winebox 0.1.3__py3-none-any.whl → 0.1.4__py3-none-any.whl

winebox/__init__.py

@@ -1,3 +1,3 @@
 """WineBox - Wine Cellar Management Application."""
 
-__version__ = "0.1.3"
+__version__ = "0.1.4"

winebox/config.py

@@ -1,13 +1,15 @@
 """Configuration settings for WineBox application."""
 
+import logging
 import secrets
 from pathlib import Path
+
 from pydantic_settings import BaseSettings, SettingsConfigDict
 
+logger = logging.getLogger(__name__)
 
-def generate_secret_key() -> str:
-    """Generate a random secret key."""
-    return secrets.token_urlsafe(32)
+# Marker value to detect if secret_key was not explicitly set
+_SECRET_KEY_NOT_SET = "__NOT_SET__"
 
 
 class Settings(BaseSettings):
@@ -27,6 +29,7 @@ class Settings(BaseSettings):
 
     # Image storage
     image_storage_path: Path = Path("data/images")
+    max_upload_size_mb: int = 10  # Maximum file upload size in MB
 
     # Server
     host: str = "0.0.0.0"
@@ -40,8 +43,36 @@ class Settings(BaseSettings):
     use_claude_vision: bool = True  # Fall back to Tesseract if False or no API key
 
     # Authentication
-    secret_key: str = generate_secret_key()  # Override with WINEBOX_SECRET_KEY env var
+    # SECURITY: Set WINEBOX_SECRET_KEY environment variable for production!
+    # If not set, a random key will be generated (tokens invalidate on restart)
+    secret_key: str = _SECRET_KEY_NOT_SET
     auth_enabled: bool = True  # Set to False to disable authentication
 
+    # Security
+    enforce_https: bool = False  # Set to True in production to enable HSTS header
+    rate_limit_per_minute: int = 60  # Global rate limit per IP per minute
+    auth_rate_limit_per_minute: int = 10  # Stricter rate limit for auth endpoints
+
+    @property
+    def max_upload_size_bytes(self) -> int:
+        """Get max upload size in bytes."""
+        return self.max_upload_size_mb * 1024 * 1024
+
+
+def _initialize_settings() -> Settings:
+    """Initialize settings with security warnings."""
+    s = Settings()
+
+    # Handle secret key - generate if not set, but warn
+    if s.secret_key == _SECRET_KEY_NOT_SET:
+        s.secret_key = secrets.token_urlsafe(32)
+        logger.warning(
+            "SECURITY WARNING: No WINEBOX_SECRET_KEY environment variable set. "
+            "A random secret key has been generated. JWT tokens will be invalidated "
+            "when the server restarts. Set WINEBOX_SECRET_KEY for production use."
+        )
+
+    return s
+
 
-settings = Settings()
+settings = _initialize_settings()

winebox/main.py

@@ -4,15 +4,55 @@ from contextlib import asynccontextmanager
 from pathlib import Path
 from typing import AsyncGenerator
 
-from fastapi import FastAPI
+from fastapi import FastAPI, Request
 from fastapi.responses import JSONResponse, RedirectResponse
 from fastapi.staticfiles import StaticFiles
+from slowapi import Limiter, _rate_limit_exceeded_handler
+from slowapi.errors import RateLimitExceeded
+from slowapi.util import get_remote_address
+from starlette.middleware.base import BaseHTTPMiddleware
+from starlette.responses import Response
 
 from winebox import __version__
 from winebox.config import settings
 from winebox.database import close_db, init_db
 
 
+# Rate limiter configuration
+limiter = Limiter(key_func=get_remote_address)
+
+
+class SecurityHeadersMiddleware(BaseHTTPMiddleware):
+    """Middleware to add security headers to all responses."""
+
+    async def dispatch(self, request: Request, call_next) -> Response:
+        response = await call_next(request)
+
+        # Security headers
+        response.headers["X-Content-Type-Options"] = "nosniff"
+        response.headers["X-Frame-Options"] = "DENY"
+        response.headers["X-XSS-Protection"] = "1; mode=block"
+        response.headers["Referrer-Policy"] = "strict-origin-when-cross-origin"
+
+        # Content Security Policy - allow self and inline styles for the UI
+        response.headers["Content-Security-Policy"] = (
+            "default-src 'self'; "
+            "script-src 'self' 'unsafe-inline'; "
+            "style-src 'self' 'unsafe-inline'; "
+            "img-src 'self' data: blob:; "
+            "font-src 'self'; "
+            "frame-ancestors 'none';"
+        )
+
+        # HTTPS enforcement header (browsers will upgrade to HTTPS)
+        if settings.enforce_https:
+            response.headers["Strict-Transport-Security"] = (
+                "max-age=31536000; includeSubDomains"
+            )
+
+        return response
+
+
 @asynccontextmanager
 async def lifespan(app: FastAPI) -> AsyncGenerator[None, None]:
     """Application lifespan manager."""
@@ -37,6 +77,13 @@ app = FastAPI(
     lifespan=lifespan,
 )
 
