enowars
diff --git a/‎checker/requirements.txt‎
Lines changed: 1 addition & 0 deletions b/‎checker/requirements.txt‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎checker/src/checker.py‎
Lines changed: 113 additions & 126 deletions b/‎checker/src/checker.py‎
Lines changed: 113 additions & 126 deletions
diff --git a/‎checker/src/goblin.jpg‎
-201 KB b/‎checker/src/goblin.jpg‎
-201 KB
diff --git a/‎service/backend/Dockerfile‎
100644100755
Lines changed: 2 additions & 2 deletions b/‎service/backend/Dockerfile‎
100644100755
Lines changed: 2 additions & 2 deletions
diff --git a/‎service/backend/__init__.py‎
100644100755 b/‎service/backend/__init__.py‎
100644100755
diff --git a/‎service/backend/auth.py‎
100644100755 b/‎service/backend/auth.py‎
100644100755
diff --git a/‎service/backend/crud.py‎
100644100755
Lines changed: 8 additions & 4 deletions b/‎service/backend/crud.py‎
100644100755
Lines changed: 8 additions & 4 deletions
diff --git a/‎service/backend/database.py‎
100644100755 b/‎service/backend/database.py‎
100644100755
diff --git a/‎service/backend/gunicorn.conf.py‎
Lines changed: 8 additions & 0 deletions b/‎service/backend/gunicorn.conf.py‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎service/backend/main.py‎
100644100755
Lines changed: 123 additions & 69 deletions b/‎service/backend/main.py‎
100644100755
Lines changed: 123 additions & 69 deletions
@@ -5,3 +5,4 @@ faker
 httpx
 python_dateutil==2.8.2
 python-jose
+aiofiles
@@ -5,7 +5,7 @@ WORKDIR /app
 
 COPY requirements.txt .
 RUN pip install --no-cache-dir -r requirements.txt
-RUN apt-get update && apt-get install -y netcat-openbsd sqlite3 && rm -rf /var/lib/apt/lists/*
+RUN apt-get clean && apt-get update && apt-get install -y netcat-openbsd sqlite3 && rm -rf /var/lib/apt/lists/*
 
 COPY generate_secret.sh .
 
@@ -19,4 +19,4 @@ RUN chmod +x start.sh
 EXPOSE 2626
 
 ENTRYPOINT ["./start.sh"]
-CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "2626"]
+CMD [ "gunicorn", "-c", "gunicorn.conf.py", "main:app" ]
@@ -3,6 +3,7 @@
 import schemas
 from auth import get_password_hash
 import datetime
+from sqlalchemy.orm import joinedload
 
 
 def get_user_by_username(db: Session, username: str):
@@ -26,13 +27,16 @@ def get_users(db: Session, skip: int = 0, limit: int = 10):
 
 
 def get_items_by_user(db: Session, user_id: int):
-    user = db.query(models.User).filter(models.User.id == user_id).first()
+    user = db.query(models.User).options(joinedload(models.User.items)).filter(models.User.id == user_id).first()
     return user.items if user else []
 
-
 def get_user_by_id(db: Session, user_id: int):
-    return db.query(models.User).filter(models.User.id == user_id).first()
-
+    return (
+        db.query(models.User)
+        .filter(models.User.id == user_id)
+        .options(joinedload(models.User.items))
+        .first()
+    )
 
 def update_item_note(db: Session, item_id: int, note: str):
     item = db.query(models.Item).filter(models.Item.id == item_id).first()
 
