg,
+            enable_txt=resolved_txt,
+            # Distribution settings from centralized defaults
+            enable_youtube_upload=dist.enable_youtube_upload,
+            dropbox_path=dist.dropbox_path,
+            gdrive_folder_id=dist.gdrive_folder_id,
+            brand_prefix=dist.brand_prefix,
+            discord_webhook_url=dist.discord_webhook_url,
+            youtube_description=dist.youtube_description,
         )
-        job = job_manager.create_job(job_create)
+        # Made-for-you jobs are created by admin (via Stripe webhook) - bypass rate limits
+        job = job_manager.create_job(job_create, is_admin=True)
         job_id = job.job_id
 
         logger.info(f"Created made-for-you job {job_id} for {_mask_email(customer_email)} (owned by {_mask_email(ADMIN_EMAIL)})")
@@ -818,6 +823,9 @@ async def enroll_beta_tester(
 
     Returns free credits and optionally a session token for new users.
     """
+    from backend.services.email_validation_service import get_email_validation_service
+    from backend.services.rate_limit_service import get_rate_limit_service
+
     # Check if email service is configured
     if not email_service.is_configured():
         logger.error("Email service not configured - cannot send beta welcome emails")
@@ -827,6 +835,52 @@ async def enroll_beta_tester(
         )
 
     email = request.email.lower()
+    email_validation = get_email_validation_service()
+    rate_limit_service = get_rate_limit_service()
+
+    # ----- ABUSE PREVENTION CHECKS -----
+
+    # 1. Validate email (disposable domain, blocked email checks)
+    is_valid, error_message = email_validation.validate_email_for_beta(email)
+    if not is_valid:
+        logger.warning(f"Beta enrollment rejected - email validation failed: {email} - {error_message}")
+        raise HTTPException(
+            status_code=400,
+            detail=error_message
+        )
+
+    # 2. Check IP blocking
+    ip_address = http_request.client.host if http_request.client else None
+    if ip_address and email_validation.is_ip_blocked(ip_address):
+        logger.warning(f"Beta enrollment rejected - IP blocked: {ip_address}")
+        raise HTTPException(
+            status_code=403,
+            detail="Access denied from this location"
+        )
+
+    # 3. Check IP-based enrollment rate limit (1 per 24h per IP)
+    if ip_address:
+        allowed, remaining, message = rate_limit_service.check_beta_ip_limit(ip_address)
+        if not allowed:
+            logger.warning(f"Beta enrollment rejected - IP rate limit: {ip_address} - {message}")
+            raise HTTPException(
+                status_code=429,
+                detail="Too many beta enrollments from your location. Please try again tomorrow."
+            )
+
+    # 4. Check for duplicate enrollment via normalized email
+    normalized_email = email_validation.normalize_email(email)
+    if normalized_email != email:
+        # Check if normalized version is already enrolled
+        normalized_user = user_service.get_user(normalized_email)
+        if normalized_user and normalized_user.is_beta_tester:
+            logger.warning(f"Beta enrollment rejected - normalized email already enrolled: {email} -> {normalized_email}")
+            raise HTTPException(
+                status_code=400,
+                detail="An account with this email address is already enrolled in the beta program"
+            )
+
+    # ----- END ABUSE PREVENTION CHECKS -----
 
     # Validate acceptance
     if not request.accept_corrections_work:
@@ -851,8 +905,7 @@ async def enroll_beta_tester(
             detail="You are already enrolled in the beta program"
         )
 
-    # Get client info
-    ip_address = http_request.client.host if http_request.client else None
+    # Get client info (ip_address already set above in abuse prevention)
     user_agent = http_request.headers.get("user-agent")
 
     # Enroll as beta tester
@@ -872,6 +925,13 @@ async def enroll_beta_tester(
         reason="beta_tester_enrollment",
     )
 