+# Add rate limiter
+app.state.limiter = limiter
+app.add_exception_handler(RateLimitExceeded, _rate_limit_exceeded_handler)
+
+# Add security headers middleware
+app.add_middleware(SecurityHeadersMiddleware)
+
 
 # Root redirect to web interface - defined first to ensure it's matched
 @app.get("/", tags=["Root"])

winebox/models/user.py

@@ -32,7 +32,9 @@ class User(Base):
         nullable=True,
         index=True,
     )
+    full_name: Mapped[str | None] = mapped_column(String(255), nullable=True)
     hashed_password: Mapped[str] = mapped_column(String(255), nullable=False)
+    anthropic_api_key: Mapped[str | None] = mapped_column(String(255), nullable=True)
     is_active: Mapped[bool] = mapped_column(Boolean, default=True, nullable=False)
     is_admin: Mapped[bool] = mapped_column(Boolean, default=False, nullable=False)
     created_at: Mapped[datetime] = mapped_column(

winebox/routers/auth.py

@@ -3,11 +3,14 @@
 from datetime import datetime, timedelta, timezone
 from typing import Annotated
 
-from fastapi import APIRouter, Depends, HTTPException, status
+from fastapi import APIRouter, Depends, HTTPException, Request, status
 from fastapi.security import OAuth2PasswordRequestForm
 from pydantic import BaseModel
+from slowapi import Limiter
+from slowapi.util import get_remote_address
 from sqlalchemy.ext.asyncio import AsyncSession
 
+from winebox.config import settings
 from winebox.database import get_db
 from winebox.models.user import User
 from winebox.services.auth import (
@@ -15,13 +18,18 @@ from winebox.services.auth import (
     authenticate_user,
     create_access_token,
     get_current_user,
+    get_password_hash,
     require_auth,
+    verify_password,
     CurrentUser,
     RequireAuth,
 )
 
 router = APIRouter()
 
+# Rate limiter for auth endpoints (stricter than global limit)
+limiter = Limiter(key_func=get_remote_address)
+
 
 class Token(BaseModel):
     """Token response model."""
@@ -37,20 +45,61 @@ class UserResponse(BaseModel):
     id: str
     username: str
     email: str | None
+    full_name: str | None
     is_active: bool
     is_admin: bool
+    has_api_key: bool
     created_at: datetime
     last_login: datetime | None
 
     model_config = {"from_attributes": True}
 
+    @classmethod
+    def from_user(cls, user: "User") -> "UserResponse":
+        """Create UserResponse from User model."""
+        return cls(
+            id=user.id,
+            username=user.username,
+            email=user.email,
+            full_name=user.full_name,
+            is_active=user.is_active,
+            is_admin=user.is_admin,
+            has_api_key=user.anthropic_api_key is not None,
+            created_at=user.created_at,
+            last_login=user.last_login,
+        )
+
+
+class PasswordChangeRequest(BaseModel):
+    """Password change request model."""
+
+    current_password: str
+    new_password: str
+
+
+class ProfileUpdateRequest(BaseModel):
+    """Profile update request model."""
+
+    full_name: str | None = None
+
+
+class ApiKeyUpdateRequest(BaseModel):
+    """API key update request model."""
+
+    api_key: str
+
 
