chore(v2): restructure monorepo to src/ layout with uv

Aligns the repo with the python-project-spec-design.md template chosen
for V2.0.0. Big move, no logic changes. The 3 pre-existing test
failures (test_recipes::test_update_recipe, test_recipes::
test_recipe_versioning, test_tasks::test_reorder_tasks, plus the
client test_save_measurement_proxy) survive unchanged.

Layout changes
- server/        -> src/backend/
- server/middleware/ -> src/backend/api/middleware/
- server/routers/    -> src/backend/api/routers/
- server/models/     -> src/backend/models/orm/
- server/schemas/    -> src/backend/models/api/
- server/uploads/    -> uploads/ (project root, mounted volume)
- server/tests/      -> src/backend/tests/
- client/            -> src/frontend/flask_app/ (Flask kept; React
  deroga is documented in CLAUDE.md, justified by tablet UX, USB
  caliper/barcode workflow and Fabric.js integration)

Tooling
- pyproject.toml: monorepo with [project] core deps and
  optional-dependencies server / client / dev. Replaces both
  server/requirements.txt and client/requirements.txt.
- uv.lock + .python-version (3.11) committed for reproducible builds.
- Dockerfile (root, backend) and Dockerfile.frontend rewritten to use
  uv sync --frozen --no-dev --extra server|client; legacy Dockerfiles
  preserved as Dockerfile.legacy for reference but excluded from build
  context via .dockerignore.
- docker-compose.dev.yml + docker-compose.yml: build context now ".",
  dockerfile pointing to the root files.

Code adjustments forced by the move
- Every "from config|database|models|schemas|services|routers|middleware
  import ..." rewritten to its src.backend.* equivalent (50+ files
  including indented inline imports inside test bodies).
- src/backend/migrations/env.py: insert project root into sys.path so
  alembic can resolve src.backend.* imports regardless of cwd.
- src/backend/config.py: env_file ../../.env (was ../.env), upload_path
  resolves project root via parents[2].
- src/backend/tests/conftest.py + tests: import ... from src.backend.*
  instead of bare names; old per-directory pytest.ini files removed in
  favor of root pyproject.toml [tool.pytest.ini_options].
- .gitignore: uploads/ at root, src/frontend/flask_app/static/css/
  tailwind.css path; .dockerignore tightened.
- CLAUDE.md: rewrote sections "Layout del repository", "Comandi di
  Sviluppo", "Database & Migrations", "Test", "i18n", and all path
  references throughout the architecture sections.

