Julian Tabel
eeb1609452
Add require_run_owner helper in auth.py that enforces ownership on mutation endpoints. Unowned (legacy) runs are now read-only. Applied ownership checks to: - All 4 encounter mutation endpoints - Both boss result mutation endpoints - Run update/delete endpoints - All 5 genlocke mutation endpoints (via first leg's run owner) Also sets owner_id on run creation in genlockes.py (create_genlocke, advance_leg) and adds 22 comprehensive ownership enforcement tests. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Nuzlocke Tracker API
Backend API for the Nuzlocke Tracker application, built with FastAPI.
Development Setup
Option 1: Docker (Recommended)
From the project root:
docker compose up
This starts the API, frontend, and PostgreSQL database with hot reload enabled.
Option 2: Local Setup
-
Create and activate virtual environment:
python -m venv .venv source .venv/bin/activate # On Windows: .venv\Scripts\activate -
Install dependencies:
pip install -e ".[dev]" -
Copy environment file:
cp .env.example .env -
Run the development server:
uvicorn app.main:app --reload --app-dir src
The API will be available at http://localhost:8000
API Documentation
- Swagger UI: http://localhost:8000/docs
- ReDoc: http://localhost:8000/redoc
Project Structure
backend/
├── src/
│ └── app/
│ ├── api/ # API routes
│ ├── core/ # Core configuration
│ ├── models/ # Database models
│ ├── schemas/ # Pydantic schemas
│ └── services/ # Business logic
├── tests/ # Test files
├── pyproject.toml # Project configuration
└── .env.example # Example environment variables
Linting & Formatting
ruff check . # Check for issues
ruff check . --fix # Fix auto-fixable issues
ruff format . # Format code