 @router.post("/token", response_model=Token)
+@limiter.limit(f"{settings.auth_rate_limit_per_minute}/minute")
 async def login(
+    request: Request,  # Required for rate limiting
     form_data: Annotated[OAuth2PasswordRequestForm, Depends()],
     db: Annotated[AsyncSession, Depends(get_db)],
 ) -> Token:
-    """Login with username and password to get an access token."""
+    """Login with username and password to get an access token.
+
+    Rate limited to prevent brute force attacks.
+    """
     user = await authenticate_user(db, form_data.username, form_data.password)
     if not user:
         raise HTTPException(
@@ -77,7 +126,72 @@ async def get_current_user_info(
     current_user: RequireAuth,
 ) -> UserResponse:
     """Get the current authenticated user's information."""
-    return UserResponse.model_validate(current_user)
+    return UserResponse.from_user(current_user)
+
+
+@router.put("/password")
+async def change_password(
+    request: PasswordChangeRequest,
+    current_user: RequireAuth,
+    db: Annotated[AsyncSession, Depends(get_db)],
+) -> dict:
+    """Change the current user's password."""
+    # Verify current password
+    if not verify_password(request.current_password, current_user.hashed_password):
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="Current password is incorrect",
+        )
+
+    # Update password
+    current_user.hashed_password = get_password_hash(request.new_password)
+    await db.commit()
+
+    return {"message": "Password updated successfully"}
+
+
+@router.put("/profile", response_model=UserResponse)
+async def update_profile(
+    request: ProfileUpdateRequest,
+    current_user: RequireAuth,
+    db: Annotated[AsyncSession, Depends(get_db)],
+) -> UserResponse:
+    """Update the current user's profile."""
+    if request.full_name is not None:
+        current_user.full_name = request.full_name
+
+    await db.commit()
+    await db.refresh(current_user)
+
+    return UserResponse.from_user(current_user)
+
+
+@router.put("/api-key")
+async def update_api_key(
+    request: ApiKeyUpdateRequest,
+    current_user: RequireAuth,
+    db: Annotated[AsyncSession, Depends(get_db)],
+) -> dict:
+    """Update the current user's Anthropic API key.
+
+    Note: The API key is stored but cannot be retrieved after setting.
+    """
+    current_user.anthropic_api_key = request.api_key
+    await db.commit()
+
+    return {"message": "API key updated successfully"}
+
+
+@router.delete("/api-key")
+async def delete_api_key(
+    current_user: RequireAuth,
+    db: Annotated[AsyncSession, Depends(get_db)],
+) -> dict:
+    """Delete the current user's Anthropic API key."""
+    current_user.anthropic_api_key = None
+    await db.commit()
+
+    return {"message": "API key deleted successfully"}
 
 
 @router.post("/logout")

winebox/routers/wines.py

@@ -9,11 +9,12 @@ from sqlalchemy import select
 from sqlalchemy.ext.asyncio import AsyncSession
 from sqlalchemy.orm import selectinload
 
+from winebox.config import settings
 from winebox.database import get_db
 from winebox.models import CellarInventory, Transaction, TransactionType, Wine
 from winebox.schemas.wine import WineCreate, WineResponse, WineUpdate, WineWithInventory
 from winebox.services.auth import RequireAuth
-from winebox.services.image_storage import ImageStorageService
+from winebox.services.image_storage import ALLOWED_MIME_TYPES, ImageStorageService
 from winebox.services.ocr import OCRService
 from winebox.services.vision import ClaudeVisionService
 from winebox.services.wine_parser import WineParserService
@@ -22,6 +23,31 @@ logger = logging.getLogger(__name__)
 
 router = APIRouter()
 
+
+async def validate_upload_size(upload_file: UploadFile, field_name: str) -> bytes:
+    """Validate file size and return content.
+
+    Args:
+        upload_file: The uploaded file.
+        field_name: Name of the field for error messages.
+
+    Returns:
+        The file content as bytes.
+
+    Raises:
+        HTTPException: If file exceeds size limit.
+    """
+    content = await upload_file.read()
+    await upload_file.seek(0)
+
+    if len(content) > settings.max_upload_size_bytes:
+        max_mb = settings.max_upload_size_bytes / (1024 * 1024)
+        raise HTTPException(
+            status_code=status.HTTP_413_CONTENT_TOO_LARGE,
+            detail=f"{field_name} exceeds maximum allowed size of {max_mb:.1f} MB",
+        )
+    return content
+
 # Service dependencies
 image_storage = ImageStorageService()
 ocr_service = OCRService()
@@ -45,7 +71,7 @@ def get_media_type(filename: str | None) -> str:
 
 @router.post("/scan")
 async def scan_label(
-    _: RequireAuth,
+    current_user: RequireAuth,
     front_label: Annotated[UploadFile, File(description="Front label image")],
     back_label: Annotated[UploadFile | None, File(description="Back label image")] = None,
 ) -> dict:
@@ -53,18 +79,20 @@ async def scan_label(
 
     Uses Claude Vision for intelligent label analysis when available,
     falls back to Tesseract OCR otherwise.
+    Uses user's API key if configured, otherwise falls back to system key.
     """
-    # Read image data
-    front_data = await front_label.read()
-    await front_label.seek(0)
+    # Validate and read image data with size limits
+    front_data = await validate_upload_size(front_label, "Front label")
 
     back_data = None
     if back_label and back_label.filename:
-        back_data = await back_label.read()
-        await back_label.seek(0)
+        back_data = await validate_upload_size(back_label, "Back label")
+
+    # Get user's API key (if they have one configured)
+    user_api_key = current_user.anthropic_api_key
 
