Codebase hardening: 102 fixes across 35+ files
Deep audit identified 106 findings; 102 fixed, 4 deferred. Covers 8 areas: - Settings & deploy: env-gated DEBUG/SECRET_KEY, HTTPS headers, gunicorn, celery worker - Auth (registered_user): password write_only, request.data fixes, transaction safety, proper HTTP status codes - Workout app: IDOR protection, get_object_or_404, prefetch_related N+1 fixes, transaction.atomic - Video/scripts: path traversal sanitization, HLS trigger guard, auth on cache wipe - Models (exercise/equipment/muscle/superset): null-safe __str__, stable IDs, prefetch support - Generator views: helper for registered_user lookup, logger.exception, bulk_update, transaction wrapping - Generator core (rules/selector/generator): push-pull ratio, type affinity normalization, modality checks, side-pair exact match, word-boundary regex, equipment cache clearing - Generator services (plan_builder/analyzer/normalizer): transaction.atomic, muscle cache, bulk_update, glutes classification fix Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Trey t
@@ -2,45 +2,53 @@ from django.shortcuts import render
|
||||
from exercise.models import Exercise
|
||||
from muscle.models import Muscle, ExerciseMuscle
|
||||
from equipment.models import Equipment, WorkoutEquipment
|
||||
from rest_framework.decorators import api_view
|
||||
from rest_framework.decorators import api_view, authentication_classes, permission_classes
|
||||
from rest_framework.authentication import TokenAuthentication
|
||||
from rest_framework.permissions import IsAuthenticated, IsAdminUser
|
||||
from rest_framework.response import Response
|
||||
from rest_framework import status
|
||||
from django.core.cache import cache
|
||||
|
||||
# Create your views here.
|
||||
@api_view(['GET'])
|
||||
@authentication_classes([TokenAuthentication])
|
||||
@permission_classes([IsAuthenticated])
|
||||
def sync_equipment(request):
|
||||
all_exercise = Exercise.objects.all()
|
||||
for exercise in all_exercise:
|
||||
all_equipment = exercise.equipment_required.split(',')
|
||||
all_equipment = (exercise.equipment_required or '').split(',')
|
||||
for equipment in all_equipment:
|
||||
if len(equipment) > 0:
|
||||
try:
|
||||
equipment_obj = Equipment.objects.get(name=equipment.lower())
|
||||
WorkoutEquipment.objects.create(exercise=exercise, equipment=equipment_obj).save()
|
||||
WorkoutEquipment.objects.create(exercise=exercise, equipment=equipment_obj)
|
||||
except Equipment.DoesNotExist:
|
||||
pass
|
||||
|
||||
|
||||
|
||||
return Response(status=status.HTTP_200_OK)
|
||||
|
||||
@api_view(['GET'])
|
||||
@authentication_classes([TokenAuthentication])
|
||||
@permission_classes([IsAuthenticated])
|
||||
def sync_muscle_groups(request):
|
||||
all_exercise = Exercise.objects.all()
|
||||
for exercise in all_exercise:
|
||||
all_muscle_groups = exercise.muscle_groups.split(',')
|
||||
all_muscle_groups = (exercise.muscle_groups or '').split(',')
|
||||
for muscle_group in all_muscle_groups:
|
||||
if len(muscle_group) > 0:
|
||||
try:
|
||||
muscle_obj = Muscle.objects.get(name=muscle_group.lower())
|
||||
ExerciseMuscle.objects.create(exercise=exercise, muscle=muscle_obj).save()
|
||||
except MuscleGroup.DoesNotExist:
|
||||
ExerciseMuscle.objects.create(exercise=exercise, muscle=muscle_obj)
|
||||
except Muscle.DoesNotExist:
|
||||
pass
|
||||
|
||||
|
||||
|
||||
return Response(status=status.HTTP_200_OK)
|
||||
|
||||
@api_view(['GET'])
|
||||
@api_view(['POST'])
|
||||
@authentication_classes([TokenAuthentication])
|
||||
@permission_classes([IsAuthenticated, IsAdminUser])
|
||||
def clear_redis(request):
|
||||
cache.clear()
|
||||
return Response(status=status.HTTP_200_OK)
|
||||
return Response(status=status.HTTP_200_OK)
|
||||
|
||||
Reference in New Issue
Block a user