|
| 1 | +# GoupixDex — API (Python) |
| 2 | + |
| 3 | +Backend for **GoupixDex**: Pokémon TCG scanning, pricing (PokéWallet), inventory articles, JWT auth, and optional Vinted automation (nodriver). |
| 4 | + |
| 5 | +## Stack |
| 6 | + |
| 7 | +- **FastAPI** + **Uvicorn** — REST API, OpenAPI/Swagger at `/docs` |
| 8 | +- **SQLAlchemy 2** ORM — models under `models/` (not Pydantic) |
| 9 | +- **MariaDB / MySQL** — via **PyMySQL** (`mysql+pymysql://…`) |
| 10 | +- **JWT** (python-jose) + **bcrypt** |
| 11 | +- **Pydantic** — request/response validation only (`schemas/`) |
| 12 | +- **Custom SQL migrations** in `migrations/` (no Alembic) |
| 13 | +- **Docker Compose** — API (hot reload), MariaDB, phpMyAdmin |
| 14 | + |
| 15 | +## Layout |
| 16 | + |
| 17 | +```text |
| 18 | +api/ |
| 19 | + main.py # FastAPI app |
| 20 | + config.py # AppSettings + legacy Vinted CLI defaults |
| 21 | + cli_vinted_listings.py # Standalone nodriver CLI (was main.py) |
| 22 | + app_types/ # TypedDict (PokéWallet, Groq, Vinted payloads) |
| 23 | + core/ |
| 24 | + database.py # Engine, SessionLocal, get_db |
| 25 | + security.py # JWT + password hashing |
| 26 | + deps.py # Current user (Bearer) |
| 27 | + models/ # SQLAlchemy ORM (User, Article, Image, MarginSettings) |
| 28 | + schemas/ # Pydantic API bodies only |
| 29 | + routes/ # auth, users, articles, settings, scan |
| 30 | + services/ |
| 31 | + ocr_service.py # Groq vision wrapper |
| 32 | + pricing_service.py # PokéWallet + EUR/USD average |
| 33 | + scan_service.py # Title/description templates |
| 34 | + article_service.py |
| 35 | + auth_service.py |
| 36 | + vinted_publish_service.py # Calls existing VintedService |
| 37 | + … (pokewallet, groq_vision_client, vinted_service, …) |
| 38 | + migrations/ |
| 39 | + seeders/ |
| 40 | + uploads/ # Local image storage (created at runtime) |
| 41 | +``` |
| 42 | + |
| 43 | +## Requirements |
| 44 | + |
| 45 | +- Python **3.10+** |
| 46 | +- MariaDB or MySQL (local or Docker) |
| 47 | +- Optional: `POKE_WALLET_API_KEY`, `GROQ_API_KEY`, Chrome for real Vinted runs |
| 48 | + |
| 49 | +## Install |
| 50 | + |
| 51 | +```bash |
| 52 | +cd api |
| 53 | +python -m venv .venv |
| 54 | +.venv\Scripts\activate |
| 55 | +pip install -r requirements.txt |
| 56 | +``` |
| 57 | + |
| 58 | +Copy `.env.example` to `.env` and set at least `DATABASE_URL` and `JWT_SECRET`. |
| 59 | + |
| 60 | +### Database |
| 61 | + |
| 62 | +```bash |
| 63 | +python migrations/run_migrations.py |
| 64 | +``` |
| 65 | + |
| 66 | +### Seeders (optional, dev) |
| 67 | + |
| 68 | +1. **User** — set `SEED_USER_EMAIL` and `SEED_USER_PASSWORD` in `.env`, then: |
| 69 | + |
| 70 | + ```bash |
| 71 | + python seeders/user_seeder.py |
| 72 | + ``` |
| 73 | + |
| 74 | +2. **Margin (20% default)** — creates a `settings` row for any user that does not have one yet: |
| 75 | + |
| 76 | + ```bash |
| 77 | + python seeders/margin_seeder.py |
| 78 | + ``` |
| 79 | + |