     # Try Claude Vision first
-    if vision_service.is_available():
+    if vision_service.is_available(user_api_key):
         logger.info("Using Claude Vision for label analysis")
         try:
             front_media_type = get_media_type(front_label.filename)
@@ -75,6 +103,7 @@ async def scan_label(
                 back_image_data=back_data,
                 front_media_type=front_media_type,
                 back_media_type=back_media_type,
+                user_api_key=user_api_key,
             )
 
             return {
@@ -128,90 +157,120 @@ async def scan_label(
     }
 
 
+# Maximum lengths for form fields (security limits)
+MAX_NAME_LENGTH = 500
+MAX_FIELD_LENGTH = 200
+MAX_NOTES_LENGTH = 2000
+MAX_OCR_TEXT_LENGTH = 10000
+
+
 @router.post("/checkin", response_model=WineWithInventory, status_code=status.HTTP_201_CREATED)
 async def checkin_wine(
-    _: RequireAuth,
+    current_user: RequireAuth,
     db: Annotated[AsyncSession, Depends(get_db)],
     front_label: Annotated[UploadFile, File(description="Front label image")],
-    quantity: Annotated[int, Form(ge=1, description="Number of bottles")] = 1,
+    quantity: Annotated[int, Form(ge=1, le=10000, description="Number of bottles")] = 1,
     back_label: Annotated[UploadFile | None, File(description="Back label image")] = None,
-    name: Annotated[str | None, Form(description="Wine name (auto-detected if not provided)")] = None,
-    winery: Annotated[str | None, Form()] = None,
+    name: Annotated[str | None, Form(max_length=MAX_NAME_LENGTH, description="Wine name (auto-detected if not provided)")] = None,
+    winery: Annotated[str | None, Form(max_length=MAX_FIELD_LENGTH)] = None,
     vintage: Annotated[int | None, Form(ge=1900, le=2100)] = None,
-    grape_variety: Annotated[str | None, Form()] = None,
-    region: Annotated[str | None, Form()] = None,
-    country: Annotated[str | None, Form()] = None,
+    grape_variety: Annotated[str | None, Form(max_length=MAX_FIELD_LENGTH)] = None,
+    region: Annotated[str | None, Form(max_length=MAX_FIELD_LENGTH)] = None,
+    country: Annotated[str | None, Form(max_length=MAX_FIELD_LENGTH)] = None,
     alcohol_percentage: Annotated[float | None, Form(ge=0, le=100)] = None,
-    notes: Annotated[str | None, Form(description="Check-in notes")] = None,
+    notes: Annotated[str | None, Form(max_length=MAX_NOTES_LENGTH, description="Check-in notes")] = None,
+    front_label_text: Annotated[str | None, Form(max_length=MAX_OCR_TEXT_LENGTH, description="Pre-scanned front label text")] = None,
+    back_label_text: Annotated[str | None, Form(max_length=MAX_OCR_TEXT_LENGTH, description="Pre-scanned back label text")] = None,
 ) -> WineWithInventory:
     """Check in wine bottles to the cellar.
 
     Upload front (required) and back (optional) label images.
-    Uses Claude Vision for intelligent label analysis when available.
+    If front_label_text is provided (from a prior /scan call), scanning is skipped.
+    Otherwise, uses Claude Vision for intelligent label analysis when available.
+    Uses user's API key if configured, otherwise falls back to system key.
     You can override any auto-detected values.
     """
-    # Read image data for analysis
-    front_data = await front_label.read()
-    await front_label.seek(0)
-
-    back_data = None
-    if back_label and back_label.filename:
-        back_data = await back_label.read()
-        await back_label.seek(0)
-
     # Save images
     front_image_path = await image_storage.save_image(front_label)
     back_image_path = None
     if back_label and back_label.filename:
         back_image_path = await image_storage.save_image(back_label)
 