+    # Record IP enrollment for rate limiting
+    if ip_address:
+        try:
+            rate_limit_service.record_beta_enrollment(ip_address, email)
+        except Exception as e:
+            logger.warning(f"Failed to record beta IP enrollment: {e}")
+
     # Create session for the user (so they can start using the service immediately)
     session = user_service.create_session(email, ip_address=ip_address, user_agent=user_agent)
 

backend/config.py

@@ -101,13 +101,37 @@ class Settings(BaseSettings):
     # Default values for web service jobs (YouTube/Dropbox distribution)
     default_enable_youtube_upload: bool = os.getenv("DEFAULT_ENABLE_YOUTUBE_UPLOAD", "false").lower() in ("true", "1", "yes")
     default_brand_prefix: Optional[str] = os.getenv("DEFAULT_BRAND_PREFIX")
+
+    # Rate Limiting Configuration
+    # Enable/disable rate limiting system-wide (useful for development)
+    enable_rate_limiting: bool = os.getenv("ENABLE_RATE_LIMITING", "true").lower() in ("true", "1", "yes")
+    # Maximum jobs a user can create per day (0 = unlimited)
+    rate_limit_jobs_per_day: int = int(os.getenv("RATE_LIMIT_JOBS_PER_DAY", "5"))
+    # Maximum YouTube uploads system-wide per day (0 = unlimited)
+    rate_limit_youtube_uploads_per_day: int = int(os.getenv("RATE_LIMIT_YOUTUBE_UPLOADS_PER_DAY", "10"))
+    # Maximum beta enrollments from same IP per day (0 = unlimited)
+    rate_limit_beta_ip_per_day: int = int(os.getenv("RATE_LIMIT_BETA_IP_PER_DAY", "1"))
     default_youtube_description: str = os.getenv(
         "DEFAULT_YOUTUBE_DESCRIPTION",
         "Karaoke video created with Nomad Karaoke (https://nomadkaraoke.com)\n\n"
         "AI-powered vocal separation and synchronized lyrics.\n\n"
         "#karaoke #music #singing #instrumental #lyrics"
     )
-    
+
+    # Default CDG/TXT generation settings
+    # When True, CDG and TXT packages are generated by default (when a theme is set)
+    # These can be overridden per-request via explicit enable_cdg/enable_txt parameters
+    default_enable_cdg: bool = os.getenv("DEFAULT_ENABLE_CDG", "true").lower() in ("true", "1", "yes")
+    default_enable_txt: bool = os.getenv("DEFAULT_ENABLE_TXT", "true").lower() in ("true", "1", "yes")
+
+    # Push Notifications Configuration
+    # When enabled, users can subscribe to push notifications for job status updates
+    enable_push_notifications: bool = os.getenv("ENABLE_PUSH_NOTIFICATIONS", "false").lower() in ("true", "1", "yes")
+    # Maximum number of push subscriptions per user (oldest removed when exceeded)
+    max_push_subscriptions_per_user: int = int(os.getenv("MAX_PUSH_SUBSCRIPTIONS_PER_USER", "5"))
+    # VAPID subject (email or URL for push service to contact)
+    vapid_subject: str = os.getenv("VAPID_SUBJECT", "mailto:gen@nomadkaraoke.com")
+
     # Secret Manager cache
     _secret_cache: Dict[str, str] = {}
     

backend/exceptions.py

@@ -0,0 +1,66 @@
+"""
+Custom exceptions for the karaoke generation backend.
+
+These exceptions are used for structured error handling across the application,
+particularly for rate limiting and validation errors.
+"""
+
+
+class RateLimitExceededError(Exception):
+    """
+    Raised when a rate limit is exceeded.
+
+    Includes information about when the limit will reset for client retry logic.
+
+    Attributes:
+        message: Human-readable error message
+        limit_type: Type of limit exceeded (e.g., "jobs_per_day", "youtube_uploads")
+        remaining_seconds: Seconds until the limit resets (for Retry-After header)
+        current_count: Current usage count
+        limit_value: The limit that was exceeded
+    """
+
+    def __init__(
+        self,
+        message: str,
+        limit_type: str = "unknown",
+        remaining_seconds: int = 0,
+        current_count: int = 0,
+        limit_value: int = 0
+    ):
+        self.message = message
+        self.limit_type = limit_type
+        self.remaining_seconds = remaining_seconds
+        self.current_count = current_count
+        self.limit_value = limit_value
+        super().__init__(message)
+
+
+class EmailValidationError(Exception):
+    """
+    Raised when email validation fails.
+
+    Attributes:
+        message: Human-readable error message
+        reason: Specific reason for failure (e.g., "disposable", "blocked", "invalid")
+    """
+
+    def __init__(self, message: str, reason: str = "invalid"):
+        self.message = message
+        self.reason = reason
+        super().__init__(message)
+
+
+class IPBlockedError(Exception):
+    """
+    Raised when a request comes from a blocked IP address.
+
+    Attributes:
+        message: Human-readable error message
+        ip_address: The blocked IP address (may be partially masked)
+    """
+
+    def __init__(self, message: str, ip_address: str = ""):
+        self.message = message
+        self.ip_address = ip_address
+        super().__init__(message)

