Upload 14 files

backend/app.py

@@ -0,0 +1,36 @@
+from fastapi import FastAPI
+from fastapi.middleware.cors import CORSMiddleware
+from .core.config import settings
+from .database import Base, engine
+from .routes import auth, apikey, chat, about
+
+def run_migrations():
+    try:
+        from alembic import command
+        from alembic.config import Config
+        import os
+        cfg = Config(os.path.join(os.path.dirname(__file__), "migrations", "alembic.ini"))
+        cfg.set_main_option("script_location", os.path.join(os.path.dirname(__file__), "migrations"))
+        cfg.set_main_option("sqlalchemy.url", settings.DATABASE_URL)
+        command.upgrade(cfg, "head")
+    except Exception as e:
+        print("Alembic migration error:", e)
+
+def create_app() -> FastAPI:
+    app = FastAPI(title=settings.APP_NAME)
+
+    app.add_middleware(
+        CORSMiddleware,
+        allow_origins=[settings.CORS_ORIGINS] if settings.CORS_ORIGINS != "*" else ["*"],
+        allow_credentials=True,
+        allow_methods=["*"],
+        allow_headers=["*"],
+    )
+
+    Base.metadata.bind = engine
+
+    app.include_router(auth.router)
+    app.include_router(apikey.router)
+    app.include_router(chat.router)
+    app.include_router(about.router)
+    return app

backend/core/config.py

@@ -0,0 +1,14 @@
+import os
+from pydantic import BaseModel
+from dotenv import load_dotenv
+
+load_dotenv()
+
+class Settings(BaseModel):
+    APP_NAME: str = os.getenv("APP_NAME", "CHB App")
+    DATABASE_URL: str = os.getenv("DATABASE_URL", "sqlite:///./app.db")
+    JWT_SECRET: str = os.getenv("JWT_SECRET", "dev-secret")
+    JWT_EXPIRES_MINUTES: int = int(os.getenv("JWT_EXPIRES_MINUTES", "60"))
+    CORS_ORIGINS: str = os.getenv("CORS_ORIGINS", "*")
+
+settings = Settings()

backend/core/security.py

@@ -0,0 +1,40 @@
+from datetime import datetime, timedelta
+from typing import Optional
+from jose import jwt, JWTError
+from passlib.context import CryptContext
+from fastapi import Depends, HTTPException, status
+from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
+from sqlalchemy.orm import Session
+from .config import settings
+from ..database import get_db
+from ..models import User
+
+pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
+auth_scheme = HTTPBearer()
+
+def hash_password(p: str) -> str:
+    return pwd_context.hash(p)
+
+def verify_password(p: str, hashed: str) -> bool:
+    return pwd_context.verify(p, hashed)
+
+def create_access_token(sub: str, expires_minutes: int = None) -> str:
+    expire = datetime.utcnow() + timedelta(minutes=expires_minutes or settings.JWT_EXPIRES_MINUTES)
+    to_encode = {"sub": sub, "exp": expire}
+    return jwt.encode(to_encode, settings.JWT_SECRET, algorithm="HS256")
+
+def decode_token(token: str) -> Optional[str]:
+    try:
+        payload = jwt.decode(token, settings.JWT_SECRET, algorithms=["HS256"])
+        return payload.get("sub")
+    except JWTError:
+        return None
+
+def get_current_user(creds: HTTPAuthorizationCredentials = Depends(auth_scheme), db: Session = Depends(get_db)) -> User:
+    email = decode_token(creds.credentials)
+    if not email:
+        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid token")
+    user = db.query(User).filter(User.email == email).first()
+    if not user:
+        raise HTTPException(status_code=401, detail="User not found")
+    return user

backend/database.py

@@ -0,0 +1,16 @@
+from sqlalchemy import create_engine
+from sqlalchemy.orm import sessionmaker, DeclarativeBase
+from .core.config import settings
+
+class Base(DeclarativeBase):
+    pass
+
+engine = create_engine(settings.DATABASE_URL, connect_args={"check_same_thread": False} if settings.DATABASE_URL.startswith("sqlite") else {})
+SessionLocal = sessionmaker(autocommit=False, autoflush=False, bind=engine)
+
+def get_db():
+    db = SessionLocal()
+    try:
+        yield db
+    finally:
+        db.close()

backend/migrations/alembic.ini

@@ -0,0 +1,3 @@
+[alembic]
+script_location = migrations
+sqlalchemy.url = sqlite:///./app.db

backend/migrations/env.py

@@ -0,0 +1,23 @@
+from logging.config import fileConfig
+from sqlalchemy import engine_from_config, pool
+from alembic import context
+import os, sys
+config = context.config
+if config.config_file_name is not None:
+    fileConfig(config.config_file_name)
+target_metadata = None
+def run_migrations_offline():
+    url = config.get_main_option("sqlalchemy.url")
+    context.configure(url=url, literal_binds=True)
+    with context.begin_transaction():
+        context.run_migrations()
+def run_migrations_online():
+    connectable = engine_from_config(config.get_section(config.config_ini_section), prefix="sqlalchemy.", poolclass=pool.NullPool)
+    with connectable.connect() as connection:
+        context.configure(connection=connection)
+        with context.begin_transaction():
+            context.run_migrations()
+if context.is_offline_mode():
+    run_migrations_offline()
+else:
+    run_migrations_online()