@@ -0,0 +1,8 @@
+import multiprocessing
+
+worker_class = "uvicorn.workers.UvicornWorker"
+workers = min(4, multiprocessing.cpu_count())
+bind = "0.0.0.0:2626"
+timeout = 90
+keepalive = 3600
+preload_app = True
@@ -6,11 +6,12 @@
 from contextlib import asynccontextmanager
 from datetime import datetime, timedelta
 from typing import List
+
+import aiofiles
 from fastapi import FastAPI, Depends, HTTPException, Path, Body, status
+from sqlalchemy.orm import Session
 from sqlalchemy import func
-from sqlalchemy.orm import Session, joinedload
-from sqlalchemy import exists
-from database import SessionLocal, engine, Base
+from database import SessionLocal, engine
 import models
 import schemas
 import crud
@@ -152,10 +153,22 @@ def login_for_access_token(form_data: OAuth2PasswordRequestForm = Depends(), db:
 @app.get("/users/me", response_model=schemas.User)
 def read_users_me(token: str = Depends(oauth2_scheme), db: Session = Depends(get_db)):
     username = get_username_from_token(token)
-    user = crud.get_user_by_username(db, username=username)
-    if user is None:
+    user_data = (
+        db.query(
+            models.User,
+            func.sum(models.Item.bonus).label('item_power')
+        )
+        .outerjoin(models.User.items)
+        .filter(models.User.username == username)
+        .group_by(models.User.id)
+        .first()
+    )
+
+    if not user_data:
         raise HTTPException(status_code=401, detail="User not found")
-    user.power = user.power + sum(item.bonus for item in user.items)
+
+    user, item_power = user_data
+    user.power = user.power + (item_power or 0)
     return user
 
 
@@ -171,32 +184,47 @@ def create_item_for_user(item: schemas.ItemCreate, token: str = Depends(oauth2_s
 @app.get("/users/", response_model=list[schemas.User])
 def read_users(
         db: Session = Depends(get_db),
-        limit: int = 30
+        limit: int = 30,
+        offset: int = 0
 ):
-    zehn_min_ago = datetime.utcnow() - timedelta(minutes=10)
-    users = (
-        db.query(models.User)
-        .options(joinedload(models.User.items))
-        .all()
+    users_query = (
+        db.query(
+            models.User,
+            func.sum(models.Item.bonus).label('item_power')
+        )
+        .outerjoin(models.User.items)
+        .group_by(models.User.id)
+        .order_by(models.User.created_at.desc())
+        .offset(offset)
+        .limit(limit)
     )
-    user_dicts = []
-    for user in users:
-        base_power = user.power
-        items_power = sum(item.bonus for item in user.items)
-        user_dict = user.__dict__.copy()
-        user_dict["power"] = base_power + items_power
-        user_dict["items"] = []
-        user_dicts.append(user_dict)
-    users = sorted(user_dicts, key=lambda u: u["created_at"], reverse=True)
-    return users[:limit]
+
+    users_with_power = users_query.all()
+
+    result_users = []
+    for user, item_power in users_with_power:
+        user.power = user.power + (item_power or 0)
+        result_users.append(user)
+    return result_users
 
 
 @app.get("/users/{user_id}", response_model=schemas.User)
 def get_user_by_id(user_id: int = Path(...), db: Session = Depends(get_db)):
-    user = crud.get_user_by_id(db, user_id)
-    if not user:
+    user_data = (
+        db.query(
+            models.User,
+            func.sum(models.Item.bonus).label('item_power')
+        )
+        .outerjoin(models.User.items)
+        .filter(models.User.id == user_id)
+        .group_by(models.User.id)
+        .first()
+    )
+    if not user_data:
         raise HTTPException(status_code=404, detail="User not found")
-    user.power = user.power + sum(item.bonus for item in user.items)
+
+    user, item_power = user_data
+    user.power = user.power + (item_power or 0)
     user.items = []
     return user
 
@@ -207,7 +235,9 @@ def open_lootbox(token: str = Depends(oauth2_scheme), db: Session = Depends(get_
     user = crud.get_user_by_username(db, username=username)
     if not user:
         raise HTTPException(status_code=401, detail="User not found")
-    items_count = len(user.items)
+
+    items_count = db.query(func.count(models.Inventory.item_id)).filter(models.Inventory.user_id == user.id).scalar()
+
     if items_count >= 2:
         raise HTTPException(status_code=403, detail="Max. 2 Lootboxes per User!")
 