-    # Try Claude Vision first
-    parsed_data = {}
-    front_text = ""
-    back_text = None
-
-    if vision_service.is_available():
-        logger.info("Using Claude Vision for checkin analysis")
-        try:
-            front_media_type = get_media_type(front_label.filename)
-            back_media_type = get_media_type(back_label.filename if back_label else None)
-
-            result = await vision_service.analyze_labels(
-                front_image_data=front_data,
-                back_image_data=back_data,
-                front_media_type=front_media_type,
-                back_media_type=back_media_type,
-            )
-            parsed_data = result
-            front_text = result.get("raw_text", "")
-            back_text = result.get("back_label_text")
-        except Exception as e:
-            logger.warning(f"Claude Vision failed, falling back to Tesseract: {e}")
-
-    # Fall back to Tesseract if needed
-    if not parsed_data.get("name"):
-        logger.info("Using Tesseract OCR for checkin analysis")
-        front_text = await ocr_service.extract_text(front_image_path)
-        if back_image_path:
-            back_text = await ocr_service.extract_text(back_image_path)
-
-        combined_text = front_text
-        if back_text:
-            combined_text = f"{front_text}\n{back_text}"
-        parsed_data = wine_parser.parse(combined_text)
-
-    # Use provided values or fall back to parsed values
-    wine_name = name or parsed_data.get("name") or "Unknown Wine"
+    # Use pre-scanned text if provided (avoids duplicate API calls)
+    front_text = front_label_text or ""
+    back_text = back_label_text
+
+    # Get user's API key (if they have one configured)
+    user_api_key = current_user.anthropic_api_key
+
+    # Only scan if no pre-scanned text was provided and no name given
+    if not front_label_text and not name:
+        logger.info("No pre-scanned text provided, scanning labels...")
+
+        # Read image data for analysis
+        await front_label.seek(0)
+        front_data = await front_label.read()
+
+        back_data = None
+        if back_label and back_label.filename:
+            await back_label.seek(0)
+            back_data = await back_label.read()
+
+        # Try Claude Vision first
+        parsed_data = {}
+
+        if vision_service.is_available(user_api_key):
+            logger.info("Using Claude Vision for checkin analysis")
+            try:
+                front_media_type = get_media_type(front_label.filename)
+                back_media_type = get_media_type(back_label.filename if back_label else None)
+
+                result = await vision_service.analyze_labels(
+                    front_image_data=front_data,
+                    back_image_data=back_data,
+                    front_media_type=front_media_type,
+                    back_media_type=back_media_type,
+                    user_api_key=user_api_key,
+                )
+                parsed_data = result
+                front_text = result.get("raw_text", "")
+                back_text = result.get("back_label_text")
+            except Exception as e:
+                logger.warning(f"Claude Vision failed, falling back to Tesseract: {e}")
+
+        # Fall back to Tesseract if needed
+        if not parsed_data.get("name"):
+            logger.info("Using Tesseract OCR for checkin analysis")
+            front_text = await ocr_service.extract_text(front_image_path)
+            if back_image_path:
+                back_text = await ocr_service.extract_text(back_image_path)
+
+            combined_text = front_text
+            if back_text:
+                combined_text = f"{front_text}\n{back_text}"
+            parsed_data = wine_parser.parse(combined_text)
+
+        # Use parsed values for fields not provided
+        name = name or parsed_data.get("name")
+        winery = winery or parsed_data.get("winery")
+        vintage = vintage or parsed_data.get("vintage")
+        grape_variety = grape_variety or parsed_data.get("grape_variety")
+        region = region or parsed_data.get("region")
+        country = country or parsed_data.get("country")
+        alcohol_percentage = alcohol_percentage or parsed_data.get("alcohol_percentage")
+
+    # Use provided values
+    wine_name = name or "Unknown Wine"
 
     # Create wine record
     wine = Wine(
         name=wine_name,
-        winery=winery or parsed_data.get("winery"),
-        vintage=vintage or parsed_data.get("vintage"),
-        grape_variety=grape_variety or parsed_data.get("grape_variety"),
-        region=region or parsed_data.get("region"),
-        country=country or parsed_data.get("country"),
-        alcohol_percentage=alcohol_percentage or parsed_data.get("alcohol_percentage"),
+        winery=winery,
+        vintage=vintage,
+        grape_variety=grape_variety,
+        region=region,
+        country=country,
+        alcohol_percentage=alcohol_percentage,
         front_label_text=front_text,
         back_label_text=back_text,
         front_label_image_path=front_image_path,
@@ -254,8 +313,8 @@ async def checkout_wine(
     wine_id: str,
     _: RequireAuth,
     db: Annotated[AsyncSession, Depends(get_db)],
-    quantity: Annotated[int, Form(ge=1, description="Number of bottles to remove")] = 1,
-    notes: Annotated[str | None, Form(description="Check-out notes")] = None,
+    quantity: Annotated[int, Form(ge=1, le=10000, description="Number of bottles to remove")] = 1,
+    notes: Annotated[str | None, Form(max_length=MAX_NOTES_LENGTH, description="Check-out notes")] = None,
 ) -> WineWithInventory:
     """Check out wine bottles from the cellar.