admin/WerkoutAPI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Codebase hardening: 102 fixes across 35+ files

Browse Source 
Deep audit identified 106 findings; 102 fixed, 4 deferred. Covers 8 areas:

- Settings & deploy: env-gated DEBUG/SECRET_KEY, HTTPS headers, gunicorn, celery worker
- Auth (registered_user): password write_only, request.data fixes, transaction safety, proper HTTP status codes
- Workout app: IDOR protection, get_object_or_404, prefetch_related N+1 fixes, transaction.atomic
- Video/scripts: path traversal sanitization, HLS trigger guard, auth on cache wipe
- Models (exercise/equipment/muscle/superset): null-safe __str__, stable IDs, prefetch support
- Generator views: helper for registered_user lookup, logger.exception, bulk_update, transaction wrapping
- Generator core (rules/selector/generator): push-pull ratio, type affinity normalization, modality checks, side-pair exact match, word-boundary regex, equipment cache clearing
- Generator services (plan_builder/analyzer/normalizer): transaction.atomic, muscle cache, bulk_update, glutes classification fix

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Trey t
2026-02-27 22:29:14 -06:00
parent 63b57a83ab
commit c80c66c2e5
58 changed files with 3363 additions and 1049 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
exercise/views.py
View File

@@ -2,7 +2,6 @@ from django.shortcuts import render
from .models import *
from .serializers import *
from django.shortcuts import render
from rest_framework.decorators import api_view
from rest_framework.response import Response
from rest_framework import status
@@ -20,9 +19,12 @@ def all_exercises(request):
if 'all_exercises' in cache:
data = cache.get('all_exercises')
return Response(data=data, status=status.HTTP_200_OK)
users = Exercise.objects.all()
serializer = ExerciseSerializer(users, many=True)
exercises = Exercise.objects.all().prefetch_related(
'exercise_muscle_exercise__muscle',
'workout_exercise_workout__equipment',
)
serializer = ExerciseSerializer(exercises, many=True)
data = serializer.data
cache.set('all_exercises', data, timeout=None)
return Response(data=data, status=status.HTTP_200_OK)
return Response(data=data, status=status.HTTP_200_OK)