backend/migrations/versions/0001_init.py

@@ -0,0 +1,37 @@
+from alembic import op
+import sqlalchemy as sa
+
+revision = '0001_init'
+down_revision = None
+branch_labels = None
+depends_on = None
+
+def upgrade():
+    op.create_table(
+        'users',
+        sa.Column('id', sa.Integer(), primary_key=True),
+        sa.Column('email', sa.String(255), nullable=False, unique=True),
+        sa.Column('password_hash', sa.String(255), nullable=False),
+        sa.Column('created_at', sa.DateTime(), nullable=True),
+    )
+    op.create_table(
+        'api_keys',
+        sa.Column('id', sa.Integer(), primary_key=True),
+        sa.Column('key', sa.String(255), nullable=False, unique=True),
+        sa.Column('revoked', sa.Boolean(), default=False),
+        sa.Column('created_at', sa.DateTime(), nullable=True),
+        sa.Column('user_id', sa.Integer(), sa.ForeignKey('users.id', ondelete='CASCADE'))
+    )
+    op.create_table(
+        'chat_history',
+        sa.Column('id', sa.Integer(), primary_key=True),
+        sa.Column('role', sa.String(20)),
+        sa.Column('content', sa.Text(), nullable=False),
+        sa.Column('created_at', sa.DateTime(), nullable=True),
+        sa.Column('user_id', sa.Integer(), sa.ForeignKey('users.id', ondelete='CASCADE'))
+    )
+
+def downgrade():
+    op.drop_table('chat_history')
+    op.drop_table('api_keys')
+    op.drop_table('users')

backend/models.py

@@ -0,0 +1,34 @@
+from sqlalchemy import Column, Integer, String, DateTime, Boolean, ForeignKey, Text
+from sqlalchemy.orm import relationship, Mapped, mapped_column
+from datetime import datetime
+from .database import Base
+
+class User(Base):
+    __tablename__ = "users"
+    id: Mapped[int] = mapped_column(Integer, primary_key=True, index=True)
+    email: Mapped[str] = mapped_column(String(255), unique=True, index=True, nullable=False)
+    password_hash: Mapped[str] = mapped_column(String(255), nullable=False)
+    created_at: Mapped[datetime] = mapped_column(DateTime, default=datetime.utcnow)
+
+    api_keys = relationship("APIKey", back_populates="owner", cascade="all, delete-orphan")
+    messages = relationship("ChatMessage", back_populates="user", cascade="all, delete-orphan")
+
+class APIKey(Base):
+    __tablename__ = "api_keys"
+    id: Mapped[int] = mapped_column(Integer, primary_key=True, index=True)
+    key: Mapped[str] = mapped_column(String(255), unique=True, nullable=False)
+    revoked: Mapped[bool] = mapped_column(Boolean, default=False)
+    created_at: Mapped[datetime] = mapped_column(DateTime, default=datetime.utcnow)
+
+    user_id: Mapped[int] = mapped_column(Integer, ForeignKey("users.id", ondelete="CASCADE"))
+    owner = relationship("User", back_populates="api_keys")
+
+class ChatMessage(Base):
+    __tablename__ = "chat_history"
+    id: Mapped[int] = mapped_column(Integer, primary_key=True, index=True)
+    role: Mapped[str] = mapped_column(String(20), default="user")  # 'user' or 'assistant'
+    content: Mapped[str] = mapped_column(Text, nullable=False)
+    created_at: Mapped[datetime] = mapped_column(DateTime, default=datetime.utcnow)
+
+    user_id: Mapped[int] = mapped_column(Integer, ForeignKey("users.id", ondelete="CASCADE"))
+    user = relationship("User", back_populates="messages")

backend/routes/about.py

@@ -0,0 +1,17 @@
+from fastapi import APIRouter
+
+router = APIRouter(prefix="/api/info", tags=["Info"])
+
+@router.get("/about")
+def about():
+    return {"name": "CHB", "tagline": "Multimodal Assistant", "version": "1.0.0"}
+
+@router.get("/howto")
+def howto():
+    return {
+        "steps": [
+            "Sign up or log in",
+            "Use Chat to send messages, long-press the paperclip to switch modes",
+            "Go to API Keys to generate or revoke keys"
+        ]
+    }