@@ -248,9 +278,15 @@ def update_item_note(
 ):
     username = get_username_from_token(token)
     user = crud.get_user_by_username(db, username=username)
-    user_items = [i.id for i in user.items]
-    if item_id not in user_items:
-        raise HTTPException(status_code=403, detail="You are not allowed to edit the not of this Item!")
+
+    item_owned = db.query(models.Inventory).filter(
+        models.Inventory.user_id == user.id,
+        models.Inventory.item_id == item_id
+    ).first() is not None
+
+    if not item_owned:
+        raise HTTPException(status_code=403, detail="You are not allowed to edit the note of this Item, or the item does not exist.")
+
     item = crud.update_item_note(db, item_id, note)
     if item == "locked":
         raise HTTPException(status_code=403, detail="Item note can only be set once and cannot be changed or deleted!")
@@ -275,14 +311,26 @@ def fight(defender_id: int, token: str = Depends(oauth2_scheme), db: Session = D
     if not attacker or not defender:
         raise HTTPException(status_code=404, detail="User not found")
 
-    def calc_power(user):
-        return user.power + sum(item.bonus for item in user.items)
+    def calc_power_db(user_id: int, db_session: Session):
+        power_data = (
+            db_session.query(
+                models.User.power,
+                func.sum(models.Item.bonus).label('item_power')
+            )
+            .outerjoin(models.User.items)
+            .filter(models.User.id == user_id)
+            .group_by(models.User.id)
+            .first()
+        )
+        if not power_data:
+            return 0
+        base_power, item_power = power_data
+        return base_power + (item_power or 0)
 
-    attacker_power = calc_power(attacker)
-    defender_power = calc_power(defender)
+    attacker_power = calc_power_db(attacker.id, db)
+    defender_power = calc_power_db(defender.id, db)
 
     winner = attacker if attacker_power >= defender_power else defender
-    loser = defender if winner == attacker else attacker
 
     xp_win = 20
     xp_lose = 5
@@ -483,7 +531,13 @@ def enter_dungeon(dungeon_id: int, current_user: schemas.User = Depends(get_curr
     if dungeon.one_time_clear and crud.has_completed_dungeon(db, current_user.id, dungeon_id):
         raise HTTPException(status_code=400, detail="This dungeon can only be cleared once.")
 
-    user_power_with_items = current_user.power + sum(item.bonus for item in current_user.items)
+    power_data = db.query(
+        models.User.power,
+        func.sum(models.Item.bonus).label('item_bonus_sum')
+    ).outerjoin(models.User.items).filter(models.User.id == current_user.id).group_by(models.User.id).first()
+
+    base_power, item_bonus = power_data
+    user_power_with_items = base_power + (item_bonus or 0)
 
     new_level = None
 
@@ -515,16 +569,25 @@ def enter_dungeon(dungeon_id: int, current_user: schemas.User = Depends(get_curr
 
 
 async def cleanup_old_records():
+    """
+    Periodically cleans up old records from the database and deletes associated
+    user upload folders asynchronously.
+    """
     while True:
-        await asyncio.sleep(60)
+        await asyncio.sleep(120)
         db = SessionLocal()
+        loop = asyncio.get_event_loop()
         try:
             ten_minutes_ago = datetime.utcnow() - timedelta(minutes=10)
 
-            users_to_delete = db.query(models.User).filter(models.User.created_at < ten_minutes_ago).all()
-            deleted_usernames = [user.username for user in users_to_delete]
+            users_to_delete_query = db.query(models.User.username).filter(
+                models.User.created_at < ten_minutes_ago
+            )
+            deleted_usernames = [u[0] for u in users_to_delete_query.all()]
 
-            db.query(models.Fight).filter(models.Fight.created_at < ten_minutes_ago).delete(synchronize_session=False)
+            db.query(models.Fight).filter(
+                models.Fight.created_at < ten_minutes_ago
+            ).delete(synchronize_session=False)
 
             dungeons_to_clear_subquery = db.query(models.Dungeon.id).filter(
                 (models.Dungeon.one_time_clear == False) | (models.Dungeon.one_time_clear == None)
@@ -535,8 +598,13 @@ async def cleanup_old_records():
                 models.CompletedDungeon.dungeon_id.in_(dungeons_to_clear_subquery)
             ).delete(synchronize_session=False)
 
