zhi/HarborForge.Backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: notifications endpoints use current user auth instead of required user_id query

Browse Source 
- /notifications and /notifications/count no longer require user_id param
- return both count and unread fields for compatibility
- /notifications/read-all marks current user notifications
- /notifications/{id}/read enforces ownership (or admin)
This commit is contained in:
zhi
2026-03-11 10:46:48 +00:00
parent 7fe0a72549
commit 7218aabc59
1 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
app/api/routers/misc.py
View File

@@ -12,6 +12,7 @@ from sqlalchemy import func as sqlfunc
from pydantic import BaseModel from pydantic import BaseModel
from app.core.config import get_db from app.core.config import get_db
from app.api.deps import get_current_user_or_apikey
from app.models import models from app.models import models
from app.models.apikey import APIKey from app.models.apikey import APIKey
from app.models.activity import ActivityLog from app.models.activity import ActivityLog
@@ -184,8 +185,8 @@ class NotificationResponse(BaseModel):
@router.get("/notifications", response_model=List[NotificationResponse], tags=["Notifications"]) @router.get("/notifications", response_model=List[NotificationResponse], tags=["Notifications"])
def list_notifications(user_id: int, unread_only: bool = False, limit: int = 50, db: Session = Depends(get_db)): def list_notifications(unread_only: bool = False, limit: int = 50, db: Session = Depends(get_db), current_user: models.User = Depends(get_current_user_or_apikey)):
query = db.query(NotificationModel).filter(NotificationModel.user_id == user_id) query = db.query(NotificationModel).filter(NotificationModel.user_id == current_user.id)
if unread_only: if unread_only:
query = query.filter(NotificationModel.is_read == False) query = query.filter(NotificationModel.is_read == False)
return query.order_by(NotificationModel.created_at.desc()).limit(limit).all() return query.order_by(NotificationModel.created_at.desc()).limit(limit).all()
@@ -200,7 +201,7 @@ def notification_count(user_id: int, db: Session = Depends(get_db)):
@router.post("/notifications/{notification_id}/read", tags=["Notifications"]) @router.post("/notifications/{notification_id}/read", tags=["Notifications"])
def mark_read(notification_id: int, db: Session = Depends(get_db)): def mark_read(notification_id: int, db: Session = Depends(get_db), current_user: models.User = Depends(get_current_user_or_apikey)):
n = db.query(NotificationModel).filter(NotificationModel.id == notification_id).first() n = db.query(NotificationModel).filter(NotificationModel.id == notification_id).first()
if not n: if not n:
raise HTTPException(status_code=404, detail="Notification not found") raise HTTPException(status_code=404, detail="Notification not found")