backend/routes/apikey.py

@@ -0,0 +1,32 @@
+import secrets
+from fastapi import APIRouter, Depends, HTTPException
+from sqlalchemy.orm import Session
+from ..database import get_db
+from ..models import APIKey
+from ..schemas import APIKeyOut, KeyRevokeIn
+from ..core.security import get_current_user
+
+router = APIRouter(prefix="/api/keys", tags=["API Keys"])
+
+@router.get("", response_model=list[APIKeyOut])
+def list_keys(db: Session = Depends(get_db), user = Depends(get_current_user)):
+    rows = db.query(APIKey).filter(APIKey.user_id == user.id).order_by(APIKey.created_at.desc()).all()
+    return rows
+
+@router.post("/generate", response_model=APIKeyOut)
+def generate_key(db: Session = Depends(get_db), user = Depends(get_current_user)):
+    key = "chb_" + secrets.token_urlsafe(32)
+    row = APIKey(key=key, user_id=user.id)
+    db.add(row)
+    db.commit()
+    db.refresh(row)
+    return row
+
+@router.post("/revoke")
+def revoke_key(payload: KeyRevokeIn, db: Session = Depends(get_db), user = Depends(get_current_user)):
+    row = db.query(APIKey).filter(APIKey.user_id == user.id, APIKey.key == payload.key).first()
+    if not row:
+        raise HTTPException(status_code=404, detail="Key not found")
+    row.revoked = True
+    db.commit()
+    return {"revoked": payload.key}

backend/routes/auth.py

@@ -0,0 +1,27 @@
+from fastapi import APIRouter, HTTPException, Depends
+from sqlalchemy.orm import Session
+from ..schemas import UserCreate, UserOut, LoginIn, Token
+from ..models import User
+from ..database import get_db
+from ..core.security import hash_password, verify_password, create_access_token
+
+router = APIRouter(prefix="/api/auth", tags=["Auth"])
+
+@router.post("/signup", response_model=Token)
+def signup(payload: UserCreate, db: Session = Depends(get_db)):
+    if db.query(User).filter(User.email == payload.email).first():
+        raise HTTPException(status_code=400, detail="User already exists")
+    user = User(email=payload.email, password_hash=hash_password(payload.password))
+    db.add(user)
+    db.commit()
+    db.refresh(user)
+    token = create_access_token(sub=user.email)
+    return {"access_token": token}
+
+@router.post("/login", response_model=Token)
+def login(payload: LoginIn, db: Session = Depends(get_db)):
+    user = db.query(User).filter(User.email == payload.email).first()
+    if not user or not verify_password(payload.password, user.password_hash):
+        raise HTTPException(status_code=401, detail="Invalid credentials")
+    token = create_access_token(sub=user.email)
+    return {"access_token": token}

backend/routes/chat.py

@@ -0,0 +1,28 @@
+from fastapi import APIRouter, Depends, UploadFile, File
+from sqlalchemy.orm import Session
+from ..database import get_db
+from ..schemas import ChatIn, ChatOut, ChatMessageOut
+from ..models import ChatMessage
+from ..core.security import get_current_user
+
+router = APIRouter(prefix="/api/chat", tags=["Chat"])
+
+@router.get("/history", response_model=list[ChatMessageOut])
+def history(db: Session = Depends(get_db), user = Depends(get_current_user)):
+    rows = db.query(ChatMessage).filter(ChatMessage.user_id == user.id).order_by(ChatMessage.created_at.asc()).all()
+    return rows
+
+@router.post("", response_model=ChatOut)
+def send(payload: ChatIn, db: Session = Depends(get_db), user = Depends(get_current_user)):
+    um = ChatMessage(user_id=user.id, role="user", content=payload.message)
+    db.add(um)
+    reply_text = f"CHB: You said '{payload.message}'"
+    bm = ChatMessage(user_id=user.id, role="assistant", content=reply_text)
+    db.add(bm)
+    db.commit()
+    return {"reply": reply_text}
+
+@router.post("/upload")
+async def upload(file: UploadFile = File(...), user = Depends(get_current_user)):
+    # stub: accept file and return name; real storage to be implemented
+    return {"filename": file.filename, "detail":"file received"}

backend/schemas.py

@@ -0,0 +1,45 @@
+from pydantic import BaseModel, EmailStr, Field
+from typing import List, Optional
+from datetime import datetime
+
+class UserCreate(BaseModel):
+    email: EmailStr
+    password: str = Field(min_length=6)
+
+class UserOut(BaseModel):
+    id: int
+    email: EmailStr
+    created_at: datetime
+    class Config:
+        from_attributes = True
+
+class Token(BaseModel):
+    access_token: str
+    token_type: str = "bearer"
+
+class LoginIn(BaseModel):
+    email: EmailStr
+    password: str
+
+class APIKeyOut(BaseModel):
+    key: str
+    revoked: bool
+    created_at: datetime
+    class Config:
+        from_attributes = True
+
+class KeyRevokeIn(BaseModel):
+    key: str
+
+class ChatIn(BaseModel):
+    message: str
+
+class ChatOut(BaseModel):
+    reply: str
+
+class ChatMessageOut(BaseModel):
+    role: str
+    content: str
+    created_at: datetime
+    class Config:
+        from_attributes = True