-            db.query(models.User).filter(models.User.created_at < ten_minutes_ago).delete(synchronize_session=False)
-            db.query(models.Item).filter(models.Item.created_at < ten_minutes_ago).delete(synchronize_session=False)
+            db.query(models.User).filter(
+                models.User.created_at < ten_minutes_ago
+            ).delete(synchronize_session=False)
+
+            db.query(models.Item).filter(
+                models.Item.created_at < ten_minutes_ago
+            ).delete(synchronize_session=False)
 
             db.query(models.Dungeon).filter(
                 models.Dungeon.created_at < ten_minutes_ago,
@@ -549,7 +617,7 @@ async def cleanup_old_records():
                 user_dir = os.path.join("uploads", username)
                 if os.path.exists(user_dir):
                     try:
-                        shutil.rmtree(user_dir)
+                        await loop.run_in_executor(None, shutil.rmtree, user_dir)
                         print(f"Deleted upload folder for user {username}")
                     except Exception as e:
                         print(f"Failed to delete upload folder for user {username}: {e}")
@@ -569,38 +637,24 @@ async def upload_dungeon_image(file: UploadFile = File(...),
     if not file.content_type.startswith("image/"):
         raise HTTPException(status_code=400, detail="Only image files are allowed.")
 
-    user_upload_dir = f"uploads/{current_user.username}"
-    os.makedirs(user_upload_dir, exist_ok=True)
-
-    file_path = os.path.join(user_upload_dir, file.filename)
-
-    if ".." in file.filename or "/" in file.filename:
+    safe_filename = os.path.basename(file.filename)
+    if not safe_filename or ".." in safe_filename or "/" in safe_filename:
         raise HTTPException(status_code=400, detail="Invalid filename.")
 
-    if os.path.exists(file_path):
-        raise HTTPException(status_code=400, detail="File with this name already exists for the user.")
-
-    with open(file_path, "wb") as buffer:
-        shutil.copyfileobj(file.file, buffer)
-
-    return {"filename": file.filename, "detail": "Image uploaded successfully to user directory."}
-
-
-@app.get("/images", response_model=schemas.ImageList)
-def get_dungeon_images(current_user: schemas.User = Depends(get_current_active_user)):
-    default_images = []
-    user_images = []
+    user_upload_dir = f"uploads/{current_user.username}"
+    file_path = os.path.join(user_upload_dir, safe_filename)
 
-    default_dir = "uploads/default"
-    user_dir = f"uploads/{current_user.username}"
+    loop = asyncio.get_event_loop()
+    await loop.run_in_executor(None, os.makedirs, user_upload_dir, 0o755, True)
 
-    if os.path.exists(default_dir):
-        default_images = [f for f in os.listdir(default_dir) if os.path.isfile(os.path.join(default_dir, f))]
+    if await loop.run_in_executor(None, os.path.exists, file_path):
+        raise HTTPException(status_code=400, detail="File with this name already exists for the user.")
 
-    if os.path.exists(user_dir):
-        user_images = [f for f in os.listdir(user_dir) if os.path.isfile(os.path.join(user_dir, f))]
+    async with aiofiles.open(file_path, "wb") as buffer:
+        content = await file.read()
+        await buffer.write(content)
 
-    return {"default": default_images, "user": user_images}
+    return {"filename": safe_filename, "detail": "Image uploaded successfully to user directory."}
 
 
 @app.get("/images/{filename:path}")
@@ -610,4 +664,4 @@ async def get_private_dungeon_image(filename: str, current_user: schemas.User =
     if not os.path.exists(user_image_path):
         raise HTTPException(status_code=404, detail="Image not found or you do not have permission to access it.")
 
-    return FileResponse(user_image_path)
+    return FileResponse(user_image_path)