feat: add auth system, boss pokemon details, moves/abilities API, and run ownership

Add user authentication with login/signup/protected routes, boss pokemon detail fields and result team tracking, moves and abilities selector components and API, run ownership and visibility controls, and various UI improvements across encounters, run list, and journal pages. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-20 21:41:38 +01:00
parent a6cb309b8b
commit 0a519e356e
69 changed files with 3574 additions and 693 deletions
--- a/backend/src/app/api/games.py
+++ b/backend/src/app/api/games.py
@@ -6,6 +6,7 @@ from sqlalchemy import delete, select, update
 from sqlalchemy.ext.asyncio import AsyncSession
 from sqlalchemy.orm import selectinload

+from app.core.auth import AuthUser, require_auth
 from app.core.database import get_session
 from app.models.boss_battle import BossBattle
 from app.models.game import Game
@@ -228,7 +229,11 @@ async def list_game_routes(


@router.post("", response_model=GameResponse, status_code=201)
-async def create_game(data: GameCreate, session: AsyncSession = Depends(get_session)):
+async def create_game(
+    data: GameCreate,
+    session: AsyncSession = Depends(get_session),
+    _user: AuthUser = Depends(require_auth),
+):
    existing = await session.execute(select(Game).where(Game.slug == data.slug))
    if existing.scalar_one_or_none() is not None:
        raise HTTPException(
@@ -244,7 +249,10 @@ async def create_game(data: GameCreate, session: AsyncSession = Depends(get_sess

@router.put("/{game_id}", response_model=GameResponse)
 async def update_game(
-    game_id: int, data: GameUpdate, session: AsyncSession = Depends(get_session)
+    game_id: int,
+    data: GameUpdate,
+    session: AsyncSession = Depends(get_session),
+    _user: AuthUser = Depends(require_auth),
 ):
    game = await session.get(Game, game_id)
    if game is None:
@@ -269,7 +277,11 @@ async def update_game(


@router.delete("/{game_id}", status_code=204)
-async def delete_game(game_id: int, session: AsyncSession = Depends(get_session)):
+async def delete_game(
+    game_id: int,
+    session: AsyncSession = Depends(get_session),
+    _user: AuthUser = Depends(require_auth),
+):
    result = await session.execute(
        select(Game).where(Game.id == game_id).options(selectinload(Game.runs))
    )
@@ -323,7 +335,10 @@ async def delete_game(game_id: int, session: AsyncSession = Depends(get_session)

@router.post("/{game_id}/routes", response_model=RouteResponse, status_code=201)
 async def create_route(
-    game_id: int, data: RouteCreate, session: AsyncSession = Depends(get_session)
+    game_id: int,
+    data: RouteCreate,
+    session: AsyncSession = Depends(get_session),
+    _user: AuthUser = Depends(require_auth),
 ):
    vg_id = await _get_version_group_id(session, game_id)

@@ -339,6 +354,7 @@ async def reorder_routes(
    game_id: int,
    data: RouteReorderRequest,
    session: AsyncSession = Depends(get_session),
+    _user: AuthUser = Depends(require_auth),
 ):
    vg_id = await _get_version_group_id(session, game_id)

@@ -365,6 +381,7 @@ async def update_route(
    route_id: int,
    data: RouteUpdate,
    session: AsyncSession = Depends(get_session),
+    _user: AuthUser = Depends(require_auth),
 ):
    vg_id = await _get_version_group_id(session, game_id)

@@ -385,6 +402,7 @@ async def delete_route(
    game_id: int,
    route_id: int,
    session: AsyncSession = Depends(get_session),
+    _user: AuthUser = Depends(require_auth),
 ):
    vg_id = await _get_version_group_id(session, game_id)

@@ -419,6 +437,7 @@ async def bulk_import_routes(
    game_id: int,
    items: list[BulkRouteItem],
    session: AsyncSession = Depends(get_session),
+    _user: AuthUser = Depends(require_auth),
 ):
    vg_id = await _get_version_group_id(session, game_id)