admin/WerkoutAPI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a1f458ea2b64ea1b0034019b4833bc474b553767
WerkoutAPI/scripts/views.py
Trey t c80c66c2e5 Codebase hardening: 102 fixes across 35+ files 
Deep audit identified 106 findings; 102 fixed, 4 deferred. Covers 8 areas:

- Settings & deploy: env-gated DEBUG/SECRET_KEY, HTTPS headers, gunicorn, celery worker
- Auth (registered_user): password write_only, request.data fixes, transaction safety, proper HTTP status codes
- Workout app: IDOR protection, get_object_or_404, prefetch_related N+1 fixes, transaction.atomic
- Video/scripts: path traversal sanitization, HLS trigger guard, auth on cache wipe
- Models (exercise/equipment/muscle/superset): null-safe __str__, stable IDs, prefetch support
- Generator views: helper for registered_user lookup, logger.exception, bulk_update, transaction wrapping
- Generator core (rules/selector/generator): push-pull ratio, type affinity normalization, modality checks, side-pair exact match, word-boundary regex, equipment cache clearing
- Generator services (plan_builder/analyzer/normalizer): transaction.atomic, muscle cache, bulk_update, glutes classification fix

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-27 22:29:14 -06:00

55 lines
2.1 KiB
Python
Raw Blame History

from django.shortcuts import render
from exercise.models import Exercise
from muscle.models import Muscle, ExerciseMuscle
from equipment.models import Equipment, WorkoutEquipment
from rest_framework.decorators import api_view, authentication_classes, permission_classes
from rest_framework.authentication import TokenAuthentication
from rest_framework.permissions import IsAuthenticated, IsAdminUser
from rest_framework.response import Response
from rest_framework import status
from django.core.cache import cache
# Create your views here.
@api_view(['GET'])
@authentication_classes([TokenAuthentication])
@permission_classes([IsAuthenticated])
def sync_equipment(request):
all_exercise = Exercise.objects.all()
for exercise in all_exercise:
all_equipment = (exercise.equipment_required or '').split(',')
for equipment in all_equipment:
if len(equipment) > 0:
try:
equipment_obj = Equipment.objects.get(name=equipment.lower())
WorkoutEquipment.objects.create(exercise=exercise, equipment=equipment_obj)
except Equipment.DoesNotExist:
pass
return Response(status=status.HTTP_200_OK)
@api_view(['GET'])
@authentication_classes([TokenAuthentication])
@permission_classes([IsAuthenticated])
def sync_muscle_groups(request):
all_exercise = Exercise.objects.all()
for exercise in all_exercise:
all_muscle_groups = (exercise.muscle_groups or '').split(',')
for muscle_group in all_muscle_groups:
if len(muscle_group) > 0:
try:
muscle_obj = Muscle.objects.get(name=muscle_group.lower())
ExerciseMuscle.objects.create(exercise=exercise, muscle=muscle_obj)
except Muscle.DoesNotExist:
pass
return Response(status=status.HTTP_200_OK)
@api_view(['POST'])
@authentication_classes([TokenAuthentication])
@permission_classes([IsAuthenticated, IsAdminUser])
def clear_redis(request):
cache.clear()
return Response(status=status.HTTP_200_OK)
Reference in New Issue View Git Blame Copy Permalink