| 80 | + Override default percent with `SEED_MARGIN_PERCENT` (e.g. `25`). |
| 81 | + |
| 82 | +3. **Fake articles** — requires an existing user. Uses `SEED_ARTICLE_USER_EMAIL` or falls back to `SEED_USER_EMAIL`. Deletes previous `[DEV] …` titles for that user, then inserts four sample articles (one marked sold): |
| 83 | + |
| 84 | + ```bash |
| 85 | + python seeders/article_seeder.py |
| 86 | + ``` |
| 87 | + |
| 88 | +4. **Everything in order** (same env vars as above): |
| 89 | + |
| 90 | + ```bash |
| 91 | + python seeders/run_all.py |
| 92 | + ``` |
| 93 | + |
| 94 | +## Run API |
| 95 | + |
| 96 | +```bash |
| 97 | +uvicorn main:app --reload --host 0.0.0.0 --port 8000 |
| 98 | +``` |
| 99 | + |
| 100 | +- Swagger UI: http://127.0.0.1:8000/docs |
| 101 | +- Health: `GET /health` |
| 102 | +- Uploaded files are served under `/uploads/...` |
| 103 | + |
| 104 | +### Main endpoints |
| 105 | + |
| 106 | +| Method | Path | Notes | |
| 107 | +|--------|------|--------| |
| 108 | +| POST | `/auth/login` | JWT Bearer | |
| 109 | +| POST | `/users` | Register | |
| 110 | +| GET/PUT/DELETE | `/users`, `/users/{id}`, `/users/me` | Auth required for most | |
| 111 | +| POST | `/scan-card` | Multipart image + optional `margin_percent`; OCR + pricing preview (no DB) | |
| 112 | +| CRUD | `/articles` | Create uses multipart (fields + `images` files); then Vinted attempt | |
| 113 | +| PATCH | `/articles/{id}/sold` | Mark sold + `sell_price` | |
| 114 | +| GET/PUT | `/settings` | Margin % (default 20) | |
| 115 | + |
| 116 | +**Vinted:** set `VINTED_PUBLISH_STUB=true` in dev to skip browser automation. On `POST /articles`, publication uses the authenticated user’s `vinted_email` and **encrypted** `vinted_password` (Fernet, key derived from `JWT_SECRET`). Legacy rows still holding a bcrypt hash cannot be decrypted—re-save the Vinted password via user settings or the seeder, or set `VINTED_EMAIL_OR_USERNAME` / `VINTED_PASSWORD` in the environment as fallback. |
| 117 | + |
| 118 | +### Legacy Vinted CLI (batch `items.json`) |
| 119 | + |
| 120 | +```bash |
| 121 | +python cli_vinted_listings.py |
| 122 | +``` |
| 123 | + |
| 124 | +Uses `config.py` listing defaults and `items.json` / `images/` at the project root. |
| 125 | + |
| 126 | +## Docker |
| 127 | + |
| 128 | +From `api/`: |
| 129 | + |
| 130 | +```bash |
| 131 | +docker compose up --build |
| 132 | +``` |
| 133 | + |
| 134 | +- API: port **8000** (migrations run on startup) |
| 135 | +- MariaDB: **3306** |
| 136 | +- phpMyAdmin: **8080** |
| 137 | + |
| 138 | +Create a user after startup: `docker compose exec api python seeders/user_seeder.py` (with env vars set), or use `POST /users` and `POST /auth/login`. |
| 139 | + |
| 140 | +## Limitations |
| 141 | + |
| 142 | +- Vinted UI and anti-bot policies may break automation; use stub mode when developing. |
| 143 | +- Average price mixes Cardmarket (EUR) and TCGPlayer (USD) using `USD_TO_EUR` in `config` (`AppSettings.usd_to_eur`). |
0 commit comments