Verified
- uv lock resolves 77 packages; uv sync --extra server --extra client
  --extra dev installs cleanly.
- uv run pytest: 171 passed, 4 pre-existing failures.
- uv run alembic -c src/backend/migrations/alembic.ini check loads
  config and metadata (errors only on the absent local MySQL).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-04-25 12:26:47 +02:00
parent 86df67f2e5
commit 1a0431366f
174 changed files with 2568 additions and 308 deletions
+175
View File
@@ -0,0 +1,175 @@
"""Tests for files router (/api/files)."""
import io
import os
import tempfile
from pathlib import Path
from unittest.mock import patch
import pytest
from httpx import AsyncClient
from src.backend.models.orm.user import User
from src.backend.tests.conftest import auth_headers
class TestUploadFile:
"""POST /api/files/upload tests."""
async def test_upload_image(
self, client: AsyncClient, maker_user: User, tmp_path: Path
):
"""Maker can upload a valid image."""
# Create a minimal valid JPEG (1x1 pixel)
jpeg_bytes = (
b"\xff\xd8\xff\xe0\x00\x10JFIF\x00\x01\x01\x00\x00\x01"
b"\x00\x01\x00\x00\xff\xdb\x00C\x00\x08\x06\x06\x07\x06"
b"\x05\x08\x07\x07\x07\t\t\x08\n\x0c\x14\r\x0c\x0b\x0b"
b"\x0c\x19\x12\x13\x0f\x14\x1d\x1a\x1f\x1e\x1d\x1a\x1c"
b"\x1c $.\' \",#\x1c\x1c(7),01444\x1f\'9=82<.342\xff\xc0"
b"\x00\x0b\x08\x00\x01\x00\x01\x01\x01\x11\x00\xff\xc4"
b"\x00\x1f\x00\x00\x01\x05\x01\x01\x01\x01\x01\x01\x00"
b"\x00\x00\x00\x00\x00\x00\x00\x01\x02\x03\x04\x05\x06"
b"\x07\x08\t\n\x0b\xff\xc4\x00\xb5\x10\x00\x02\x01\x03"
b"\x03\x02\x04\x03\x05\x05\x04\x04\x00\x00\x01}\x01\x02"
b"\x03\x00\x04\x11\x05\x12!1A\x06\x13Qa\x07\"q\x142\x81"
b"\x91\xa1\x08#B\xb1\xc1\x15R\xd1\xf0$3br\x82\t\n\x16"
b"\x17\x18\x19\x1a%&\'()*456789:CDEFGHIJSTUVWXYZcdefghij"
b"stuvwxyz\x83\x84\x85\x86\x87\x88\x89\x8a\x92\x93\x94"
b"\x95\x96\x97\x98\x99\x9a\xa2\xa3\xa4\xa5\xa6\xa7\xa8"
b"\xa9\xaa\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xc2\xc3"
b"\xc4\xc5\xc6\xc7\xc8\xc9\xca\xd2\xd3\xd4\xd5\xd6\xd7"
b"\xd8\xd9\xda\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea"
b"\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xff\xda\x00"
b"\x08\x01\x01\x00\x00?\x00T\xdb\xae\x8e\xd3H\xa5(?"
b"\xff\xd9"
)
# Patch settings.upload_path to use tmp_path
with patch("src.backend.api.routers.files.settings") as mock_settings:
mock_settings.upload_path = tmp_path
mock_settings.max_upload_size_mb = 50
resp = await client.post(
"/api/files/upload",
headers=auth_headers(maker_user),
files={"file": ("test.jpg", io.BytesIO(jpeg_bytes), "image/jpeg")},
)
assert resp.status_code == 200
data = resp.json()
assert "file_path" in data
assert data["file_type"] == "image/jpeg"
assert data["file_size"] > 0
async def test_upload_invalid_type(
self, client: AsyncClient, maker_user: User
):
"""Uploading a disallowed file type returns 400."""
resp = await client.post(
"/api/files/upload",
headers=auth_headers(maker_user),
files={
"file": ("malware.exe", io.BytesIO(b"MZ\x00\x00"), "application/x-msdownload")
},
)
assert resp.status_code == 400
assert "not allowed" in resp.json()["detail"]
async def test_upload_too_large(
self, client: AsyncClient, maker_user: User
):
"""Uploading a file that exceeds size limit returns 400."""
# Create a large file content
large_content = b"\x00" * (51 * 1024 * 1024) # 51MB
with patch("src.backend.api.routers.files.settings") as mock_settings:
mock_settings.max_upload_size_mb = 50
mock_settings.upload_path = Path(tempfile.mkdtemp())
resp = await client.post(
"/api/files/upload",
headers=auth_headers(maker_user),
files={
"file": ("big.jpg", io.BytesIO(large_content), "image/jpeg")
},
)
assert resp.status_code == 400
assert "exceeds" in resp.json()["detail"]
class TestGetFile:
"""GET /api/files/{file_path} tests."""
async def test_get_file(
self, client: AsyncClient, maker_user: User, tmp_path: Path
):
"""Authenticated user can retrieve an uploaded file."""
# Create a test file in tmp_path
test_file = tmp_path / "testfile.txt"
test_file.write_text("hello test")
with patch("src.backend.api.routers.files.settings") as mock_settings:
mock_settings.upload_path = tmp_path
resp = await client.get(
"/api/files/testfile.txt",
headers=auth_headers(maker_user),
)
assert resp.status_code == 200
async def test_get_file_not_found(
self, client: AsyncClient, maker_user: User, tmp_path: Path
):
"""Requesting a non-existent file returns 404."""
with patch("src.backend.api.routers.files.settings") as mock_settings:
mock_settings.upload_path = tmp_path
resp = await client.get(
"/api/files/nonexistent.png",
headers=auth_headers(maker_user),
)
assert resp.status_code == 404
class TestDeleteFile:
"""DELETE /api/files/{file_path} tests."""
async def test_delete_file(
self, client: AsyncClient, maker_user: User, tmp_path: Path
):
"""Maker can delete a file."""
test_file = tmp_path / "deleteme.txt"
test_file.write_text("delete me")
with patch("src.backend.api.routers.files.settings") as mock_settings:
mock_settings.upload_path = tmp_path
resp = await client.delete(
"/api/files/deleteme.txt",
headers=auth_headers(maker_user),
)
assert resp.status_code == 204
assert not test_file.exists()
class TestFilenameSanitization:
"""Path traversal protection tests."""
async def test_path_traversal_blocked(
self, client: AsyncClient, maker_user: User, tmp_path: Path
):
"""Path traversal attempt returns 403 or 404."""
with patch("src.backend.api.routers.files.settings") as mock_settings:
mock_settings.upload_path = tmp_path
resp = await client.get(
"/api/files/../../etc/passwd",
headers=auth_headers(maker_user),
)
# Should be blocked by security check
assert resp.status_code in (403, 404)