backend/main.py

@@ -7,7 +7,7 @@ from fastapi import FastAPI
 from fastapi.middleware.cors import CORSMiddleware
 
 from backend.config import settings
-from backend.api.routes import health, jobs, internal, file_upload, review, auth, audio_search, themes, users, admin, tenant
+from backend.api.routes import health, jobs, internal, file_upload, review, auth, audio_search, themes, users, admin, tenant, rate_limits, push
 from backend.services.tracing import setup_tracing, instrument_app, get_current_trace_id
 from backend.services.structured_logging import setup_structured_logging
 from backend.services.spacy_preloader import preload_spacy_model
@@ -143,9 +143,34 @@ app.include_router(audio_search.router, prefix="/api")  # Audio search (artist+t
 app.include_router(themes.router, prefix="/api")  # Theme selection for styles
 app.include_router(users.router, prefix="/api")  # User auth, credits, and Stripe webhooks
 app.include_router(admin.router, prefix="/api")  # Admin dashboard and management
+app.include_router(rate_limits.router, prefix="/api")  # Rate limits admin management
+app.include_router(push.router, prefix="/api")  # Push notification subscription management
 app.include_router(tenant.router)  # Tenant/white-label configuration (no /api prefix, router has it)
 
 
+# Exception handler for rate limiting
+from fastapi import Request
+from fastapi.responses import JSONResponse
+from backend.exceptions import RateLimitExceededError
+
+
+@app.exception_handler(RateLimitExceededError)
+async def rate_limit_exception_handler(request: Request, exc: RateLimitExceededError):
+    """Handle rate limit exceeded errors with 429 status."""
+    return JSONResponse(
+        status_code=429,
+        content={
+            "detail": exc.message,
+            "limit_type": exc.limit_type,
+            "current_count": exc.current_count,
+            "limit_value": exc.limit_value,
+        },
+        headers={
+            "Retry-After": str(exc.remaining_seconds),
+        } if exc.remaining_seconds > 0 else None,
+    )
+
+
 @app.get("/")
 async def root():
     """Root endpoint."""

backend/models/job.py

@@ -285,6 +285,10 @@ class Job(BaseModel):
     customer_email: Optional[str] = None         # Customer email for final delivery (job owned by admin during processing)
     customer_notes: Optional[str] = None         # Notes provided by customer with their order
 
+    # Output deletion tracking (for admin cleanup without deleting job)
+    outputs_deleted_at: Optional[datetime] = None  # Timestamp when outputs were deleted by admin
+    outputs_deleted_by: Optional[str] = None       # Admin email who deleted outputs
+
     # Processing state
     track_output_dir: Optional[str] = None       # Local output directory (temp)
     audio_hash: Optional[str] = None             # Hash for deduplication

backend/models/user.py

@@ -8,9 +8,9 @@ Supports:
 - Stripe integration for payments
 - Beta tester program with feedback collection
 """
-from datetime import datetime
+from datetime import datetime, timezone
 from enum import Enum
-from typing import Optional, List
+from typing import Optional, List, Dict
 from pydantic import BaseModel, Field
 
 
@@ -39,6 +39,20 @@ class CreditTransaction(BaseModel):
     created_by: Optional[str] = None  # Admin email if granted by admin
 
 
+class PushSubscription(BaseModel):
+    """
+    Web Push subscription for a user's device.
+
+    Stores the push subscription endpoint and encryption keys needed
+    to send push notifications to the user's browser/device.
+    """
+    endpoint: str  # Push service endpoint URL
+    keys: Dict[str, str]  # p256dh and auth keys for encryption
+    device_name: Optional[str] = None  # e.g., "iPhone", "Chrome on Windows"
+    created_at: datetime = Field(default_factory=lambda: datetime.now(timezone.utc))
+    last_used_at: Optional[datetime] = None  # Last time a notification was sent
+
+
 class User(BaseModel):
     """
     User model stored in Firestore.
@@ -86,6 +100,10 @@ class User(BaseModel):
     beta_feedback_due_at: Optional[datetime] = None  # 24hr after job completion
     beta_feedback_email_sent: bool = False
 
+    # Push notification subscriptions (Web Push API)
+    # Users can subscribe from multiple devices/browsers
+    push_subscriptions: List[PushSubscription] = Field(default_factory=list)
+
 
 class MagicLinkToken(BaseModel):
     """