feat: loads of improvements (see comments)

1) check whether submitting user is submitting for himself
2) some refactoring of the tabs in `Ranking`
3) get chemistry and mvps from DB
4) restore previous
5) start over
6) (hopefully) improve logout

main.py

@@ -1,9 +1,11 @@
-from fastapi import APIRouter, Depends, FastAPI, Security
+from typing import Annotated
+from fastapi import APIRouter, Depends, FastAPI, HTTPException, Security, status
 from fastapi.responses import JSONResponse
 from fastapi.staticfiles import StaticFiles
 from db import Player, Team, Chemistry, MVPRanking, engine
 from sqlmodel import (
     Session,
+    func,
     select,
 )
 from fastapi.middleware.cors import CORSMiddleware
@@ -18,6 +20,9 @@ from security import (
     set_first_password,
 )
 
+C = Chemistry
+R = MVPRanking
+P = Player
 
 app = FastAPI(title="cutt")
 api_router = APIRouter(prefix="/api")
@@ -80,20 +85,83 @@ team_router.add_api_route("/list", endpoint=list_teams, methods=["GET"])
 team_router.add_api_route("/add", endpoint=add_team, methods=["POST"])
 
 
-@api_router.post("/mvps", dependencies=[Depends(get_current_active_user)])
-def submit_mvps(mvps: MVPRanking):
-    with Session(engine) as session:
-        session.add(mvps)
-        session.commit()
-        return JSONResponse("success!")
+wrong_user_id_exception = HTTPException(
+    status_code=status.HTTP_401_UNAUTHORIZED,
+    detail="you're not who you think you are...",
+)
 
 
-@api_router.post("/chemistry", dependencies=[Depends(get_current_active_user)])
-def submit_chemistry(chemistry: Chemistry):
+@api_router.put("/mvps")
+def submit_mvps(
+    mvps: MVPRanking,
+    user: Annotated[Player, Depends(get_current_active_user)],
+):
+    if user.id == mvps.user:
+        with Session(engine) as session:
+            session.add(mvps)
+            session.commit()
+            return JSONResponse("success!")
+    else:
+        raise wrong_user_id_exception
+
+
+@api_router.get("/mvps")
+def get_mvps(
+    user: Annotated[Player, Depends(get_current_active_user)],
+):
     with Session(engine) as session:
-        session.add(chemistry)
-        session.commit()
-        return JSONResponse("success!")
+        subquery = (
+            select(R.user, func.max(R.time).label("latest"))
+            .where(R.user == user.id)
+            .group_by(R.user)
+            .subquery()
+        )
+        statement2 = select(R).join(
+            subquery, (R.user == subquery.c.user) & (R.time == subquery.c.latest)
+        )
+        mvps = session.exec(statement2).one_or_none()
+        if mvps:
+            return mvps
+        else:
+            raise HTTPException(
+                status_code=status.HTTP_404_NOT_FOUND,
+                detail="no previous state was found",
+            )
+
+
+@api_router.put("/chemistry")
+def submit_chemistry(
+    chemistry: Chemistry, user: Annotated[Player, Depends(get_current_active_user)]
+):
+    if user.id == chemistry.user:
+        with Session(engine) as session:
+            session.add(chemistry)
+            session.commit()
+            return JSONResponse("success!")
+    else:
+        raise wrong_user_id_exception
+
+
+@api_router.get("/chemistry")
+def get_chemistry(user: Annotated[Player, Depends(get_current_active_user)]):
+    with Session(engine) as session:
+        subquery = (
+            select(C.user, func.max(C.time).label("latest"))
+            .where(C.user == user.id)
+            .group_by(C.user)
+            .subquery()
+        )
+        statement2 = select(C).join(
+            subquery, (C.user == subquery.c.user) & (C.time == subquery.c.latest)
+        )
+        chemistry = session.exec(statement2).one_or_none()
+        if chemistry:
+            return chemistry
+        else:
+            raise HTTPException(
+                status_code=status.HTTP_404_NOT_FOUND,
+                detail="no previous state was found",
+            )
 
 
 class SPAStaticFiles(StaticFiles):